PDA

View Full Version : Virtumonde, i believe



N_Cobb
2008-11-17, 07:42
i already have the log information but i cannot back check what virus i have because my Spybot copy is being blocked here is my log and info file.

LOG FILE
Logfile of random's system information tool 1.04 (written by random/random)
Run by Calvin D Stone at 2008-11-17 00:38:11
Microsoft Windows XP Professional Service Pack 3
System drive C: has 11 GB (28%) free of 40 GB
Total RAM: 511 MB (26% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:38:27 AM, on 11/17/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Documents and Settings\Calvin D Stone\Local Settings\Temporary Internet Files\Content.IE5\0UP99R8K\RSIT[1].exe
C:\Program Files\trend micro\Calvin D Stone.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {41F82A1C-BB3A-4CEF-8CB1-72F9CF075AFE} - C:\WINDOWS\system32\efcButQi.dll
O2 - BHO: (no name) - {A63E645F-13BD-45ED-B15F-6E8C1BD57279} - C:\WINDOWS\system32\efcCrQge.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Internet Service - {E43B6656-814B-4839-8FF8-AFFDE0DA9A3F} - C:\Program Files\Applications\iebr.dll (file missing)
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SDActiveMonitor] C:\Program Files\SpywareDetector\SDActiveMonitor.exe -AUTO
O4 - HKLM\..\Run: [SDAutoLiveupdate] C:\Program Files\SpywareDetector\LiveUpdateSD.exe -AUTO
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O20 - AppInit_DLLs: karna.dat
O20 - Winlogon Notify: efcCrQge - C:\WINDOWS\SYSTEM32\efcCrQge.dll
O22 - SharedTaskScheduler: hemielytron - {7ca07c92-0ab2-4346-b119-a076695d46ed} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SDService - Unknown owner - C:\Program Files\SpywareDetector\SDService.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 8188 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
C:\WINDOWS\tasks\Symantec NetDetect.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2007-12-18 817936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41F82A1C-BB3A-4CEF-8CB1-72F9CF075AFE}]
C:\WINDOWS\system32\efcButQi.dll [2008-11-16 313856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A63E645F-13BD-45ED-B15F-6E8C1BD57279}]
C:\WINDOWS\system32\efcCrQge.dll [2008-11-15 25600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Norton AntiVirus - C:\Program Files\Norton AntiVirus\NavShExt.dll [2002-11-15 112248]
{E43B6656-814B-4839-8FF8-AFFDE0DA9A3F} - Internet Service - C:\Program Files\Applications\iebr.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2002-08-19 50880]
"ccRegVfy"=C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe [2002-08-19 34504]
"Advanced Tools Check"=C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE [2002-08-26 79480]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"=C:\Program Files\Google\Gmail Notifier\gnotify.exe [2005-07-15 479232]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-06-29 286720]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2007-07-10 270648]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-02 13529088]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-02 86016]
"SDActiveMonitor"=C:\Program Files\SpywareDetector\SDActiveMonitor.exe -AUTO []
"SDAutoLiveupdate"=C:\Program Files\SpywareDetector\LiveUpdateSD.exe -AUTO []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"EasyLinkAdvisor"=C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe [2007-03-15 454784]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
C:\Program Files\Ares\Ares.exe [2007-05-10 964608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Documents and Settings\Calvin D Stone\Desktop\documents i've saved on desktop\DAEMON Tools Lite\daemon.exe -autorun []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE

C:\Documents and Settings\Calvin D Stone\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="karna.dat"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\efcCrQge]
C:\WINDOWS\system32\efcCrQge.dll [2008-11-15 25600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
hemielytron - {7ca07c92-0ab2-4346-b119-a076695d46ed}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{DB0A0B68-2F3C-51D2-A901-9381E136D21A}"= []
"{A63E645F-13BD-45ED-B15F-6E8C1BD57279}"=C:\WINDOWS\system32\efcCrQge.dll [2008-11-15 25600]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\efcButQi

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, msansspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SYMTDI]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Ares\Ares.exe"="C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\ijji\ENGLISH\u_gbound.exe"="C:\ijji\ENGLISH\u_gbound.exe:*:Enabled:<ijji Downloader>"
"C:\ijji\ENGLISH\Gunbound Revolution\GunBound.gme"="C:\ijji\ENGLISH\Gunbound Revolution\GunBound.gme:*:Enabled:GunBound"
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2008-11-17 00:38:12 ----D---- C:\Program Files\trend micro
2008-11-17 00:38:11 ----D---- C:\rsit
2008-11-17 00:17:31 ----A---- C:\WINDOWS\system32\delself.bat
2008-11-16 23:19:20 ----A---- C:\WINDOWS\brastk.exe
2008-11-16 23:18:05 ----A---- C:\WINDOWS\system32\brastk.exe
2008-11-16 14:20:41 ----SH---- C:\WINDOWS\system32\uiqpgpcp.ini
2008-11-16 14:20:41 ----A---- C:\WINDOWS\system32\qmpgfo.dll
2008-11-16 14:20:39 ----A---- C:\WINDOWS\system32\ogsxnguo.dll
2008-11-16 14:20:35 ----A---- C:\WINDOWS\system32\pcpgpqiu.dll
2008-11-16 14:19:13 ----ASH---- C:\WINDOWS\system32\iQtuBcfe.ini2
2008-11-16 14:19:12 ----ASH---- C:\WINDOWS\system32\iQtuBcfe.ini
2008-11-16 14:19:04 ----A---- C:\WINDOWS\system32\efcButQi.dll
2008-11-16 14:15:01 ----A---- C:\WINDOWS\system32\urqNGVpP.dll
2008-11-16 14:14:59 ----A---- C:\WINDOWS\system32\ssqqppNd.dll
2008-11-16 04:24:08 ----A---- C:\WINDOWS\system32\mcrh.tmp
2008-11-16 00:21:57 ----A---- C:\WINDOWS\system32\ssqPhGVP.dll
2008-11-16 00:21:55 ----A---- C:\WINDOWS\system32\geBrqqQk.dll
2008-11-15 23:15:59 ----A---- C:\WINDOWS\system32\tjbiajqr.dll
2008-11-15 23:11:30 ----A---- C:\WINDOWS\system32\6361d4d7-.txt
2008-11-15 22:03:36 ----A---- C:\WINDOWS\system32\ddcYqqQG.dll
2008-11-15 22:03:36 ----A---- C:\WINDOWS\system32\cbXNGvTl.dll
2008-11-15 21:59:12 ----A---- C:\WINDOWS\system32\pmnoOIcd.dll
2008-11-15 21:59:11 ----A---- C:\WINDOWS\system32\efcCrQge.dll
2008-11-15 21:59:06 ----A---- C:\WINDOWS\system32\msansspc.dll
2008-11-13 03:01:38 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-13 03:01:30 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-13 03:01:18 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-13 03:00:28 ----D---- C:\Program Files\MSXML 4.0
2008-11-05 03:01:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-11-04 19:34:21 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-04 19:34:21 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-04 15:32:52 ----D---- C:\WINDOWS\system32\512686
2008-11-04 15:25:09 ----A---- C:\WINDOWS\system32\ProxySettings.ini
2008-11-04 15:25:08 ----A---- C:\WINDOWS\system32\SDEarlyDelete.ini
2008-11-04 15:25:08 ----A---- C:\WINDOWS\system32\SDEarlyDelete.exe
2008-11-04 15:24:47 ----A---- C:\WINDOWS\system32\CheckDll.dll
2008-11-04 15:24:43 ----D---- C:\Program Files\SpywareDetector
2008-11-04 01:00:55 ----A---- C:\WINDOWS\OEWABLog.txt
2008-11-04 01:00:30 ----D---- C:\WINDOWS\Prefetch
2008-11-04 00:49:20 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-11-04 00:49:10 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-11-04 00:48:58 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-11-04 00:48:47 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-11-04 00:48:35 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-11-04 00:48:21 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-11-04 00:48:08 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-11-04 00:47:54 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-11-04 00:47:43 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-11-04 00:47:34 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-11-04 00:47:23 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-11-04 00:47:10 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-11-04 00:47:00 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-11-04 00:46:50 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-11-04 00:46:35 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-11-04 00:46:25 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-11-04 00:42:36 ----A---- C:\WINDOWS\setuplog.txt
2008-11-04 00:41:00 ----D---- C:\WINDOWS\system32\scripting
2008-11-04 00:40:59 ----D---- C:\WINDOWS\l2schemas
2008-11-04 00:40:58 ----D---- C:\WINDOWS\system32\en
2008-11-04 00:40:57 ----D---- C:\WINDOWS\system32\bits
2008-11-04 00:36:18 ----D---- C:\WINDOWS\ServicePackFiles
2008-11-04 00:27:09 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-11-03 19:54:33 ----D---- C:\WINDOWS\pss
2008-11-03 00:01:00 ----D---- C:\Program Files\SpyHunter
2008-11-02 19:27:11 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-24 02:00:57 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$

======List of files/folders modified in the last 1 months======

2008-11-17 00:38:12 ----RD---- C:\Program Files
2008-11-17 00:19:43 ----D---- C:\WINDOWS\Temp
2008-11-17 00:17:47 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-17 00:17:31 ----D---- C:\WINDOWS\system32
2008-11-17 00:17:30 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-17 00:12:19 ----RASH---- C:\boot.ini
2008-11-17 00:12:19 ----A---- C:\WINDOWS\win.ini
2008-11-17 00:12:19 ----A---- C:\WINDOWS\system.ini
2008-11-16 23:19:20 ----D---- C:\WINDOWS
2008-11-16 14:18:45 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-16 14:15:07 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-11-16 14:10:02 ----SHD---- C:\RECYCLER
2008-11-16 03:05:01 ----D---- C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-11-16 03:04:59 ----D---- C:\Documents and Settings\Calvin D Stone\Application Data\PlayFirst
2008-11-16 03:02:42 ----D---- C:\Program Files\Yahoo! Games
2008-11-16 02:42:23 ----D---- C:\Documents and Settings\Calvin D Stone\Application Data\LimeWire
2008-11-15 22:10:10 ----D---- C:\Documents and Settings
2008-11-13 03:01:43 ----HD---- C:\WINDOWS\inf
2008-11-13 03:01:40 ----D---- C:\WINDOWS\system32\drivers
2008-11-13 03:01:37 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-13 03:01:35 ----A---- C:\WINDOWS\imsins.BAK
2008-11-13 03:00:30 ----SHD---- C:\WINDOWS\Installer
2008-11-13 03:00:29 ----D---- C:\WINDOWS\WinSxS
2008-11-06 23:26:36 ----D---- C:\WINDOWS\system32\wbem
2008-11-06 23:26:36 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-06 23:26:30 ----SD---- C:\Documents and Settings\Calvin D Stone\Application Data\Microsoft
2008-11-06 21:57:12 ----A---- C:\WINDOWS\NeroDigital.ini
2008-11-04 20:14:31 ----A---- C:\WINDOWS\wininit.ini
2008-11-04 20:09:36 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-04 15:25:52 ----D---- C:\WINDOWS\system
2008-11-04 01:01:28 ----D---- C:\WINDOWS\Debug
2008-11-04 01:00:07 ----D---- C:\WINDOWS\system32\Setup
2008-11-04 01:00:07 ----D---- C:\WINDOWS\ime
2008-11-04 01:00:07 ----D---- C:\WINDOWS\AppPatch
2008-11-04 01:00:05 ----RSD---- C:\WINDOWS\Fonts
2008-11-04 01:00:03 ----D---- C:\WINDOWS\security
2008-11-04 00:50:05 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-04 00:46:37 ----D---- C:\Program Files\Messenger
2008-11-04 00:41:24 ----D---- C:\WINDOWS\system32\inetsrv
2008-11-04 00:41:24 ----D---- C:\WINDOWS\network diagnostic
2008-11-04 00:41:24 ----D---- C:\WINDOWS\Help
2008-11-04 00:41:01 ----D---- C:\WINDOWS\system32\usmt
2008-11-04 00:41:01 ----D---- C:\WINDOWS\system32\en-US
2008-11-04 00:40:57 ----D---- C:\WINDOWS\PeerNet
2008-11-04 00:40:57 ----D---- C:\Program Files\Movie Maker
2008-11-04 00:36:03 ----D---- C:\WINDOWS\system32\Restore
2008-11-04 00:36:03 ----D---- C:\WINDOWS\system32\npp
2008-11-04 00:36:03 ----D---- C:\WINDOWS\mui
2008-11-04 00:36:01 ----D---- C:\WINDOWS\msagent
2008-11-04 00:35:59 ----D---- C:\WINDOWS\srchasst
2008-11-04 00:35:58 ----D---- C:\Program Files\NetMeeting
2008-11-04 00:35:55 ----D---- C:\WINDOWS\system32\Com
2008-11-04 00:35:51 ----D---- C:\Program Files\Windows Media Player
2008-11-04 00:35:50 ----D---- C:\Program Files\Windows NT
2008-11-04 00:35:50 ----D---- C:\Program Files\Outlook Express
2008-11-04 00:35:44 ----D---- C:\Program Files\Common Files\System
2008-11-04 00:35:10 ----D---- C:\WINDOWS\system32\oobe
2008-11-04 00:30:58 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-11-04 00:27:07 ----D---- C:\WINDOWS\ehome
2008-11-03 19:10:25 ----A---- C:\WINDOWS\system32\MRT.exe
2008-11-02 23:48:53 ----D---- C:\Program Files\Common Files
2008-10-24 02:07:16 ----AS---- C:\WINDOWS\system32\duzakwq.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-13 37760]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R2 elagopro;GoProto Protocol Driver for LELA; C:\WINDOWS\system32\DRIVERS\elagopro.sys [2007-03-22 28672]
R2 elaunidr;UniDriver for LELA; C:\WINDOWS\system32\DRIVERS\elaunidr.sys [2007-03-22 5376]
R2 SAVRTPEL;SAVRTPEL; \??\C:\WINDOWS\system32\Drivers\SAVRTPEL.SYS []
R2 SYMTDI;SYMTDI; \??\C:\WINDOWS\system32\Drivers\SYMTDI.SYS []
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ctljystk;Creative SBLive! Gameport; C:\WINDOWS\system32\DRIVERS\ctljystk.sys [2001-08-17 3712]
R3 emu10k;Creative SB Live! (WDM); C:\WINDOWS\system32\drivers\emu10k1m.sys [2001-08-17 283904]
R3 emu10k1;Creative Interface Manager Driver (WDM); C:\WINDOWS\system32\drivers\ctlfacem.sys [2001-08-17 6912]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-10-27 49664]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-10-27 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-21 21568]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-02 6554496]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 sfman;Creative SoundFont Manager Driver (WDM); C:\WINDOWS\system32\drivers\sfmanm.sys [2001-08-17 36480]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S2 npkcrypt;npkcrypt; \??\C:\Nexon\MapleStory\npkcrypt.sys []
S3 a1qj1ggz;a1qj1ggz; C:\WINDOWS\system32\drivers\a1qj1ggz.sys []
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080430.017\NAVENG.Sys []
S3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080430.017\NavEx15.Sys []
S3 NPDriver;Norton Unerase Protection Driver; \??\C:\WINDOWS\system32\Drivers\NPDRIVER.SYS []
S3 npkcusb;npkcusb; \??\C:\Nexon\MapleStory\npkcusb.sys []
S3 SAVRT;SAVRT; \??\C:\WINDOWS\system32\Drivers\SAVRT.SYS []
S3 SYMREDRV;SYMREDRV; \??\C:\WINDOWS\system32\Drivers\SYMREDRV.SYS []
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-06-28 106496]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NProtectService;Norton Unerase Protection; C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE [2002-08-14 135168]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-02 159812]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2007-07-10 501048]
S2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2002-08-08 308936]
S2 navapsvc;Norton AntiVirus Auto Protect Service; C:\Program Files\Norton AntiVirus\navapsvc.exe [2002-11-14 116336]
S2 SBService;ScriptBlocking Service; C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe [2001-08-13 54408]
S2 SDService;SDService; C:\Program Files\SpywareDetector\SDService.exe []
S2 SymWSC;SymWMI Service; C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe [2004-11-02 316544]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-05-06 72704]
S3 AresChatServer;Ares Chatroom server; C:\Program Files\Ares\chatServer.exe [2007-03-19 263168]
S3 ccPwdSvc;Symantec Password Validation Service; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2002-08-19 63176]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

Info file

info.txt logfile of random's system information tool 1.04 2008-11-17 00:38:30

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos 1.0-->MsiExec.exe /I{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}
Alcohol 120%-->MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
AOL Instant Messenger-->C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
Apple Mobile Device Support-->MsiExec.exe /I{A43B2A2F-1DB5-47F9-A608-F11A4835D7CB}
Apple Software Update-->MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}
Ares 2.0.9-->"C:\Program Files\Ares\uninstall.exe"
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
Azureus Vuze-->C:\Program Files\Azureus\uninstall.exe
Canon Camera Support Core Library-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{A1D0D14A-B776-4907-BC00-5149F2298086} /l1033
Canon Camera Window DC_DV 5 for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}
Canon Camera Window DSLR 5 for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{0A146245-DB79-4197-BF5D-FE1A699A2CC7}
Canon Camera Window MC 5 for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{36C65B50-37BA-4467-AAD5-0523EFDF6F62}
Canon EOS 5D WIA Driver-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BB3AB664-D92B-4CB5-8B3E-D841841F4E68} /l1033
Canon PhotoRecord-->MsiExec.exe /X{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}
Canon RAW Image Task for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}
Canon Utilities Digital Photo Professional 2.0-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{17BF3045-AB1D-4048-8356-6C584B83565E} /l1033
Canon Utilities EOS Capture 1.5-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{589D17BB-C997-48C0-BCD2-CC8DC3375FE8}
Canon Utilities PhotoStitch 3.1-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}
Canon ZoomBrowser EX (E)-->MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
Cooking Dash (remove only)-->"C:\Program Files\Yahoo! Games\Cooking Dash\Uninstall.exe"
Diner Dash Flo Through Time (remove only)-->"C:\Program Files\Yahoo! Games\Diner Dash Flo Through Time\Uninstall.exe"
DivX 4.11 Codec-->"C:\Program Files\DivXCodec\uninstall.exe"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter-->C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Drivers Install For Linksys Easylink Advisor-->MsiExec.exe /I{A1960A82-DB70-474D-A86B-FA74466103C6}
EAX(tm) Unified (SHELL)-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative Labs\EAX(tm) Unified (SHELL)\Uninst.isu"
Flock (Photobucket Edition) 0.7-->C:\Program Files\Flock\uninst.exe
Google Gmail Notifier-->"C:\Program Files\Google\Gmail Notifier\UninstallGmail.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Photosmart, Officejet and Deskjet 7.0.A-->C:\Program Files\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe -datfile hposcr11.dat
HP Software Update-->MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP Solution Center 7.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
Huffyuv AVI lossless video codec (Remove Only)-->rundll.exe setupx.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\HUFFYUV.INF
Icy Tower v1.3.1-->"c:\games\icytower1.3\unins000.exe"
Indeo® Software-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Ligos\Indeo\Uninst.isu" -c"C:\Program Files\Ligos\Indeo\Indeo System Files\indounin.dll"
Intel A/V Codecs V2.0-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\system32\CDUninst.isu
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
iTunes-->MsiExec.exe /I{9357AE3A-B2ED-4138-BB9B-0564352C3F0A}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Jojo’s Fashion Show 2 - Las Cruces (remove only)-->"C:\Program Files\Yahoo! Games\Jojo’s Fashion Show 2 - Las Cruces\Uninstall.exe"
LexarMedia ImageRescue Software-->MsiExec.exe /X{8685BFA3-470B-4E20-A41F-A60BBD40E6E2}
LimeWire 4.16.6-->"C:\Program Files\LimeWire\uninstall.exe"
Linksys EasyLink Advisor 1.6 (0044)-->rundll32 C:\PROGRA~1\LINKSY~1\AUInst.dll,ExUninstall
LiveReg (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.80 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero Suite-->C:\Program Files\Common Files\Ahead\Uninstall\Setup.exe /uninstall
Norton AntiVirus 2003 Professional Edition-->MsiExec.exe /I{F4C9398F-B6C6-4A4B-8B6D-795CD86F915D}
Norton WMI Update-->MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
Pro Media Director Version 1.1.1.1-->"C:\Program Files\Pelican Performance\Pro Media Director\unins000.exe"
QuickTime-->MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RescuePRO 3.2-->C:\WINDOWS\iun507.exe C:\Program Files\RescuePRO\irunin.ini
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
The Sims™ 2 Deluxe-->C:\Program Files\EA GAMES\The Sims 2 Deluxe\EAUninstall.exe
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Westwood Shared Internet Components-->C:\Westwood\Internet\UnstllAP.EXE
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Xvid 1.1.2 final uninstall-->"C:\Program Files\Xvid\unins000.exe"
Yahoo! ¤u¨ã¦C-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
Yahoo! Browser Services-->C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

======Hosts File======

127.0.0.1 www.007guard.com (http://www.007guard.com)
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com (http://www.008k.com)
127.0.0.1 008k.com
127.0.0.1 www.00hq.com (http://www.00hq.com)
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com (http://www.032439.com)
127.0.0.1 032439.com

======Security center information======

AV: Norton AntiVirus (disabled) (outdated)

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0a00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip

-----------------EOF-----------------

i also get a message from symantec (which i never use) that asks me to restart whenever i turn on the computer ...please help i can't afford to format this computer

can't anyone help me? i really need this PC for school
The Waiting Room: Post here if waiting for help longer than four days (http://forums.spybot.info/forumdisplay.php?f=37)

"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)

Shaba
2008-11-18, 16:10
Hi N_Cobb

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

Ares 2.0.9
Azureus Vuze
LimeWire 4.16.6

I'd like you to read the this thread (http://forums.spybot.info/showthread.php?t=282).

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

You are now running RSIT from temp folder:

Download random's system information tool (RSIT) by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

N_Cobb
2008-11-18, 23:34
Log.txt:
Logfile of random's system information tool 1.04 (written by random/random)
Run by Calvin D Stone at 2008-11-18 16:38:01
Microsoft Windows XP Professional Service Pack 3
System drive C: has 11 GB (28%) free of 40 GB
Total RAM: 511 MB (25% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:38:10 PM, on 11/18/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Calvin D Stone\Desktop\RSIT.exe
C:\Program Files\trend micro\Calvin D Stone.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {45A9FF96-2531-4434-9B2C-70D47AE6E223} - (no file)
O2 - BHO: (no name) - {64A654DD-1BE7-4E90-B856-52C5BB087FF6} - C:\WINDOWS\system32\efcButQi.dll
O2 - BHO: (no name) - {A63E645F-13BD-45ED-B15F-6E8C1BD57279} - C:\WINDOWS\system32\efcCrQge.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Internet Service - {E43B6656-814B-4839-8FF8-AFFDE0DA9A3F} - C:\Program Files\Applications\iebr.dll (file missing)
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SDActiveMonitor] C:\Program Files\SpywareDetector\SDActiveMonitor.exe -AUTO
O4 - HKLM\..\Run: [SDAutoLiveupdate] C:\Program Files\SpywareDetector\LiveUpdateSD.exe -AUTO
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O20 - AppInit_DLLs: karna.dat
O20 - Winlogon Notify: efcCrQge - C:\WINDOWS\SYSTEM32\efcCrQge.dll
O22 - SharedTaskScheduler: hemielytron - {7ca07c92-0ab2-4346-b119-a076695d46ed} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SDService - Unknown owner - C:\Program Files\SpywareDetector\SDService.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 8087 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
C:\WINDOWS\tasks\Symantec NetDetect.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2007-12-18 817936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{45A9FF96-2531-4434-9B2C-70D47AE6E223}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64A654DD-1BE7-4E90-B856-52C5BB087FF6}]
C:\WINDOWS\system32\efcButQi.dll [2008-11-16 313856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A63E645F-13BD-45ED-B15F-6E8C1BD57279}]
C:\WINDOWS\system32\efcCrQge.dll [2008-11-15 25600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Norton AntiVirus - C:\Program Files\Norton AntiVirus\NavShExt.dll [2002-11-15 112248]
{E43B6656-814B-4839-8FF8-AFFDE0DA9A3F} - Internet Service - C:\Program Files\Applications\iebr.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2002-08-19 50880]
"ccRegVfy"=C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe [2002-08-19 34504]
"Advanced Tools Check"=C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE [2002-08-26 79480]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"=C:\Program Files\Google\Gmail Notifier\gnotify.exe [2005-07-15 479232]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-06-29 286720]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2007-07-10 270648]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-02 13529088]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-02 86016]
"SDActiveMonitor"=C:\Program Files\SpywareDetector\SDActiveMonitor.exe -AUTO []
"SDAutoLiveupdate"=C:\Program Files\SpywareDetector\LiveUpdateSD.exe -AUTO []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"EasyLinkAdvisor"=C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe [2007-03-15 454784]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
C:\Program Files\Ares\Ares.exe -h []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Documents and Settings\Calvin D Stone\Desktop\documents i've saved on desktop\DAEMON Tools Lite\daemon.exe -autorun []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE

C:\Documents and Settings\Calvin D Stone\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="karna.dat"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\efcCrQge]
C:\WINDOWS\system32\efcCrQge.dll [2008-11-15 25600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
hemielytron - {7ca07c92-0ab2-4346-b119-a076695d46ed}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{DB0A0B68-2F3C-51D2-A901-9381E136D21A}"= []
"{A63E645F-13BD-45ED-B15F-6E8C1BD57279}"=C:\WINDOWS\system32\efcCrQge.dll [2008-11-15 25600]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\efcButQi

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, msansspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SYMTDI]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Ares\Ares.exe"="C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\ijji\ENGLISH\u_gbound.exe"="C:\ijji\ENGLISH\u_gbound.exe:*:Enabled:<ijji Downloader>"
"C:\ijji\ENGLISH\Gunbound Revolution\GunBound.gme"="C:\ijji\ENGLISH\Gunbound Revolution\GunBound.gme:*:Enabled:GunBound"
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2008-11-17 16:38:23 ----SH---- C:\WINDOWS\system32\osgptamu.ini
2008-11-17 16:38:19 ----A---- C:\WINDOWS\system32\umatpgso.dll
2008-11-17 16:37:07 ----A---- C:\WINDOWS\system32\acmejo.dll
2008-11-17 16:37:06 ----A---- C:\WINDOWS\system32\fjmocaoy.dll
2008-11-17 16:36:14 ----A---- C:\WINDOWS\system32\wini1087101.exe
2008-11-17 00:38:12 ----D---- C:\Program Files\trend micro
2008-11-17 00:38:11 ----D---- C:\rsit
2008-11-17 00:17:31 ----A---- C:\WINDOWS\system32\delself.bat
2008-11-16 23:19:20 ----A---- C:\WINDOWS\brastk.exe
2008-11-16 23:18:05 ----A---- C:\WINDOWS\system32\brastk.exe
2008-11-16 14:20:41 ----SH---- C:\WINDOWS\system32\uiqpgpcp.ini
2008-11-16 14:20:41 ----A---- C:\WINDOWS\system32\qmpgfo.dll
2008-11-16 14:20:39 ----A---- C:\WINDOWS\system32\ogsxnguo.dll
2008-11-16 14:20:35 ----A---- C:\WINDOWS\system32\pcpgpqiu.dll
2008-11-16 14:19:13 ----ASH---- C:\WINDOWS\system32\iQtuBcfe.ini2
2008-11-16 14:19:12 ----ASH---- C:\WINDOWS\system32\iQtuBcfe.ini
2008-11-16 14:19:04 ----A---- C:\WINDOWS\system32\efcButQi.dll
2008-11-16 14:15:01 ----A---- C:\WINDOWS\system32\urqNGVpP.dll
2008-11-16 14:14:59 ----A---- C:\WINDOWS\system32\ssqqppNd.dll
2008-11-16 04:24:08 ----A---- C:\WINDOWS\system32\mcrh.tmp
2008-11-16 00:21:57 ----A---- C:\WINDOWS\system32\ssqPhGVP.dll
2008-11-16 00:21:55 ----A---- C:\WINDOWS\system32\geBrqqQk.dll
2008-11-15 23:15:59 ----A---- C:\WINDOWS\system32\tjbiajqr.dll
2008-11-15 23:11:30 ----A---- C:\WINDOWS\system32\6361d4d7-.txt
2008-11-15 22:03:36 ----A---- C:\WINDOWS\system32\ddcYqqQG.dll
2008-11-15 22:03:36 ----A---- C:\WINDOWS\system32\cbXNGvTl.dll
2008-11-15 21:59:12 ----A---- C:\WINDOWS\system32\pmnoOIcd.dll
2008-11-15 21:59:11 ----A---- C:\WINDOWS\system32\efcCrQge.dll
2008-11-15 21:59:06 ----A---- C:\WINDOWS\system32\msansspc.dll
2008-11-13 03:01:38 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-13 03:01:30 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-13 03:01:18 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-13 03:00:28 ----D---- C:\Program Files\MSXML 4.0
2008-11-05 03:01:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-11-04 19:34:21 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-04 19:34:21 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-04 15:32:52 ----D---- C:\WINDOWS\system32\512686
2008-11-04 15:25:09 ----A---- C:\WINDOWS\system32\ProxySettings.ini
2008-11-04 15:25:08 ----A---- C:\WINDOWS\system32\SDEarlyDelete.ini
2008-11-04 15:25:08 ----A---- C:\WINDOWS\system32\SDEarlyDelete.exe
2008-11-04 15:24:47 ----A---- C:\WINDOWS\system32\CheckDll.dll
2008-11-04 15:24:43 ----D---- C:\Program Files\SpywareDetector
2008-11-04 01:00:55 ----A---- C:\WINDOWS\OEWABLog.txt
2008-11-04 01:00:30 ----D---- C:\WINDOWS\Prefetch
2008-11-04 00:49:20 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-11-04 00:49:10 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-11-04 00:48:58 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-11-04 00:48:47 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-11-04 00:48:35 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-11-04 00:48:21 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-11-04 00:48:08 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-11-04 00:47:54 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-11-04 00:47:43 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-11-04 00:47:34 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-11-04 00:47:23 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-11-04 00:47:10 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-11-04 00:47:00 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-11-04 00:46:50 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-11-04 00:46:35 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-11-04 00:46:25 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-11-04 00:42:36 ----A---- C:\WINDOWS\setuplog.txt
2008-11-04 00:41:00 ----D---- C:\WINDOWS\system32\scripting
2008-11-04 00:40:59 ----D---- C:\WINDOWS\l2schemas
2008-11-04 00:40:58 ----D---- C:\WINDOWS\system32\en
2008-11-04 00:40:57 ----D---- C:\WINDOWS\system32\bits
2008-11-04 00:36:18 ----D---- C:\WINDOWS\ServicePackFiles
2008-11-04 00:27:09 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-11-03 19:54:33 ----D---- C:\WINDOWS\pss
2008-11-03 00:01:00 ----D---- C:\Program Files\SpyHunter
2008-11-02 19:27:11 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-24 02:00:57 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$

======List of files/folders modified in the last 1 months======

2008-11-18 16:35:06 ----D---- C:\Program Files\LimeWire
2008-11-18 16:34:58 ----D---- C:\Program Files\Azureus
2008-11-18 16:34:40 ----RD---- C:\Program Files
2008-11-18 16:21:36 ----D---- C:\WINDOWS\Temp
2008-11-17 23:24:12 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-17 16:38:23 ----D---- C:\WINDOWS\system32
2008-11-17 00:18:36 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-17 00:12:19 ----RASH---- C:\boot.ini
2008-11-17 00:12:19 ----A---- C:\WINDOWS\win.ini
2008-11-17 00:12:19 ----A---- C:\WINDOWS\system.ini
2008-11-16 23:19:20 ----D---- C:\WINDOWS
2008-11-16 14:18:45 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-16 14:15:07 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-11-16 14:10:02 ----SHD---- C:\RECYCLER
2008-11-16 03:05:01 ----D---- C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-11-16 03:04:59 ----D---- C:\Documents and Settings\Calvin D Stone\Application Data\PlayFirst
2008-11-16 03:02:42 ----D---- C:\Program Files\Yahoo! Games
2008-11-16 02:42:23 ----D---- C:\Documents and Settings\Calvin D Stone\Application Data\LimeWire
2008-11-15 22:10:10 ----D---- C:\Documents and Settings
2008-11-13 03:01:43 ----HD---- C:\WINDOWS\inf
2008-11-13 03:01:40 ----D---- C:\WINDOWS\system32\drivers
2008-11-13 03:01:37 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-13 03:01:35 ----A---- C:\WINDOWS\imsins.BAK
2008-11-13 03:00:30 ----SHD---- C:\WINDOWS\Installer
2008-11-13 03:00:29 ----D---- C:\WINDOWS\WinSxS
2008-11-06 23:26:36 ----D---- C:\WINDOWS\system32\wbem
2008-11-06 23:26:36 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-06 23:26:30 ----SD---- C:\Documents and Settings\Calvin D Stone\Application Data\Microsoft
2008-11-06 21:57:12 ----A---- C:\WINDOWS\NeroDigital.ini
2008-11-04 20:14:31 ----A---- C:\WINDOWS\wininit.ini
2008-11-04 20:09:36 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-04 15:25:52 ----D---- C:\WINDOWS\system
2008-11-04 01:01:28 ----D---- C:\WINDOWS\Debug
2008-11-04 01:00:07 ----D---- C:\WINDOWS\system32\Setup
2008-11-04 01:00:07 ----D---- C:\WINDOWS\ime
2008-11-04 01:00:07 ----D---- C:\WINDOWS\AppPatch
2008-11-04 01:00:05 ----RSD---- C:\WINDOWS\Fonts
2008-11-04 01:00:03 ----D---- C:\WINDOWS\security
2008-11-04 00:50:05 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-04 00:46:37 ----D---- C:\Program Files\Messenger
2008-11-04 00:41:24 ----D---- C:\WINDOWS\system32\inetsrv
2008-11-04 00:41:24 ----D---- C:\WINDOWS\network diagnostic
2008-11-04 00:41:24 ----D---- C:\WINDOWS\Help
2008-11-04 00:41:01 ----D---- C:\WINDOWS\system32\usmt
2008-11-04 00:41:01 ----D---- C:\WINDOWS\system32\en-US
2008-11-04 00:40:57 ----D---- C:\WINDOWS\PeerNet
2008-11-04 00:40:57 ----D---- C:\Program Files\Movie Maker
2008-11-04 00:36:03 ----D---- C:\WINDOWS\system32\Restore
2008-11-04 00:36:03 ----D---- C:\WINDOWS\system32\npp
2008-11-04 00:36:03 ----D---- C:\WINDOWS\mui
2008-11-04 00:36:01 ----D---- C:\WINDOWS\msagent
2008-11-04 00:35:59 ----D---- C:\WINDOWS\srchasst
2008-11-04 00:35:58 ----D---- C:\Program Files\NetMeeting
2008-11-04 00:35:55 ----D---- C:\WINDOWS\system32\Com
2008-11-04 00:35:51 ----D---- C:\Program Files\Windows Media Player
2008-11-04 00:35:50 ----D---- C:\Program Files\Windows NT
2008-11-04 00:35:50 ----D---- C:\Program Files\Outlook Express
2008-11-04 00:35:44 ----D---- C:\Program Files\Common Files\System
2008-11-04 00:35:10 ----D---- C:\WINDOWS\system32\oobe
2008-11-04 00:30:58 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-11-04 00:27:07 ----D---- C:\WINDOWS\ehome
2008-11-03 19:10:25 ----A---- C:\WINDOWS\system32\MRT.exe
2008-11-02 23:48:53 ----D---- C:\Program Files\Common Files
2008-10-24 02:07:16 ----AS---- C:\WINDOWS\system32\duzakwq.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-13 37760]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R2 elagopro;GoProto Protocol Driver for LELA; C:\WINDOWS\system32\DRIVERS\elagopro.sys [2007-03-22 28672]
R2 elaunidr;UniDriver for LELA; C:\WINDOWS\system32\DRIVERS\elaunidr.sys [2007-03-22 5376]
R2 SAVRTPEL;SAVRTPEL; \??\C:\WINDOWS\system32\Drivers\SAVRTPEL.SYS []
R2 SYMTDI;SYMTDI; \??\C:\WINDOWS\system32\Drivers\SYMTDI.SYS []
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ctljystk;Creative SBLive! Gameport; C:\WINDOWS\system32\DRIVERS\ctljystk.sys [2001-08-17 3712]
R3 emu10k;Creative SB Live! (WDM); C:\WINDOWS\system32\drivers\emu10k1m.sys [2001-08-17 283904]
R3 emu10k1;Creative Interface Manager Driver (WDM); C:\WINDOWS\system32\drivers\ctlfacem.sys [2001-08-17 6912]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-10-27 49664]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-10-27 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-21 21568]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-02 6554496]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 sfman;Creative SoundFont Manager Driver (WDM); C:\WINDOWS\system32\drivers\sfmanm.sys [2001-08-17 36480]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S2 npkcrypt;npkcrypt; \??\C:\Nexon\MapleStory\npkcrypt.sys []
S3 abld2pcd;abld2pcd; C:\WINDOWS\system32\drivers\abld2pcd.sys []
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080430.017\NAVENG.Sys []
S3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080430.017\NavEx15.Sys []
S3 NPDriver;Norton Unerase Protection Driver; \??\C:\WINDOWS\system32\Drivers\NPDRIVER.SYS []
S3 npkcusb;npkcusb; \??\C:\Nexon\MapleStory\npkcusb.sys []
S3 SAVRT;SAVRT; \??\C:\WINDOWS\system32\Drivers\SAVRT.SYS []
S3 SYMREDRV;SYMREDRV; \??\C:\WINDOWS\system32\Drivers\SYMREDRV.SYS []
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-06-28 106496]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NProtectService;Norton Unerase Protection; C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE [2002-08-14 135168]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-02 159812]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2007-07-10 501048]
S2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2002-08-08 308936]
S2 navapsvc;Norton AntiVirus Auto Protect Service; C:\Program Files\Norton AntiVirus\navapsvc.exe [2002-11-14 116336]
S2 SBService;ScriptBlocking Service; C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe [2001-08-13 54408]
S2 SDService;SDService; C:\Program Files\SpywareDetector\SDService.exe []
S2 SymWSC;SymWMI Service; C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe [2004-11-02 316544]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-05-06 72704]
S3 ccPwdSvc;Symantec Password Validation Service; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2002-08-19 63176]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

i was only provided with log.txt any idea what's wrong?

Shaba
2008-11-19, 12:11
Please check if there is info.txt in c:\rsit folder.

If not, please do this:

Go to start - run

Type "%userprofile%/Desktop/RSIT.exe" /info and click ok.

Post back info.txt, please

N_Cobb
2008-11-20, 02:08
info.txt logfile of random's system information tool 1.04 2008-11-17 00:38:30

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos 1.0-->MsiExec.exe /I{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}
Alcohol 120%-->MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
AOL Instant Messenger-->C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
Apple Mobile Device Support-->MsiExec.exe /I{A43B2A2F-1DB5-47F9-A608-F11A4835D7CB}
Apple Software Update-->MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}
Ares 2.0.9-->"C:\Program Files\Ares\uninstall.exe"
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
Azureus Vuze-->C:\Program Files\Azureus\uninstall.exe
Canon Camera Support Core Library-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{A1D0D14A-B776-4907-BC00-5149F2298086} /l1033
Canon Camera Window DC_DV 5 for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}
Canon Camera Window DSLR 5 for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{0A146245-DB79-4197-BF5D-FE1A699A2CC7}
Canon Camera Window MC 5 for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{36C65B50-37BA-4467-AAD5-0523EFDF6F62}
Canon EOS 5D WIA Driver-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BB3AB664-D92B-4CB5-8B3E-D841841F4E68} /l1033
Canon PhotoRecord-->MsiExec.exe /X{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}
Canon RAW Image Task for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}
Canon Utilities Digital Photo Professional 2.0-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{17BF3045-AB1D-4048-8356-6C584B83565E} /l1033
Canon Utilities EOS Capture 1.5-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{589D17BB-C997-48C0-BCD2-CC8DC3375FE8}
Canon Utilities PhotoStitch 3.1-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}
Canon ZoomBrowser EX (E)-->MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
Cooking Dash (remove only)-->"C:\Program Files\Yahoo! Games\Cooking Dash\Uninstall.exe"
Diner Dash Flo Through Time (remove only)-->"C:\Program Files\Yahoo! Games\Diner Dash Flo Through Time\Uninstall.exe"
DivX 4.11 Codec-->"C:\Program Files\DivXCodec\uninstall.exe"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter-->C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Drivers Install For Linksys Easylink Advisor-->MsiExec.exe /I{A1960A82-DB70-474D-A86B-FA74466103C6}
EAX(tm) Unified (SHELL)-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative Labs\EAX(tm) Unified (SHELL)\Uninst.isu"
Flock (Photobucket Edition) 0.7-->C:\Program Files\Flock\uninst.exe
Google Gmail Notifier-->"C:\Program Files\Google\Gmail Notifier\UninstallGmail.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Photosmart, Officejet and Deskjet 7.0.A-->C:\Program Files\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe -datfile hposcr11.dat
HP Software Update-->MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP Solution Center 7.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
Huffyuv AVI lossless video codec (Remove Only)-->rundll.exe setupx.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\HUFFYUV.INF
Icy Tower v1.3.1-->"c:\games\icytower1.3\unins000.exe"
Indeo® Software-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Ligos\Indeo\Uninst.isu" -c"C:\Program Files\Ligos\Indeo\Indeo System Files\indounin.dll"
Intel A/V Codecs V2.0-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\system32\CDUninst.isu
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
iTunes-->MsiExec.exe /I{9357AE3A-B2ED-4138-BB9B-0564352C3F0A}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Jojo’s Fashion Show 2 - Las Cruces (remove only)-->"C:\Program Files\Yahoo! Games\Jojo’s Fashion Show 2 - Las Cruces\Uninstall.exe"
LexarMedia ImageRescue Software-->MsiExec.exe /X{8685BFA3-470B-4E20-A41F-A60BBD40E6E2}
LimeWire 4.16.6-->"C:\Program Files\LimeWire\uninstall.exe"
Linksys EasyLink Advisor 1.6 (0044)-->rundll32 C:\PROGRA~1\LINKSY~1\AUInst.dll,ExUninstall
LiveReg (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.80 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero Suite-->C:\Program Files\Common Files\Ahead\Uninstall\Setup.exe /uninstall
Norton AntiVirus 2003 Professional Edition-->MsiExec.exe /I{F4C9398F-B6C6-4A4B-8B6D-795CD86F915D}
Norton WMI Update-->MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
Pro Media Director Version 1.1.1.1-->"C:\Program Files\Pelican Performance\Pro Media Director\unins000.exe"
QuickTime-->MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RescuePRO 3.2-->C:\WINDOWS\iun507.exe C:\Program Files\RescuePRO\irunin.ini
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
The Sims™ 2 Deluxe-->C:\Program Files\EA GAMES\The Sims 2 Deluxe\EAUninstall.exe
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Westwood Shared Internet Components-->C:\Westwood\Internet\UnstllAP.EXE
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Xvid 1.1.2 final uninstall-->"C:\Program Files\Xvid\unins000.exe"
Yahoo! ¤u¨ã¦C-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
Yahoo! Browser Services-->C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: Norton AntiVirus (disabled) (outdated)

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0a00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip

-----------------EOF-----------------

Shaba
2008-11-20, 17:32
Go to start - run

Type "%userprofile%/Desktop/RSIT.exe" /info and click ok.

Post back fresh RSIT logs, please.

N_Cobb
2008-11-20, 23:38
log.txt
Logfile of random's system information tool 1.04 (written by random/random)
Run by Calvin D Stone at 2008-11-20 16:41:56
Microsoft Windows XP Professional Service Pack 3
System drive C: has 11 GB (28%) free of 40 GB
Total RAM: 511 MB (28% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:42:08 PM, on 11/20/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Calvin D Stone\Desktop\RSIT.exe
C:\Program Files\trend micro\Calvin D Stone.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {1369B427-8380-4AF0-BE3F-76ADCAC27CBF} - C:\WINDOWS\system32\efcButQi.dll
O2 - BHO: (no name) - {45A9FF96-2531-4434-9B2C-70D47AE6E223} - (no file)
O2 - BHO: (no name) - {64A654DD-1BE7-4E90-B856-52C5BB087FF6} - (no file)
O2 - BHO: (no name) - {A63E645F-13BD-45ED-B15F-6E8C1BD57279} - C:\WINDOWS\system32\efcCrQge.dll
O2 - BHO: (no name) - {BB4FB6B5-0D2B-4C6A-B2A9-2DE2B5F974B2} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Internet Service - {E43B6656-814B-4839-8FF8-AFFDE0DA9A3F} - C:\Program Files\Applications\iebr.dll (file missing)
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SDActiveMonitor] C:\Program Files\SpywareDetector\SDActiveMonitor.exe -AUTO
O4 - HKLM\..\Run: [SDAutoLiveupdate] C:\Program Files\SpywareDetector\LiveUpdateSD.exe -AUTO
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O20 - AppInit_DLLs: karna.dat
O20 - Winlogon Notify: efcCrQge - C:\WINDOWS\SYSTEM32\efcCrQge.dll
O22 - SharedTaskScheduler: hemielytron - {7ca07c92-0ab2-4346-b119-a076695d46ed} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SDService - Unknown owner - C:\Program Files\SpywareDetector\SDService.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 8184 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
C:\WINDOWS\tasks\Symantec NetDetect.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2007-12-18 817936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1369B427-8380-4AF0-BE3F-76ADCAC27CBF}]
C:\WINDOWS\system32\efcButQi.dll [2008-11-16 313856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{45A9FF96-2531-4434-9B2C-70D47AE6E223}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64A654DD-1BE7-4E90-B856-52C5BB087FF6}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A63E645F-13BD-45ED-B15F-6E8C1BD57279}]
C:\WINDOWS\system32\efcCrQge.dll [2008-11-15 25600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BB4FB6B5-0D2B-4C6A-B2A9-2DE2B5F974B2}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Norton AntiVirus - C:\Program Files\Norton AntiVirus\NavShExt.dll [2002-11-15 112248]
{E43B6656-814B-4839-8FF8-AFFDE0DA9A3F} - Internet Service - C:\Program Files\Applications\iebr.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2002-08-19 50880]
"ccRegVfy"=C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe [2002-08-19 34504]
"Advanced Tools Check"=C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE [2002-08-26 79480]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"=C:\Program Files\Google\Gmail Notifier\gnotify.exe [2005-07-15 479232]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-06-29 286720]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2007-07-10 270648]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-02 13529088]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-02 86016]
"SDActiveMonitor"=C:\Program Files\SpywareDetector\SDActiveMonitor.exe -AUTO []
"SDAutoLiveupdate"=C:\Program Files\SpywareDetector\LiveUpdateSD.exe -AUTO []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"EasyLinkAdvisor"=C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe [2007-03-15 454784]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
C:\Program Files\Ares\Ares.exe -h []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Documents and Settings\Calvin D Stone\Desktop\documents i've saved on desktop\DAEMON Tools Lite\daemon.exe -autorun []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE

C:\Documents and Settings\Calvin D Stone\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="karna.dat"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\efcCrQge]
C:\WINDOWS\system32\efcCrQge.dll [2008-11-15 25600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
hemielytron - {7ca07c92-0ab2-4346-b119-a076695d46ed}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{DB0A0B68-2F3C-51D2-A901-9381E136D21A}"= []
"{A63E645F-13BD-45ED-B15F-6E8C1BD57279}"=C:\WINDOWS\system32\efcCrQge.dll [2008-11-15 25600]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\efcButQi

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, msansspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SYMTDI]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Ares\Ares.exe"="C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\ijji\ENGLISH\u_gbound.exe"="C:\ijji\ENGLISH\u_gbound.exe:*:Enabled:<ijji Downloader>"
"C:\ijji\ENGLISH\Gunbound Revolution\GunBound.gme"="C:\ijji\ENGLISH\Gunbound Revolution\GunBound.gme:*:Enabled:GunBound"
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2008-11-19 19:05:35 ----SH---- C:\WINDOWS\system32\bkethqrn.ini
2008-11-19 19:05:29 ----A---- C:\WINDOWS\system32\nrqhtekb.dll
2008-11-19 19:02:53 ----A---- C:\WINDOWS\system32\toqbzn.dll
2008-11-19 19:02:52 ----A---- C:\WINDOWS\system32\kebnitlq.dll
2008-11-18 16:42:02 ----SH---- C:\WINDOWS\system32\gcddfkug.ini
2008-11-18 16:41:59 ----A---- C:\WINDOWS\system32\gukfddcg.dll
2008-11-18 16:39:12 ----A---- C:\WINDOWS\system32\knpfdx.dll
2008-11-18 16:39:10 ----A---- C:\WINDOWS\system32\hrnehwaa.dll
2008-11-17 16:38:23 ----SH---- C:\WINDOWS\system32\osgptamu.ini
2008-11-17 16:38:19 ----A---- C:\WINDOWS\system32\umatpgso.dll
2008-11-17 16:37:07 ----A---- C:\WINDOWS\system32\acmejo.dll
2008-11-17 16:37:06 ----A---- C:\WINDOWS\system32\fjmocaoy.dll
2008-11-17 16:36:14 ----A---- C:\WINDOWS\system32\wini1087101.exe
2008-11-17 00:38:12 ----D---- C:\Program Files\trend micro
2008-11-17 00:38:11 ----D---- C:\rsit
2008-11-17 00:17:31 ----A---- C:\WINDOWS\system32\delself.bat
2008-11-16 23:19:20 ----A---- C:\WINDOWS\brastk.exe
2008-11-16 23:18:05 ----A---- C:\WINDOWS\system32\brastk.exe
2008-11-16 14:20:41 ----SH---- C:\WINDOWS\system32\uiqpgpcp.ini
2008-11-16 14:20:41 ----A---- C:\WINDOWS\system32\qmpgfo.dll
2008-11-16 14:20:39 ----A---- C:\WINDOWS\system32\ogsxnguo.dll
2008-11-16 14:20:35 ----A---- C:\WINDOWS\system32\pcpgpqiu.dll
2008-11-16 14:19:13 ----ASH---- C:\WINDOWS\system32\iQtuBcfe.ini2
2008-11-16 14:19:12 ----ASH---- C:\WINDOWS\system32\iQtuBcfe.ini
2008-11-16 14:19:04 ----A---- C:\WINDOWS\system32\efcButQi.dll
2008-11-16 14:15:01 ----A---- C:\WINDOWS\system32\urqNGVpP.dll
2008-11-16 14:14:59 ----A---- C:\WINDOWS\system32\ssqqppNd.dll
2008-11-16 04:24:08 ----A---- C:\WINDOWS\system32\mcrh.tmp
2008-11-16 00:21:57 ----A---- C:\WINDOWS\system32\ssqPhGVP.dll
2008-11-16 00:21:55 ----A---- C:\WINDOWS\system32\geBrqqQk.dll
2008-11-15 23:15:59 ----A---- C:\WINDOWS\system32\tjbiajqr.dll
2008-11-15 23:11:30 ----A---- C:\WINDOWS\system32\6361d4d7-.txt
2008-11-15 22:03:36 ----A---- C:\WINDOWS\system32\ddcYqqQG.dll
2008-11-15 22:03:36 ----A---- C:\WINDOWS\system32\cbXNGvTl.dll
2008-11-15 21:59:12 ----A---- C:\WINDOWS\system32\pmnoOIcd.dll
2008-11-15 21:59:11 ----A---- C:\WINDOWS\system32\efcCrQge.dll
2008-11-15 21:59:06 ----A---- C:\WINDOWS\system32\msansspc.dll
2008-11-13 03:01:38 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-13 03:01:30 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-13 03:01:18 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-13 03:00:28 ----D---- C:\Program Files\MSXML 4.0
2008-11-05 03:01:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-11-04 19:34:21 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-04 19:34:21 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-04 15:32:52 ----D---- C:\WINDOWS\system32\512686
2008-11-04 15:25:09 ----A---- C:\WINDOWS\system32\ProxySettings.ini
2008-11-04 15:25:08 ----A---- C:\WINDOWS\system32\SDEarlyDelete.ini
2008-11-04 15:25:08 ----A---- C:\WINDOWS\system32\SDEarlyDelete.exe
2008-11-04 15:24:47 ----A---- C:\WINDOWS\system32\CheckDll.dll
2008-11-04 15:24:43 ----D---- C:\Program Files\SpywareDetector
2008-11-04 01:00:55 ----A---- C:\WINDOWS\OEWABLog.txt
2008-11-04 01:00:30 ----D---- C:\WINDOWS\Prefetch
2008-11-04 00:49:20 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-11-04 00:49:10 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-11-04 00:48:58 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-11-04 00:48:47 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-11-04 00:48:35 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-11-04 00:48:21 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-11-04 00:48:08 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-11-04 00:47:54 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-11-04 00:47:43 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-11-04 00:47:34 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-11-04 00:47:23 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-11-04 00:47:10 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-11-04 00:47:00 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-11-04 00:46:50 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-11-04 00:46:35 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-11-04 00:46:25 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-11-04 00:42:36 ----A---- C:\WINDOWS\setuplog.txt
2008-11-04 00:41:00 ----D---- C:\WINDOWS\system32\scripting
2008-11-04 00:40:59 ----D---- C:\WINDOWS\l2schemas
2008-11-04 00:40:58 ----D---- C:\WINDOWS\system32\en
2008-11-04 00:40:57 ----D---- C:\WINDOWS\system32\bits
2008-11-04 00:36:18 ----D---- C:\WINDOWS\ServicePackFiles
2008-11-04 00:27:09 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-11-03 19:54:33 ----D---- C:\WINDOWS\pss
2008-11-03 00:01:00 ----D---- C:\Program Files\SpyHunter
2008-11-02 19:27:11 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-24 02:00:57 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$

======List of files/folders modified in the last 1 months======

2008-11-20 16:40:16 ----D---- C:\WINDOWS\Temp
2008-11-20 01:48:15 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-19 19:05:35 ----D---- C:\WINDOWS\system32
2008-11-18 16:35:06 ----D---- C:\Program Files\LimeWire
2008-11-18 16:34:58 ----D---- C:\Program Files\Azureus
2008-11-18 16:34:40 ----RD---- C:\Program Files
2008-11-17 00:18:36 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-17 00:12:19 ----RASH---- C:\boot.ini
2008-11-17 00:12:19 ----A---- C:\WINDOWS\win.ini
2008-11-17 00:12:19 ----A---- C:\WINDOWS\system.ini
2008-11-16 23:19:20 ----D---- C:\WINDOWS
2008-11-16 14:18:45 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-16 14:15:07 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-11-16 14:10:02 ----SHD---- C:\RECYCLER
2008-11-16 03:05:01 ----D---- C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-11-16 03:04:59 ----D---- C:\Documents and Settings\Calvin D Stone\Application Data\PlayFirst
2008-11-16 03:02:42 ----D---- C:\Program Files\Yahoo! Games
2008-11-16 02:42:23 ----D---- C:\Documents and Settings\Calvin D Stone\Application Data\LimeWire
2008-11-15 22:10:10 ----D---- C:\Documents and Settings
2008-11-13 03:01:43 ----HD---- C:\WINDOWS\inf
2008-11-13 03:01:40 ----D---- C:\WINDOWS\system32\drivers
2008-11-13 03:01:37 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-13 03:01:35 ----A---- C:\WINDOWS\imsins.BAK
2008-11-13 03:00:30 ----SHD---- C:\WINDOWS\Installer
2008-11-13 03:00:29 ----D---- C:\WINDOWS\WinSxS
2008-11-06 23:26:36 ----D---- C:\WINDOWS\system32\wbem
2008-11-06 23:26:36 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-06 23:26:30 ----SD---- C:\Documents and Settings\Calvin D Stone\Application Data\Microsoft
2008-11-06 21:57:12 ----A---- C:\WINDOWS\NeroDigital.ini
2008-11-04 20:14:31 ----A---- C:\WINDOWS\wininit.ini
2008-11-04 20:09:36 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-04 15:25:52 ----D---- C:\WINDOWS\system
2008-11-04 01:01:28 ----D---- C:\WINDOWS\Debug
2008-11-04 01:00:07 ----D---- C:\WINDOWS\system32\Setup
2008-11-04 01:00:07 ----D---- C:\WINDOWS\ime
2008-11-04 01:00:07 ----D---- C:\WINDOWS\AppPatch
2008-11-04 01:00:05 ----RSD---- C:\WINDOWS\Fonts
2008-11-04 01:00:03 ----D---- C:\WINDOWS\security
2008-11-04 00:50:05 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-04 00:46:37 ----D---- C:\Program Files\Messenger
2008-11-04 00:41:24 ----D---- C:\WINDOWS\system32\inetsrv
2008-11-04 00:41:24 ----D---- C:\WINDOWS\network diagnostic
2008-11-04 00:41:24 ----D---- C:\WINDOWS\Help
2008-11-04 00:41:01 ----D---- C:\WINDOWS\system32\usmt
2008-11-04 00:41:01 ----D---- C:\WINDOWS\system32\en-US
2008-11-04 00:40:57 ----D---- C:\WINDOWS\PeerNet
2008-11-04 00:40:57 ----D---- C:\Program Files\Movie Maker
2008-11-04 00:36:03 ----D---- C:\WINDOWS\system32\Restore
2008-11-04 00:36:03 ----D---- C:\WINDOWS\system32\npp
2008-11-04 00:36:03 ----D---- C:\WINDOWS\mui
2008-11-04 00:36:01 ----D---- C:\WINDOWS\msagent
2008-11-04 00:35:59 ----D---- C:\WINDOWS\srchasst
2008-11-04 00:35:58 ----D---- C:\Program Files\NetMeeting
2008-11-04 00:35:55 ----D---- C:\WINDOWS\system32\Com
2008-11-04 00:35:51 ----D---- C:\Program Files\Windows Media Player
2008-11-04 00:35:50 ----D---- C:\Program Files\Windows NT
2008-11-04 00:35:50 ----D---- C:\Program Files\Outlook Express
2008-11-04 00:35:44 ----D---- C:\Program Files\Common Files\System
2008-11-04 00:35:10 ----D---- C:\WINDOWS\system32\oobe
2008-11-04 00:30:58 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-11-04 00:27:07 ----D---- C:\WINDOWS\ehome
2008-11-03 19:10:25 ----A---- C:\WINDOWS\system32\MRT.exe
2008-11-02 23:48:53 ----D---- C:\Program Files\Common Files
2008-10-24 02:07:16 ----AS---- C:\WINDOWS\system32\duzakwq.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-13 37760]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R2 elagopro;GoProto Protocol Driver for LELA; C:\WINDOWS\system32\DRIVERS\elagopro.sys [2007-03-22 28672]
R2 elaunidr;UniDriver for LELA; C:\WINDOWS\system32\DRIVERS\elaunidr.sys [2007-03-22 5376]
R2 SAVRTPEL;SAVRTPEL; \??\C:\WINDOWS\system32\Drivers\SAVRTPEL.SYS []
R2 SYMTDI;SYMTDI; \??\C:\WINDOWS\system32\Drivers\SYMTDI.SYS []
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ctljystk;Creative SBLive! Gameport; C:\WINDOWS\system32\DRIVERS\ctljystk.sys [2001-08-17 3712]
R3 emu10k;Creative SB Live! (WDM); C:\WINDOWS\system32\drivers\emu10k1m.sys [2001-08-17 283904]
R3 emu10k1;Creative Interface Manager Driver (WDM); C:\WINDOWS\system32\drivers\ctlfacem.sys [2001-08-17 6912]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-10-27 49664]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-10-27 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-21 21568]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-02 6554496]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 sfman;Creative SoundFont Manager Driver (WDM); C:\WINDOWS\system32\drivers\sfmanm.sys [2001-08-17 36480]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S2 npkcrypt;npkcrypt; \??\C:\Nexon\MapleStory\npkcrypt.sys []
S3 aldhre5q;aldhre5q; C:\WINDOWS\system32\drivers\aldhre5q.sys []
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080430.017\NAVENG.Sys []
S3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080430.017\NavEx15.Sys []
S3 NPDriver;Norton Unerase Protection Driver; \??\C:\WINDOWS\system32\Drivers\NPDRIVER.SYS []
S3 npkcusb;npkcusb; \??\C:\Nexon\MapleStory\npkcusb.sys []
S3 SAVRT;SAVRT; \??\C:\WINDOWS\system32\Drivers\SAVRT.SYS []
S3 SYMREDRV;SYMREDRV; \??\C:\WINDOWS\system32\Drivers\SYMREDRV.SYS []
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-06-28 106496]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NProtectService;Norton Unerase Protection; C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE [2002-08-14 135168]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-02 159812]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2007-07-10 501048]
S2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2002-08-08 308936]
S2 navapsvc;Norton AntiVirus Auto Protect Service; C:\Program Files\Norton AntiVirus\navapsvc.exe [2002-11-14 116336]
S2 SBService;ScriptBlocking Service; C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe [2001-08-13 54408]
S2 SDService;SDService; C:\Program Files\SpywareDetector\SDService.exe []
S2 SymWSC;SymWMI Service; C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe [2004-11-02 316544]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-05-06 72704]
S3 ccPwdSvc;Symantec Password Validation Service; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2002-08-19 63176]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

info.txt
info.txt logfile of random's system information tool 1.04 2008-11-20 16:42:13

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos 1.0-->MsiExec.exe /I{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}
Alcohol 120%-->MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
AOL Instant Messenger-->C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
Apple Mobile Device Support-->MsiExec.exe /I{A43B2A2F-1DB5-47F9-A608-F11A4835D7CB}
Apple Software Update-->MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
Canon Camera Support Core Library-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{A1D0D14A-B776-4907-BC00-5149F2298086} /l1033
Canon Camera Window DC_DV 5 for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}
Canon Camera Window DSLR 5 for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{0A146245-DB79-4197-BF5D-FE1A699A2CC7}
Canon Camera Window MC 5 for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{36C65B50-37BA-4467-AAD5-0523EFDF6F62}
Canon EOS 5D WIA Driver-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BB3AB664-D92B-4CB5-8B3E-D841841F4E68} /l1033
Canon PhotoRecord-->MsiExec.exe /X{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}
Canon RAW Image Task for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}
Canon Utilities Digital Photo Professional 2.0-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{17BF3045-AB1D-4048-8356-6C584B83565E} /l1033
Canon Utilities EOS Capture 1.5-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{589D17BB-C997-48C0-BCD2-CC8DC3375FE8}
Canon Utilities PhotoStitch 3.1-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}
Canon ZoomBrowser EX (E)-->MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
Cooking Dash (remove only)-->"C:\Program Files\Yahoo! Games\Cooking Dash\Uninstall.exe"
Diner Dash Flo Through Time (remove only)-->"C:\Program Files\Yahoo! Games\Diner Dash Flo Through Time\Uninstall.exe"
DivX 4.11 Codec-->"C:\Program Files\DivXCodec\uninstall.exe"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter-->C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Drivers Install For Linksys Easylink Advisor-->MsiExec.exe /I{A1960A82-DB70-474D-A86B-FA74466103C6}
EAX(tm) Unified (SHELL)-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative Labs\EAX(tm) Unified (SHELL)\Uninst.isu"
Flock (Photobucket Edition) 0.7-->C:\Program Files\Flock\uninst.exe
Google Gmail Notifier-->"C:\Program Files\Google\Gmail Notifier\UninstallGmail.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Photosmart, Officejet and Deskjet 7.0.A-->C:\Program Files\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe -datfile hposcr11.dat
HP Software Update-->MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP Solution Center 7.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
Huffyuv AVI lossless video codec (Remove Only)-->rundll.exe setupx.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\HUFFYUV.INF
Icy Tower v1.3.1-->"c:\games\icytower1.3\unins000.exe"
Indeo® Software-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Ligos\Indeo\Uninst.isu" -c"C:\Program Files\Ligos\Indeo\Indeo System Files\indounin.dll"
Intel A/V Codecs V2.0-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\system32\CDUninst.isu
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
iTunes-->MsiExec.exe /I{9357AE3A-B2ED-4138-BB9B-0564352C3F0A}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Jojo’s Fashion Show 2 - Las Cruces (remove only)-->"C:\Program Files\Yahoo! Games\Jojo’s Fashion Show 2 - Las Cruces\Uninstall.exe"
LexarMedia ImageRescue Software-->MsiExec.exe /X{8685BFA3-470B-4E20-A41F-A60BBD40E6E2}
Linksys EasyLink Advisor 1.6 (0044)-->rundll32 C:\PROGRA~1\LINKSY~1\AUInst.dll,ExUninstall
LiveReg (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.80 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero Suite-->C:\Program Files\Common Files\Ahead\Uninstall\Setup.exe /uninstall
Norton AntiVirus 2003 Professional Edition-->MsiExec.exe /I{F4C9398F-B6C6-4A4B-8B6D-795CD86F915D}
Norton WMI Update-->MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
Pro Media Director Version 1.1.1.1-->"C:\Program Files\Pelican Performance\Pro Media Director\unins000.exe"
QuickTime-->MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RescuePRO 3.2-->C:\WINDOWS\iun507.exe C:\Program Files\RescuePRO\irunin.ini
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
The Sims™ 2 Deluxe-->C:\Program Files\EA GAMES\The Sims 2 Deluxe\EAUninstall.exe
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Westwood Shared Internet Components-->C:\Westwood\Internet\UnstllAP.EXE
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Xvid 1.1.2 final uninstall-->"C:\Program Files\Xvid\unins000.exe"
Yahoo! ¤u¨ã¦C-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
Yahoo! Browser Services-->C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: Norton AntiVirus (disabled) (outdated)

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0a00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip

-----------------EOF-----------------

Shaba
2008-11-21, 11:37
Is Norton up-to-date?

N_Cobb
2008-11-21, 23:07
no, my norton is 2003 i believe

Shaba
2008-11-22, 12:21
Thank you for information.

In that case we will remove it later and replace with free alternatives.

Download ComboFix from one of these locations:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)

* IMPORTANT !!! Save ComboFix.exe to your Desktop


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

We need first to disable TeaTimer that it doesn't interfere with fixes. You can re-enable it when you're clean again:

1. Run Spybot-S&D in Advanced Mode.
2. If it is not already set to do this Go to the Mode menu select "Advanced Mode"
3. On the left hand side, Click on Tools
4. Then click on the Resident Icon in the List
5. Uncheck "Resident TeaTimer" and OK any prompts.
6. Restart your computer.




Double click on ComboFix.exe & follow the prompts.


As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.


Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/whatnext.png


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.

N_Cobb
2008-11-22, 19:25
my spybot won't open and how can verify that the other anti virus programs are disabled?

Shaba
2008-11-22, 19:30
This link (http://www.bleepingcomputer.com/forums/topic114351.html) should help here.

If you can't open Spybot, you can try to uninstall it and reinstall it back later. Having active TeaTimer will conflict with combofix

N_Cobb
2008-11-22, 20:57
im not being allowed acccess to either of the programs, Combofix or Spybot after double clicking i simply get a 1 second hourglass then nothing happens.

Shaba
2008-11-22, 21:13
I see.

Then we do this:

Please download Malwarebytes Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) and save it to your desktop.
alternate download link 1 (http://malwarebytes.gt500.org/mbam-setup.exe)
alternate download link 2 (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Make sure you are connected to the Internet.
Double-click on mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware

Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here (http://www.malwarebytes.org/mbam/database/mbam-rules.exe) and just double-click on mbam-rules.exe to install.
On the Scanner tab:
Make sure the "Perform Full Scan" option is selected.
Then click on the Scan button.

If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Post:

- mbam log
- rsit logs (only log.txt will appear)

N_Cobb
2008-11-23, 00:59
Logfile of random's system information tool 1.04 (written by random/random)
Run by Calvin D Stone at 2008-11-22 18:02:12
Microsoft Windows XP Professional Service Pack 3
System drive C: has 10 GB (26%) free of 40 GB
Total RAM: 511 MB (25% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:02:35 PM, on 11/22/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Calvin D Stone\Desktop\RSIT.exe
C:\Program Files\trend micro\Calvin D Stone.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: {6637ec05-583e-61e8-9194-3b001eb82459} - {95428be1-00b3-4919-8e16-e38550ce7366} - C:\WINDOWS\system32\vvvdgq.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SDActiveMonitor] C:\Program Files\SpywareDetector\SDActiveMonitor.exe -AUTO
O4 - HKLM\..\Run: [SDAutoLiveupdate] C:\Program Files\SpywareDetector\LiveUpdateSD.exe -AUTO
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [brastk] brastk.exe
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\Calvin D Stone\Application Data\gadcom\gadcom.exe" 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\karna.dat
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SDService - Unknown owner - C:\Program Files\SpywareDetector\SDService.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 8207 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
C:\WINDOWS\tasks\Symantec NetDetect.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2007-12-18 817936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95428be1-00b3-4919-8e16-e38550ce7366}]
C:\WINDOWS\system32\vvvdgq.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Norton AntiVirus - C:\Program Files\Norton AntiVirus\NavShExt.dll [2002-11-15 112248]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2002-08-19 50880]
"ccRegVfy"=C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe [2002-08-19 34504]
"Advanced Tools Check"=C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE [2002-08-26 79480]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"=C:\Program Files\Google\Gmail Notifier\gnotify.exe [2005-07-15 479232]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-06-29 286720]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2007-07-10 270648]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-02 13529088]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-02 86016]
"SDActiveMonitor"=C:\Program Files\SpywareDetector\SDActiveMonitor.exe -AUTO []
"SDAutoLiveupdate"=C:\Program Files\SpywareDetector\LiveUpdateSD.exe -AUTO []
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]
"nwiz"=nwiz.exe /install []
"brastk"=brastk.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"EasyLinkAdvisor"=C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe [2007-03-15 454784]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-07-07 2156368]
"gadcom"=C:\Documents and Settings\Calvin D Stone\Application Data\gadcom\gadcom.exe 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
C:\Program Files\Ares\Ares.exe -h []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Documents and Settings\Calvin D Stone\Desktop\documents i've saved on desktop\DAEMON Tools Lite\daemon.exe -autorun []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE

C:\Documents and Settings\Calvin D Stone\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINDOWS\system32\karna.dat"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{DB0A0B68-2F3C-51D2-A901-9381E136D21A}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SYMTDI]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Ares\Ares.exe"="C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\ijji\ENGLISH\u_gbound.exe"="C:\ijji\ENGLISH\u_gbound.exe:*:Enabled:<ijji Downloader>"
"C:\ijji\ENGLISH\Gunbound Revolution\GunBound.gme"="C:\ijji\ENGLISH\Gunbound Revolution\GunBound.gme:*:Enabled:GunBound"
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2008-11-22 16:09:22 ----SH---- C:\WINDOWS\system32\bmwgmtsw.ini
2008-11-22 14:37:15 ----D---- C:\Documents and Settings\Calvin D Stone\Application Data\Malwarebytes
2008-11-22 14:37:06 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-22 14:37:06 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-21 16:12:27 ----A---- C:\WINDOWS\system32\vjfvlo.dll
2008-11-21 16:12:25 ----A---- C:\WINDOWS\system32\cvyhsedy.dll
2008-11-20 19:03:51 ----A---- C:\WINDOWS\system32\aqjmej.dll
2008-11-20 19:03:50 ----A---- C:\WINDOWS\system32\gajaxkgw.dll
2008-11-19 19:02:53 ----A---- C:\WINDOWS\system32\toqbzn.dll
2008-11-19 19:02:52 ----A---- C:\WINDOWS\system32\kebnitlq.dll
2008-11-17 00:38:12 ----D---- C:\Program Files\trend micro
2008-11-17 00:38:11 ----D---- C:\rsit
2008-11-15 23:11:30 ----A---- C:\WINDOWS\system32\6361d4d7-.txt
2008-11-13 03:01:38 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-13 03:01:30 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-13 03:01:18 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-13 03:00:28 ----D---- C:\Program Files\MSXML 4.0
2008-11-05 03:01:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-11-04 19:34:21 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-04 19:34:21 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-04 15:25:09 ----A---- C:\WINDOWS\system32\ProxySettings.ini
2008-11-04 15:25:08 ----A---- C:\WINDOWS\system32\SDEarlyDelete.ini
2008-11-04 15:25:08 ----A---- C:\WINDOWS\system32\SDEarlyDelete.exe
2008-11-04 15:24:47 ----A---- C:\WINDOWS\system32\CheckDll.dll
2008-11-04 15:24:43 ----D---- C:\Program Files\SpywareDetector
2008-11-04 01:00:55 ----A---- C:\WINDOWS\OEWABLog.txt
2008-11-04 01:00:30 ----D---- C:\WINDOWS\Prefetch
2008-11-04 00:49:20 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-11-04 00:49:10 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-11-04 00:48:58 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-11-04 00:48:47 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-11-04 00:48:35 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-11-04 00:48:21 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-11-04 00:48:08 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-11-04 00:47:54 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-11-04 00:47:43 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-11-04 00:47:34 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-11-04 00:47:23 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-11-04 00:47:10 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-11-04 00:47:00 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-11-04 00:46:50 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-11-04 00:46:35 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-11-04 00:46:25 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-11-04 00:42:36 ----A---- C:\WINDOWS\setuplog.txt
2008-11-04 00:41:00 ----D---- C:\WINDOWS\system32\scripting
2008-11-04 00:40:59 ----D---- C:\WINDOWS\l2schemas
2008-11-04 00:40:58 ----D---- C:\WINDOWS\system32\en
2008-11-04 00:40:57 ----D---- C:\WINDOWS\system32\bits
2008-11-04 00:36:18 ----D---- C:\WINDOWS\ServicePackFiles
2008-11-04 00:27:09 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-11-03 19:54:33 ----D---- C:\WINDOWS\pss
2008-11-03 00:01:00 ----D---- C:\Program Files\SpyHunter
2008-11-02 19:27:11 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-24 02:00:57 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$

======List of files/folders modified in the last 1 months======

2008-11-22 18:01:17 ----D---- C:\WINDOWS\Temp
2008-11-22 18:00:31 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-22 18:00:18 ----D---- C:\WINDOWS\system32
2008-11-22 18:00:15 ----D---- C:\WINDOWS\system32\drivers
2008-11-22 17:59:49 ----RD---- C:\Program Files
2008-11-22 17:59:49 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-22 17:59:48 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-22 17:59:48 ----D---- C:\WINDOWS
2008-11-22 14:01:04 ----RASH---- C:\boot.ini
2008-11-22 14:01:04 ----A---- C:\WINDOWS\win.ini
2008-11-22 14:01:04 ----A---- C:\WINDOWS\system.ini
2008-11-18 16:35:06 ----D---- C:\Program Files\LimeWire
2008-11-18 16:34:58 ----D---- C:\Program Files\Azureus
2008-11-16 14:15:07 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-11-16 14:10:02 ----SHD---- C:\RECYCLER
2008-11-16 03:05:01 ----D---- C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-11-16 03:04:59 ----D---- C:\Documents and Settings\Calvin D Stone\Application Data\PlayFirst
2008-11-16 03:02:42 ----D---- C:\Program Files\Yahoo! Games
2008-11-16 02:42:23 ----D---- C:\Documents and Settings\Calvin D Stone\Application Data\LimeWire
2008-11-15 22:10:10 ----D---- C:\Documents and Settings
2008-11-13 03:01:43 ----HD---- C:\WINDOWS\inf
2008-11-13 03:01:37 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-13 03:01:35 ----A---- C:\WINDOWS\imsins.BAK
2008-11-13 03:00:30 ----SHD---- C:\WINDOWS\Installer
2008-11-13 03:00:29 ----D---- C:\WINDOWS\WinSxS
2008-11-06 23:26:36 ----D---- C:\WINDOWS\system32\wbem
2008-11-06 23:26:36 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-06 23:26:30 ----SD---- C:\Documents and Settings\Calvin D Stone\Application Data\Microsoft
2008-11-06 21:57:12 ----A---- C:\WINDOWS\NeroDigital.ini
2008-11-04 20:14:31 ----A---- C:\WINDOWS\wininit.ini
2008-11-04 20:09:36 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-04 15:25:52 ----D---- C:\WINDOWS\system
2008-11-04 01:01:28 ----D---- C:\WINDOWS\Debug
2008-11-04 01:00:07 ----D---- C:\WINDOWS\system32\Setup
2008-11-04 01:00:07 ----D---- C:\WINDOWS\ime
2008-11-04 01:00:07 ----D---- C:\WINDOWS\AppPatch
2008-11-04 01:00:05 ----RSD---- C:\WINDOWS\Fonts
2008-11-04 01:00:03 ----D---- C:\WINDOWS\security
2008-11-04 00:50:05 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-04 00:46:37 ----D---- C:\Program Files\Messenger
2008-11-04 00:41:24 ----D---- C:\WINDOWS\system32\inetsrv
2008-11-04 00:41:24 ----D---- C:\WINDOWS\network diagnostic
2008-11-04 00:41:24 ----D---- C:\WINDOWS\Help
2008-11-04 00:41:01 ----D---- C:\WINDOWS\system32\usmt
2008-11-04 00:41:01 ----D---- C:\WINDOWS\system32\en-US
2008-11-04 00:40:57 ----D---- C:\WINDOWS\PeerNet
2008-11-04 00:40:57 ----D---- C:\Program Files\Movie Maker
2008-11-04 00:36:03 ----D---- C:\WINDOWS\system32\Restore
2008-11-04 00:36:03 ----D---- C:\WINDOWS\system32\npp
2008-11-04 00:36:03 ----D---- C:\WINDOWS\mui
2008-11-04 00:36:01 ----D---- C:\WINDOWS\msagent
2008-11-04 00:35:59 ----D---- C:\WINDOWS\srchasst
2008-11-04 00:35:58 ----D---- C:\Program Files\NetMeeting
2008-11-04 00:35:55 ----D---- C:\WINDOWS\system32\Com
2008-11-04 00:35:51 ----D---- C:\Program Files\Windows Media Player
2008-11-04 00:35:50 ----D---- C:\Program Files\Windows NT
2008-11-04 00:35:50 ----D---- C:\Program Files\Outlook Express
2008-11-04 00:35:44 ----D---- C:\Program Files\Common Files\System
2008-11-04 00:35:10 ----D---- C:\WINDOWS\system32\oobe
2008-11-04 00:30:58 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-11-04 00:27:07 ----D---- C:\WINDOWS\ehome
2008-11-03 19:10:25 ----A---- C:\WINDOWS\system32\MRT.exe
2008-11-02 23:48:53 ----D---- C:\Program Files\Common Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-13 37760]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R2 elagopro;GoProto Protocol Driver for LELA; C:\WINDOWS\system32\DRIVERS\elagopro.sys [2007-03-22 28672]
R2 elaunidr;UniDriver for LELA; C:\WINDOWS\system32\DRIVERS\elaunidr.sys [2007-03-22 5376]
R2 SAVRTPEL;SAVRTPEL; \??\C:\WINDOWS\system32\Drivers\SAVRTPEL.SYS []
R2 SYMTDI;SYMTDI; \??\C:\WINDOWS\system32\Drivers\SYMTDI.SYS []
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ctljystk;Creative SBLive! Gameport; C:\WINDOWS\system32\DRIVERS\ctljystk.sys [2001-08-17 3712]
R3 emu10k;Creative SB Live! (WDM); C:\WINDOWS\system32\drivers\emu10k1m.sys [2001-08-17 283904]
R3 emu10k1;Creative Interface Manager Driver (WDM); C:\WINDOWS\system32\drivers\ctlfacem.sys [2001-08-17 6912]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080430.017\NAVENG.Sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080430.017\NavEx15.Sys []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NPDriver;Norton Unerase Protection Driver; \??\C:\WINDOWS\system32\Drivers\NPDRIVER.SYS []
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-02 6554496]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 SAVRT;SAVRT; \??\C:\WINDOWS\system32\Drivers\SAVRT.SYS []
R3 sfman;Creative SoundFont Manager Driver (WDM); C:\WINDOWS\system32\drivers\sfmanm.sys [2001-08-17 36480]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; \??\C:\WINDOWS\system32\Drivers\SYMREDRV.SYS []
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S2 npkcrypt;npkcrypt; \??\C:\Nexon\MapleStory\npkcrypt.sys []
S3 aghm6zpf;aghm6zpf; C:\WINDOWS\system32\drivers\aghm6zpf.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-10-27 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-10-27 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-21 21568]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 npkcusb;npkcusb; \??\C:\Nexon\MapleStory\npkcusb.sys []
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-06-28 106496]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2002-08-08 308936]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 navapsvc;Norton AntiVirus Auto Protect Service; C:\Program Files\Norton AntiVirus\navapsvc.exe [2002-11-14 116336]
R2 NProtectService;Norton Unerase Protection; C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE [2002-08-14 135168]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-02 159812]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
R2 SymWSC;SymWMI Service; C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe [2004-11-02 316544]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2007-07-10 501048]
S2 SBService;ScriptBlocking Service; C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe [2001-08-13 54408]
S2 SDService;SDService; C:\Program Files\SpywareDetector\SDService.exe []
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-05-06 72704]
S3 ccPwdSvc;Symantec Password Validation Service; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2002-08-19 63176]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

mbabm-log:

Malwarebytes' Anti-Malware 1.30
Database version: 1416
Windows 5.1.2600 Service Pack 3

11/22/2008 5:59:53 PM
mbam-log-2008-11-22 (17-59-52).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|)
Objects scanned: 142239
Time elapsed: 3 hour(s), 20 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 48
Registry Values Infected: 7
Registry Data Items Infected: 3
Folders Infected: 4
Files Infected: 75

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\efcButQi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\efcCrQge.dll (Trojan.Vundo) -> Delete on reboot.
C:\Program Files\Webtools\webtools.dll (Trojan.BHO) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{526ea853-3e8b-479c-bd05-e3ed3ed88c9c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{526ea853-3e8b-479c-bd05-e3ed3ed88c9c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a63e645f-13bd-45ed-b15f-6e8c1bd57279} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\efccrqge (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{a63e645f-13bd-45ed-b15f-6e8c1bd57279} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a63e645f-13bd-45ed-b15f-6e8c1bd57279} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{526ea853-3e8b-479c-bd05-e3ed3ed88c9c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{63334394-3da3-4b29-a041-03535909d361} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e4a04a1-a24d-45ae-aca4-949778400813} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_myjavacore.mjcore (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e0f01490-dcf3-4357-95aa-169a8c2b2190} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17e44256-51e0-4d46-a0c8-44e80ab4ba5b} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_myjavacore.mjcore.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\pornpro.pornpro_bho (Adware.PlayaZ) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\pornpro.pornpro_bho.1 (Adware.PlayaZ) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\testcpv6.bho (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\testcpv6.bho.1 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\z444.z444mgr (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{51b15f5a-e98b-4658-b9cb-9307b74773a7} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{51b15f5a-e98b-4658-b9cb-9307b74773a7} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\z444.z444mgr.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e43b6656-814b-4839-8ff8-affde0da9a3f} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{80ef304a-b1c4-425c-8535-95ab6f1eefb8} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{ff46f4ab-a85f-487e-b399-3f191ac0fe23} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{41f82a1c-bb3a-4cef-8cb1-72f9cf075afe} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3b7aaeb1-9f3d-4491-9c06-c7165ca8d058} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e43b6656-814b-4839-8ff8-affde0da9a3f} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0d39a900-0f3a-4c29-a254-3e65244fdc34} (Adware.PlayaZ) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6d231e9c-448e-4209-8121-602e2cedcfc7} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3cc5a171-b205-4c9e-9085-f49ca1131462} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3653b8fe-8dfb-4da7-9b4d-0768a242750c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\BHO_MyJavaCore.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\testCPV6.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Mirar (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\RelatedPageInstall (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{a63e645f-13bd-45ed-b15f-6e8c1bd57279} (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gadcom () -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{e43b6656-814b-4839-8ff8-affde0da9a3f} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{e43b6656-814b-4839-8ff8-affde0da9a3f} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{7ca07c92-0ab2-4346-b119-a076695d46ed} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\684210a9 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\brastk (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\efcbutqi -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\efcbutqi -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Trojan.Agent) -> Data: msansspc.dll -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\Webtools (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Mjcore (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\512686 (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Calvin D Stone\Application Data\gadcom (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\efcButQi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\iQtuBcfe.ini (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\iQtuBcfe.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\efcCrQge.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ewonnqja.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ajqnnowe.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gukfddcg.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gcddfkug.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nrqhtekb.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bkethqrn.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pcpgpqiu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uiqpgpcp.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\puauyhfv.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vfhyuaup.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\umatpgso.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\osgptamu.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Program Files\Webtools\webtools.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Calvin D Stone\Application Data\gadcom\gadcom.exe () -> Quarantined and deleted successfully.
C:\Program Files\Mjcore\Mjcore.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\512686\512686.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Calvin D Stone\Local Settings\Temp\mfsdatt.exe (Spyware.Banker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Calvin D Stone\Local Settings\Temporary Internet Files\Content.IE5\G8SESMC1\zc113432[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Calvin D Stone\Local Settings\Temporary Internet Files\Content.IE5\G8SESMC1\155[1].net (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Calvin D Stone\Local Settings\Temporary Internet Files\Content.IE5\J1L8AH6G\mfsdatt[1].exe (Spyware.Banker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Calvin D Stone\Local Settings\Temporary Internet Files\Content.IE5\J1L8AH6G\zc113432[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Calvin D Stone\Local Settings\Temporary Internet Files\Content.IE5\SIKAE2KR\kb600179[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\RECYCLER\NPROTECT\00478555.CPX (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{373C1F31-52A6-421C-96CB-D8A367F35446}\RP573\A0168182.exe (Adware.Mirar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{373C1F31-52A6-421C-96CB-D8A367F35446}\RP579\A0177562.exe (Adware.Mirar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{373C1F31-52A6-421C-96CB-D8A367F35446}\RP579\A0177563.dll (Adware.Mirar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{373C1F31-52A6-421C-96CB-D8A367F35446}\RP591\A0184928.exe () -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{373C1F31-52A6-421C-96CB-D8A367F35446}\RP591\A0184931.exe () -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{373C1F31-52A6-421C-96CB-D8A367F35446}\RP591\A0184935.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{373C1F31-52A6-421C-96CB-D8A367F35446}\RP591\A0184957.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{373C1F31-52A6-421C-96CB-D8A367F35446}\RP592\A0188212.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{373C1F31-52A6-421C-96CB-D8A367F35446}\RP592\A0186200.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\karna.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cbXNGvTl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\geBrqqQk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pmnkIBqQ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pmnoOIcd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vvvdgq.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ogsxnguo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssqPhGVP.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssqqppNd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tjbiajqr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jkkHWOHB.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\karna.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wstmgwmb.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\acmejo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\urqNGVpP.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qmpgfo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fjmocaoy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ddcYqqQG.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hrnehwaa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\khddfgkr.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\knpfdx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msansspc.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\wpv481226787153.cpx (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wpv781226787064.cpx (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wpv901226787518.cpx (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\delself.bat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.
C:\WINDOWS\brastk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\brastk.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\system32\wini1087101.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\duzakwq.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\Calvin D Stone\Local Settings\Temp\wrdwn3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Calvin D Stone\Local Settings\Temp\wrdwn4 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Calvin D Stone\Local Settings\Temp\wrdwn5 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Calvin D Stone\Local Settings\Temp\wrdwn6 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Calvin D Stone\Local Settings\Temp\wrdwn7 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Calvin D Stone\Local Settings\Temp\wrdwn8 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Shaba
2008-11-23, 12:19
Looks better but still a lot left.

Are you now able to disable TeaTimer?

N_Cobb
2008-11-23, 19:31
Yes, teatimer and norton are disabled

Shaba
2008-11-23, 19:48
Great :)

Please try now to run ComboFix and post back its log and a fresh HijackThis log.

N_Cobb
2008-11-23, 21:10
Rsmit
Logfile of random's system information tool 1.04 (written by random/random)
Run by Calvin D Stone at 2008-11-23 14:14:17
Microsoft Windows XP Professional Service Pack 3
System drive C: has 11 GB (28%) free of 40 GB
Total RAM: 511 MB (32% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:14:26 PM, on 11/23/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Calvin D Stone\Desktop\RSIT.exe
C:\Program Files\trend micro\Calvin D Stone.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: {6637ec05-583e-61e8-9194-3b001eb82459} - {95428be1-00b3-4919-8e16-e38550ce7366} - C:\WINDOWS\system32\vvvdgq.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SDActiveMonitor] C:\Program Files\SpywareDetector\SDActiveMonitor.exe -AUTO
O4 - HKLM\..\Run: [SDAutoLiveupdate] C:\Program Files\SpywareDetector\LiveUpdateSD.exe -AUTO
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SDService - Unknown owner - C:\Program Files\SpywareDetector\SDService.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 8105 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
C:\WINDOWS\tasks\Symantec NetDetect.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2007-12-18 817936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95428be1-00b3-4919-8e16-e38550ce7366}]
C:\WINDOWS\system32\vvvdgq.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Norton AntiVirus - C:\Program Files\Norton AntiVirus\NavShExt.dll [2002-11-15 112248]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2002-08-19 50880]
"ccRegVfy"=C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe [2002-08-19 34504]
"Advanced Tools Check"=C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE [2002-08-26 79480]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"=C:\Program Files\Google\Gmail Notifier\gnotify.exe [2005-07-15 479232]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-06-29 286720]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2007-07-10 270648]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-02 13529088]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-02 86016]
"SDActiveMonitor"=C:\Program Files\SpywareDetector\SDActiveMonitor.exe -AUTO []
"SDAutoLiveupdate"=C:\Program Files\SpywareDetector\LiveUpdateSD.exe -AUTO []
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]
"nwiz"=nwiz.exe /install []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"EasyLinkAdvisor"=C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe [2007-03-15 454784]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE

C:\Documents and Settings\Calvin D Stone\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SYMTDI]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2008-11-23 14:04:24 ----D---- C:\WINDOWS\temp
2008-11-23 14:04:19 ----A---- C:\ComboFix.txt
2008-11-23 05:34:03 ----A---- C:\Boot.bak
2008-11-23 05:33:47 ----RASHD---- C:\cmdcons
2008-11-23 05:32:19 ----A---- C:\WINDOWS\zip.exe
2008-11-23 05:32:19 ----A---- C:\WINDOWS\SWREG.exe
2008-11-23 05:32:19 ----A---- C:\WINDOWS\sed.exe
2008-11-23 05:32:19 ----A---- C:\WINDOWS\NIRCMD.exe
2008-11-23 05:32:19 ----A---- C:\WINDOWS\grep.exe
2008-11-23 05:32:19 ----A---- C:\WINDOWS\fdsv.exe
2008-11-23 05:32:18 ----A---- C:\WINDOWS\VFIND.exe
2008-11-23 05:32:18 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-11-23 05:32:18 ----A---- C:\WINDOWS\SWSC.exe
2008-11-23 05:30:55 ----D---- C:\WINDOWS\ERDNT
2008-11-23 05:30:55 ----D---- C:\Qoobox
2008-11-22 14:37:15 ----D---- C:\Documents and Settings\Calvin D Stone\Application Data\Malwarebytes
2008-11-22 14:37:06 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-22 14:37:06 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-17 00:38:12 ----D---- C:\Program Files\trend micro
2008-11-17 00:38:11 ----D---- C:\rsit
2008-11-15 23:11:30 ----A---- C:\WINDOWS\system32\6361d4d7-.txt
2008-11-13 03:01:38 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-13 03:01:30 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-13 03:01:18 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-13 03:00:28 ----D---- C:\Program Files\MSXML 4.0
2008-11-05 03:01:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-11-04 19:34:21 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-04 19:34:21 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-04 15:25:09 ----A---- C:\WINDOWS\system32\ProxySettings.ini
2008-11-04 15:25:08 ----A---- C:\WINDOWS\system32\SDEarlyDelete.ini
2008-11-04 15:25:08 ----A---- C:\WINDOWS\system32\SDEarlyDelete.exe
2008-11-04 15:24:47 ----A---- C:\WINDOWS\system32\CheckDll.dll
2008-11-04 15:24:43 ----D---- C:\Program Files\SpywareDetector
2008-11-04 01:00:55 ----A---- C:\WINDOWS\OEWABLog.txt
2008-11-04 01:00:30 ----D---- C:\WINDOWS\Prefetch
2008-11-04 00:49:20 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-11-04 00:49:10 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-11-04 00:48:58 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-11-04 00:48:47 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-11-04 00:48:35 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-11-04 00:48:21 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-11-04 00:48:08 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-11-04 00:47:54 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-11-04 00:47:43 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-11-04 00:47:34 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-11-04 00:47:23 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-11-04 00:47:10 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-11-04 00:47:00 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-11-04 00:46:50 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-11-04 00:46:35 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-11-04 00:46:25 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-11-04 00:42:36 ----A---- C:\WINDOWS\setuplog.txt
2008-11-04 00:41:00 ----D---- C:\WINDOWS\system32\scripting
2008-11-04 00:40:59 ----D---- C:\WINDOWS\l2schemas
2008-11-04 00:40:58 ----D---- C:\WINDOWS\system32\en
2008-11-04 00:40:57 ----D---- C:\WINDOWS\system32\bits
2008-11-04 00:36:18 ----D---- C:\WINDOWS\ServicePackFiles
2008-11-04 00:27:09 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-11-03 19:54:33 ----D---- C:\WINDOWS\pss
2008-11-03 00:01:00 ----D---- C:\Program Files\SpyHunter
2008-11-02 19:27:11 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-24 02:00:57 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$

======List of files/folders modified in the last 1 months======

2008-11-23 14:04:26 ----D---- C:\WINDOWS\system32
2008-11-23 14:04:24 ----SHD---- C:\RECYCLER
2008-11-23 14:04:24 ----D---- C:\WINDOWS
2008-11-23 14:03:08 ----A---- C:\WINDOWS\system.ini
2008-11-23 14:02:28 ----D---- C:\WINDOWS\system32\drivers
2008-11-23 14:02:27 ----D---- C:\Program Files\Common Files
2008-11-23 14:02:26 ----D---- C:\WINDOWS\AppPatch
2008-11-23 14:00:17 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-23 12:34:58 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-11-23 05:44:04 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-23 05:43:58 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-23 05:40:05 ----D---- C:\WINDOWS\system32\config
2008-11-23 05:34:03 ----RASH---- C:\boot.ini
2008-11-22 17:59:49 ----RD---- C:\Program Files
2008-11-22 14:01:04 ----A---- C:\WINDOWS\win.ini
2008-11-18 16:35:06 ----D---- C:\Program Files\LimeWire
2008-11-18 16:34:58 ----D---- C:\Program Files\Azureus
2008-11-16 03:05:01 ----D---- C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-11-16 03:04:59 ----D---- C:\Documents and Settings\Calvin D Stone\Application Data\PlayFirst
2008-11-16 03:02:42 ----D---- C:\Program Files\Yahoo! Games
2008-11-16 02:42:23 ----D---- C:\Documents and Settings\Calvin D Stone\Application Data\LimeWire
2008-11-15 22:10:10 ----D---- C:\Documents and Settings
2008-11-13 03:01:43 ----HD---- C:\WINDOWS\inf
2008-11-13 03:01:37 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-13 03:01:35 ----A---- C:\WINDOWS\imsins.BAK
2008-11-13 03:00:30 ----SHD---- C:\WINDOWS\Installer
2008-11-13 03:00:29 ----D---- C:\WINDOWS\WinSxS
2008-11-06 23:26:36 ----D---- C:\WINDOWS\system32\wbem
2008-11-06 23:26:36 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-06 23:26:30 ----SD---- C:\Documents and Settings\Calvin D Stone\Application Data\Microsoft
2008-11-06 21:57:12 ----A---- C:\WINDOWS\NeroDigital.ini
2008-11-04 20:14:31 ----A---- C:\WINDOWS\wininit.ini
2008-11-04 20:09:36 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-04 15:25:52 ----D---- C:\WINDOWS\system
2008-11-04 01:01:28 ----D---- C:\WINDOWS\Debug
2008-11-04 01:00:07 ----D---- C:\WINDOWS\system32\Setup
2008-11-04 01:00:07 ----D---- C:\WINDOWS\ime
2008-11-04 01:00:05 ----RSD---- C:\WINDOWS\Fonts
2008-11-04 01:00:03 ----D---- C:\WINDOWS\security
2008-11-04 00:50:05 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-04 00:46:37 ----D---- C:\Program Files\Messenger
2008-11-04 00:41:24 ----D---- C:\WINDOWS\system32\inetsrv
2008-11-04 00:41:24 ----D---- C:\WINDOWS\network diagnostic
2008-11-04 00:41:24 ----D---- C:\WINDOWS\Help
2008-11-04 00:41:01 ----D---- C:\WINDOWS\system32\usmt
2008-11-04 00:41:01 ----D---- C:\WINDOWS\system32\en-US
2008-11-04 00:40:57 ----D---- C:\WINDOWS\PeerNet
2008-11-04 00:40:57 ----D---- C:\Program Files\Movie Maker
2008-11-04 00:36:03 ----D---- C:\WINDOWS\system32\Restore
2008-11-04 00:36:03 ----D---- C:\WINDOWS\system32\npp
2008-11-04 00:36:03 ----D---- C:\WINDOWS\mui
2008-11-04 00:36:01 ----D---- C:\WINDOWS\msagent
2008-11-04 00:35:59 ----D---- C:\WINDOWS\srchasst
2008-11-04 00:35:58 ----D---- C:\Program Files\NetMeeting
2008-11-04 00:35:55 ----D---- C:\WINDOWS\system32\Com
2008-11-04 00:35:51 ----D---- C:\Program Files\Windows Media Player
2008-11-04 00:35:50 ----D---- C:\Program Files\Windows NT
2008-11-04 00:35:50 ----D---- C:\Program Files\Outlook Express
2008-11-04 00:35:44 ----D---- C:\Program Files\Common Files\System
2008-11-04 00:35:10 ----D---- C:\WINDOWS\system32\oobe
2008-11-04 00:30:58 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-11-04 00:27:07 ----D---- C:\WINDOWS\ehome
2008-11-03 19:10:25 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-13 37760]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R2 elagopro;GoProto Protocol Driver for LELA; C:\WINDOWS\system32\DRIVERS\elagopro.sys [2007-03-22 28672]
R2 elaunidr;UniDriver for LELA; C:\WINDOWS\system32\DRIVERS\elaunidr.sys [2007-03-22 5376]
R2 SAVRTPEL;SAVRTPEL; \??\C:\WINDOWS\system32\Drivers\SAVRTPEL.SYS []
R2 SYMTDI;SYMTDI; \??\C:\WINDOWS\system32\Drivers\SYMTDI.SYS []
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ctljystk;Creative SBLive! Gameport; C:\WINDOWS\system32\DRIVERS\ctljystk.sys [2001-08-17 3712]
R3 emu10k;Creative SB Live! (WDM); C:\WINDOWS\system32\drivers\emu10k1m.sys [2001-08-17 283904]
R3 emu10k1;Creative Interface Manager Driver (WDM); C:\WINDOWS\system32\drivers\ctlfacem.sys [2001-08-17 6912]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080430.017\NAVENG.Sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080430.017\NavEx15.Sys []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NPDriver;Norton Unerase Protection Driver; \??\C:\WINDOWS\system32\Drivers\NPDRIVER.SYS []
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-02 6554496]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 SAVRT;SAVRT; \??\C:\WINDOWS\system32\Drivers\SAVRT.SYS []
R3 sfman;Creative SoundFont Manager Driver (WDM); C:\WINDOWS\system32\drivers\sfmanm.sys [2001-08-17 36480]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; \??\C:\WINDOWS\system32\Drivers\SYMREDRV.SYS []
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S2 npkcrypt;npkcrypt; \??\C:\Nexon\MapleStory\npkcrypt.sys []
S3 av48twop;av48twop; C:\WINDOWS\system32\drivers\av48twop.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-10-27 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-10-27 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-21 21568]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 npkcusb;npkcusb; \??\C:\Nexon\MapleStory\npkcusb.sys []
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-06-28 106496]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2002-08-08 308936]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NProtectService;Norton Unerase Protection; C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE [2002-08-14 135168]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-02 159812]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
R2 SymWSC;SymWMI Service; C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe [2004-11-02 316544]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2007-07-10 501048]
R3 navapsvc;Norton AntiVirus Auto Protect Service; C:\Program Files\Norton AntiVirus\navapsvc.exe [2002-11-14 116336]
S2 SBService;ScriptBlocking Service; C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe [2001-08-13 54408]
S2 SDService;SDService; C:\Program Files\SpywareDetector\SDService.exe []
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-05-06 72704]
S3 ccPwdSvc;Symantec Password Validation Service; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2002-08-19 63176]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

Combofix Log

N_Cobb
2008-11-23, 21:17
Rsmit
Logfile of random's system information tool 1.04 (written by random/random)
Run by Calvin D Stone at 2008-11-23 14:14:17
Microsoft Windows XP Professional Service Pack 3
System drive C: has 11 GB (28%) free of 40 GB
Total RAM: 511 MB (32% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:14:26 PM, on 11/23/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Calvin D Stone\Desktop\RSIT.exe
C:\Program Files\trend micro\Calvin D Stone.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: {6637ec05-583e-61e8-9194-3b001eb82459} - {95428be1-00b3-4919-8e16-e38550ce7366} - C:\WINDOWS\system32\vvvdgq.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SDActiveMonitor] C:\Program Files\SpywareDetector\SDActiveMonitor.exe -AUTO
O4 - HKLM\..\Run: [SDAutoLiveupdate] C:\Program Files\SpywareDetector\LiveUpdateSD.exe -AUTO
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SDService - Unknown owner - C:\Program Files\SpywareDetector\SDService.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 8105 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
C:\WINDOWS\tasks\Symantec NetDetect.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2007-12-18 817936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95428be1-00b3-4919-8e16-e38550ce7366}]
C:\WINDOWS\system32\vvvdgq.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Norton AntiVirus - C:\Program Files\Norton AntiVirus\NavShExt.dll [2002-11-15 112248]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2002-08-19 50880]
"ccRegVfy"=C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe [2002-08-19 34504]
"Advanced Tools Check"=C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE [2002-08-26 79480]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"=C:\Program Files\Google\Gmail Notifier\gnotify.exe [2005-07-15 479232]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-06-29 286720]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2007-07-10 270648]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-02 13529088]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-02 86016]
"SDActiveMonitor"=C:\Program Files\SpywareDetector\SDActiveMonitor.exe -AUTO []
"SDAutoLiveupdate"=C:\Program Files\SpywareDetector\LiveUpdateSD.exe -AUTO []
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]
"nwiz"=nwiz.exe /install []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"EasyLinkAdvisor"=C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe [2007-03-15 454784]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE

C:\Documents and Settings\Calvin D Stone\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SYMTDI]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2008-11-23 14:04:24 ----D---- C:\WINDOWS\temp
2008-11-23 14:04:19 ----A---- C:\ComboFix.txt
2008-11-23 05:34:03 ----A---- C:\Boot.bak
2008-11-23 05:33:47 ----RASHD---- C:\cmdcons
2008-11-23 05:32:19 ----A---- C:\WINDOWS\zip.exe
2008-11-23 05:32:19 ----A---- C:\WINDOWS\SWREG.exe
2008-11-23 05:32:19 ----A---- C:\WINDOWS\sed.exe
2008-11-23 05:32:19 ----A---- C:\WINDOWS\NIRCMD.exe
2008-11-23 05:32:19 ----A---- C:\WINDOWS\grep.exe
2008-11-23 05:32:19 ----A---- C:\WINDOWS\fdsv.exe
2008-11-23 05:32:18 ----A---- C:\WINDOWS\VFIND.exe
2008-11-23 05:32:18 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-11-23 05:32:18 ----A---- C:\WINDOWS\SWSC.exe
2008-11-23 05:30:55 ----D---- C:\WINDOWS\ERDNT
2008-11-23 05:30:55 ----D---- C:\Qoobox
2008-11-22 14:37:15 ----D---- C:\Documents and Settings\Calvin D Stone\Application Data\Malwarebytes
2008-11-22 14:37:06 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-22 14:37:06 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-17 00:38:12 ----D---- C:\Program Files\trend micro
2008-11-17 00:38:11 ----D---- C:\rsit
2008-11-15 23:11:30 ----A---- C:\WINDOWS\system32\6361d4d7-.txt
2008-11-13 03:01:38 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-13 03:01:30 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-13 03:01:18 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-13 03:00:28 ----D---- C:\Program Files\MSXML 4.0
2008-11-05 03:01:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-11-04 19:34:21 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-04 19:34:21 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-04 15:25:09 ----A---- C:\WINDOWS\system32\ProxySettings.ini
2008-11-04 15:25:08 ----A---- C:\WINDOWS\system32\SDEarlyDelete.ini
2008-11-04 15:25:08 ----A---- C:\WINDOWS\system32\SDEarlyDelete.exe
2008-11-04 15:24:47 ----A---- C:\WINDOWS\system32\CheckDll.dll
2008-11-04 15:24:43 ----D---- C:\Program Files\SpywareDetector
2008-11-04 01:00:55 ----A---- C:\WINDOWS\OEWABLog.txt
2008-11-04 01:00:30 ----D---- C:\WINDOWS\Prefetch
2008-11-04 00:49:20 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-11-04 00:49:10 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-11-04 00:48:58 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-11-04 00:48:47 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-11-04 00:48:35 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-11-04 00:48:21 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-11-04 00:48:08 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-11-04 00:47:54 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-11-04 00:47:43 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-11-04 00:47:34 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-11-04 00:47:23 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-11-04 00:47:10 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-11-04 00:47:00 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-11-04 00:46:50 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-11-04 00:46:35 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-11-04 00:46:25 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-11-04 00:42:36 ----A---- C:\WINDOWS\setuplog.txt
2008-11-04 00:41:00 ----D---- C:\WINDOWS\system32\scripting
2008-11-04 00:40:59 ----D---- C:\WINDOWS\l2schemas
2008-11-04 00:40:58 ----D---- C:\WINDOWS\system32\en
2008-11-04 00:40:57 ----D---- C:\WINDOWS\system32\bits
2008-11-04 00:36:18 ----D---- C:\WINDOWS\ServicePackFiles
2008-11-04 00:27:09 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-11-03 19:54:33 ----D---- C:\WINDOWS\pss
2008-11-03 00:01:00 ----D---- C:\Program Files\SpyHunter
2008-11-02 19:27:11 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-24 02:00:57 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$

======List of files/folders modified in the last 1 months======

2008-11-23 14:04:26 ----D---- C:\WINDOWS\system32
2008-11-23 14:04:24 ----SHD---- C:\RECYCLER
2008-11-23 14:04:24 ----D---- C:\WINDOWS
2008-11-23 14:03:08 ----A---- C:\WINDOWS\system.ini
2008-11-23 14:02:28 ----D---- C:\WINDOWS\system32\drivers
2008-11-23 14:02:27 ----D---- C:\Program Files\Common Files
2008-11-23 14:02:26 ----D---- C:\WINDOWS\AppPatch
2008-11-23 14:00:17 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-23 12:34:58 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-11-23 05:44:04 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-23 05:43:58 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-23 05:40:05 ----D---- C:\WINDOWS\system32\config
2008-11-23 05:34:03 ----RASH---- C:\boot.ini
2008-11-22 17:59:49 ----RD---- C:\Program Files
2008-11-22 14:01:04 ----A---- C:\WINDOWS\win.ini
2008-11-18 16:35:06 ----D---- C:\Program Files\LimeWire
2008-11-18 16:34:58 ----D---- C:\Program Files\Azureus
2008-11-16 03:05:01 ----D---- C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-11-16 03:04:59 ----D---- C:\Documents and Settings\Calvin D Stone\Application Data\PlayFirst
2008-11-16 03:02:42 ----D---- C:\Program Files\Yahoo! Games
2008-11-16 02:42:23 ----D---- C:\Documents and Settings\Calvin D Stone\Application Data\LimeWire
2008-11-15 22:10:10 ----D---- C:\Documents and Settings
2008-11-13 03:01:43 ----HD---- C:\WINDOWS\inf
2008-11-13 03:01:37 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-13 03:01:35 ----A---- C:\WINDOWS\imsins.BAK
2008-11-13 03:00:30 ----SHD---- C:\WINDOWS\Installer
2008-11-13 03:00:29 ----D---- C:\WINDOWS\WinSxS
2008-11-06 23:26:36 ----D---- C:\WINDOWS\system32\wbem
2008-11-06 23:26:36 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-06 23:26:30 ----SD---- C:\Documents and Settings\Calvin D Stone\Application Data\Microsoft
2008-11-06 21:57:12 ----A---- C:\WINDOWS\NeroDigital.ini
2008-11-04 20:14:31 ----A---- C:\WINDOWS\wininit.ini
2008-11-04 20:09:36 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-04 15:25:52 ----D---- C:\WINDOWS\system
2008-11-04 01:01:28 ----D---- C:\WINDOWS\Debug
2008-11-04 01:00:07 ----D---- C:\WINDOWS\system32\Setup
2008-11-04 01:00:07 ----D---- C:\WINDOWS\ime
2008-11-04 01:00:05 ----RSD---- C:\WINDOWS\Fonts
2008-11-04 01:00:03 ----D---- C:\WINDOWS\security
2008-11-04 00:50:05 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-04 00:46:37 ----D---- C:\Program Files\Messenger
2008-11-04 00:41:24 ----D---- C:\WINDOWS\system32\inetsrv
2008-11-04 00:41:24 ----D---- C:\WINDOWS\network diagnostic
2008-11-04 00:41:24 ----D---- C:\WINDOWS\Help
2008-11-04 00:41:01 ----D---- C:\WINDOWS\system32\usmt
2008-11-04 00:41:01 ----D---- C:\WINDOWS\system32\en-US
2008-11-04 00:40:57 ----D---- C:\WINDOWS\PeerNet
2008-11-04 00:40:57 ----D---- C:\Program Files\Movie Maker
2008-11-04 00:36:03 ----D---- C:\WINDOWS\system32\Restore
2008-11-04 00:36:03 ----D---- C:\WINDOWS\system32\npp
2008-11-04 00:36:03 ----D---- C:\WINDOWS\mui
2008-11-04 00:36:01 ----D---- C:\WINDOWS\msagent
2008-11-04 00:35:59 ----D---- C:\WINDOWS\srchasst
2008-11-04 00:35:58 ----D---- C:\Program Files\NetMeeting
2008-11-04 00:35:55 ----D---- C:\WINDOWS\system32\Com
2008-11-04 00:35:51 ----D---- C:\Program Files\Windows Media Player
2008-11-04 00:35:50 ----D---- C:\Program Files\Windows NT
2008-11-04 00:35:50 ----D---- C:\Program Files\Outlook Express
2008-11-04 00:35:44 ----D---- C:\Program Files\Common Files\System
2008-11-04 00:35:10 ----D---- C:\WINDOWS\system32\oobe
2008-11-04 00:30:58 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-11-04 00:27:07 ----D---- C:\WINDOWS\ehome
2008-11-03 19:10:25 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-13 37760]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R2 elagopro;GoProto Protocol Driver for LELA; C:\WINDOWS\system32\DRIVERS\elagopro.sys [2007-03-22 28672]
R2 elaunidr;UniDriver for LELA; C:\WINDOWS\system32\DRIVERS\elaunidr.sys [2007-03-22 5376]
R2 SAVRTPEL;SAVRTPEL; \??\C:\WINDOWS\system32\Drivers\SAVRTPEL.SYS []
R2 SYMTDI;SYMTDI; \??\C:\WINDOWS\system32\Drivers\SYMTDI.SYS []
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ctljystk;Creative SBLive! Gameport; C:\WINDOWS\system32\DRIVERS\ctljystk.sys [2001-08-17 3712]
R3 emu10k;Creative SB Live! (WDM); C:\WINDOWS\system32\drivers\emu10k1m.sys [2001-08-17 283904]
R3 emu10k1;Creative Interface Manager Driver (WDM); C:\WINDOWS\system32\drivers\ctlfacem.sys [2001-08-17 6912]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080430.017\NAVENG.Sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080430.017\NavEx15.Sys []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NPDriver;Norton Unerase Protection Driver; \??\C:\WINDOWS\system32\Drivers\NPDRIVER.SYS []
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-02 6554496]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 SAVRT;SAVRT; \??\C:\WINDOWS\system32\Drivers\SAVRT.SYS []
R3 sfman;Creative SoundFont Manager Driver (WDM); C:\WINDOWS\system32\drivers\sfmanm.sys [2001-08-17 36480]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; \??\C:\WINDOWS\system32\Drivers\SYMREDRV.SYS []
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S2 npkcrypt;npkcrypt; \??\C:\Nexon\MapleStory\npkcrypt.sys []
S3 av48twop;av48twop; C:\WINDOWS\system32\drivers\av48twop.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-10-27 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-10-27 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-21 21568]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 npkcusb;npkcusb; \??\C:\Nexon\MapleStory\npkcusb.sys []
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-06-28 106496]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2002-08-08 308936]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NProtectService;Norton Unerase Protection; C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE [2002-08-14 135168]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-02 159812]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
R2 SymWSC;SymWMI Service; C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe [2004-11-02 316544]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2007-07-10 501048]
R3 navapsvc;Norton AntiVirus Auto Protect Service; C:\Program Files\Norton AntiVirus\navapsvc.exe [2002-11-14 116336]
S2 SBService;ScriptBlocking Service; C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe [2001-08-13 54408]
S2 SDService;SDService; C:\Program Files\SpywareDetector\SDService.exe []
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-05-06 72704]
S3 ccPwdSvc;Symantec Password Validation Service; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2002-08-19 63176]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

Combofix Log

ComboFix 08-11-22.02 - Calvin D Stone 2008-11-23 14:00:41.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.192 [GMT -5:00]
Running from: c:\documents and settings\Calvin D Stone\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\Calvin D Stone\Local Settings\Temporary Internet Files\CPV.stt
c:\documents and settings\Calvin D Stone\Local Settings\Temporary Internet Files\fbk.sts
c:\documents and settings\Calvin D Stone\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat
c:\windows\IE4 Error Log.txt
c:\windows\system32\aqjmej.dll
c:\windows\system32\bmwgmtsw.ini
c:\windows\system32\cvyhsedy.dll
c:\windows\system32\gajaxkgw.dll
c:\windows\system32\kebnitlq.dll
c:\windows\system32\toqbzn.dll
c:\windows\system32\vjfvlo.dll
c:\windows\wiaserviv.log

.
((((((((((((((((((((((((( Files Created from 2008-10-23 to 2008-11-23 )))))))))))))))))))))))))))))))
.

2008-11-22 14:37 . 2008-11-22 14:37 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-22 14:37 . 2008-11-22 14:37 <DIR> d-------- c:\documents and settings\Calvin D Stone\Application Data\Malwarebytes
2008-11-22 14:37 . 2008-11-22 14:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-22 14:37 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-22 14:37 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-17 00:38 . 2008-11-17 00:38 <DIR> d-------- C:\rsit
2008-11-17 00:38 . 2008-11-22 18:02 <DIR> d-------- c:\program files\trend micro
2008-11-15 22:10 . 2008-11-15 22:10 <DIR> d-------- c:\documents and settings\Administrator
2008-11-15 22:03 . 2008-11-15 22:03 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\GetModule
2008-11-15 22:03 . 2008-11-22 14:00 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\gadcom
2008-11-13 03:00 . 2008-11-13 03:00 <DIR> d-------- c:\program files\MSXML 4.0
2008-11-12 23:29 . 2008-09-04 12:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 23:29 . 2008-10-24 06:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-04 19:34 . 2008-11-22 13:47 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-11-04 19:34 . 2008-11-23 05:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-04 15:25 . 2008-10-23 10:00 12,752 --a------ c:\windows\system32\SDEarlyDelete.exe
2008-11-04 15:25 . 2008-11-04 15:25 110 --a------ c:\windows\system32\SDEarlyDelete.ini
2008-11-04 15:25 . 2005-02-06 09:02 104 --a------ c:\windows\system32\ProxySettings.ini
2008-11-04 15:25 . 2008-11-04 15:58 63 --a------ c:\windows\system\SysSD.dll
2008-11-04 15:24 . 2008-11-04 20:14 <DIR> d-------- c:\program files\SpywareDetector
2008-11-04 15:24 . 2008-09-23 09:14 921,600 --a------ c:\windows\system32\CheckDll.dll
2008-11-04 00:41 . 2008-11-04 00:41 <DIR> d-------- c:\windows\system32\scripting
2008-11-04 00:40 . 2008-11-04 00:40 <DIR> d-------- c:\windows\system32\en
2008-11-04 00:40 . 2008-11-04 00:40 <DIR> d-------- c:\windows\system32\bits
2008-11-04 00:40 . 2008-11-04 00:40 <DIR> d-------- c:\windows\l2schemas
2008-11-04 00:36 . 2008-11-04 00:41 <DIR> d-------- c:\windows\ServicePackFiles
2008-11-03 00:01 . 2008-11-04 14:39 <DIR> d-------- c:\program files\SpyHunter
2008-11-02 19:27 . 2008-11-02 19:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-10-23 13:19 . 2008-10-15 11:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-23 17:34 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-18 21:35 --------- d-----w c:\program files\LimeWire
2008-11-18 21:34 --------- d-----w c:\program files\Azureus
2008-11-16 08:05 --------- d-----w c:\documents and settings\All Users\Application Data\PlayFirst
2008-11-16 08:04 --------- d-----w c:\documents and settings\Calvin D Stone\Application Data\PlayFirst
2008-11-16 08:02 --------- d-----w c:\program files\Yahoo! Games
2008-11-16 07:42 --------- d-----w c:\documents and settings\Calvin D Stone\Application Data\LimeWire
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-27 02:05 40,960 --sha-r c:\windows\system32\Kcrnad1Drv.dll
2008-08-26 07:24 826,368 ----a-w c:\windows\system32\wininet.dll
2007-05-06 23:12 32 --sha-w c:\windows\{61F619DA-22AC-4292-B9C2-AFDB35602C2A}.dat
1990-01-01 01:01 40,960 --sha-r c:\windows\system32\KcrnadDrv.dll
2007-05-06 23:12 32 --sha-w c:\windows\system32\{B26B46C6-58DB-4524-BBB8-8751C8C59929}.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95428be1-00b3-4919-8e16-e38550ce7366}]
c:\windows\system32\vvvdgq.dll [BU]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 454784]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2002-08-19 50880]
"ccRegVfy"="c:\program files\Common Files\Symantec Shared\ccRegVfy.exe" [2002-08-19 34504]
"Advanced Tools Check"="c:\progra~1\NORTON~1\AdvTools\ADVCHK.EXE" [2002-08-26 79480]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-07-10 270648]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-02 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-02 86016]
"SDActiveMonitor"="c:\program files\SpywareDetector\SDActiveMonitor.exe" [BU]
"SDAutoLiveupdate"="c:\program files\SpywareDetector\LiveUpdateSD.exe" [BU]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"nwiz"="nwiz.exe" [2008-05-02 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [2002-08-07 54936]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]

c:\documents and settings\Calvin D Stone\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2007-05-06 106560]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i263_32.drv
"aux"= ctwdm32.dll
"msacm.g723"= g723.acm
"vidc.I263"= I263_32.drv
"VIDC.HFYU"= huffyuv.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"60440:TCP"= 60440:TCP:*:Disabled:SolidNetworkManager
"60440:UDP"= 60440:UDP:*:Disabled:SolidNetworkManager

R0 sojubus;sojubus;c:\windows\system32\DRIVERS\sojubus.sys [2003-10-05 123520]
R0 sojuscsi;sojuscsi;c:\windows\system32\DRIVERS\sojuscsi.sys [2003-09-28 5504]
.
Contents of the 'Scheduled Tasks' folder

2008-11-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 14:42]

2008-11-22 c:\windows\Tasks\Norton AntiVirus - Scan my computer.job
- c:\progra~1\NORTON~1\NAVW32.exe [2002-11-14 19:31]

2008-11-23 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2002-08-07 08:04]
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{DB0A0B68-2F3C-51D2-A901-9381E136D21A} - (no file)
MSConfigStartUp-ares - c:\program files\Ares\Ares.exe
MSConfigStartUp-DAEMON Tools Lite - c:\documents and settings\Calvin D Stone\Desktop\documents i've saved on desktop\DAEMON Tools Lite\daemon.exe



**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-23 14:03:05
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(592)
c:\windows\system32\WgaLogon.dll
.
Completion time: 2008-11-23 14:04:18
ComboFix-quarantined-files.txt 2008-11-23 19:04:07

Pre-Run: 11,658,948,608 bytes free
Post-Run: 11,655,909,376 bytes free

168 --- E O F --- 2008-11-13 08:04:29

Shaba
2008-11-23, 21:27
Download beep.sys from here (http://andymanchesta.com/Files/XP/beep.sys) and save it to C:\WINDOWS\system32\drivers
C:\WINDOWS\system32\dllcache folders.

After that:

Open notepad and copy/paste the text in the codebox below into it:


Folder::
C:\Program Files\LimeWire
C:\Program Files\Azureus



Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

N_Cobb
2008-11-24, 00:48
i don't see a dllcache folder in the system32 folder of windows

Shaba
2008-11-24, 11:23
Yes it is hidden by default.

See here (http://www.bleepingcomputer.com/tutorials/tutorial62.html#winxp) and post back if you are now able to find that folder.

N_Cobb
2008-11-24, 23:41
ComboFix 08-11-22.02 - Calvin D Stone 2008-11-24 16:41:58.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.223 [GMT -5:00]
Running from: c:\documents and settings\Calvin D Stone\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Calvin D Stone\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Azureus
c:\program files\Azureus\AzureusUpdater.exe
c:\program files\LimeWire
c:\program files\LimeWire\hs_err_pid3088.log
c:\program files\LimeWire\hs_err_pid3436.log
c:\program files\LimeWire\hs_err_pid3500.log
c:\program files\LimeWire\hs_err_pid3616.log
c:\program files\LimeWire\hs_err_pid3628.log
c:\program files\LimeWire\hs_err_pid3872.log
c:\program files\LimeWire\hs_err_pid468.log
c:\program files\LimeWire\hs_err_pid5752.log
c:\program files\LimeWire\hs_err_pid7952.log
c:\program files\LimeWire\hs_err_pid9732.log
c:\program files\LimeWire\hs_err_pid980.log

.
((((((((((((((((((((((((( Files Created from 2008-10-24 to 2008-11-24 )))))))))))))))))))))))))))))))
.

2008-11-23 17:50 . 2008-11-24 16:39 4,224 --a------ c:\windows\system32\drivers\beep.sys
2008-11-23 17:50 . 2008-11-24 16:39 4,224 --a--c--- c:\windows\system32\dllcache\beep.sys
2008-11-22 14:37 . 2008-11-22 14:37 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-22 14:37 . 2008-11-22 14:37 <DIR> d-------- c:\documents and settings\Calvin D Stone\Application Data\Malwarebytes
2008-11-22 14:37 . 2008-11-22 14:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-22 14:37 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-22 14:37 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-17 00:38 . 2008-11-17 00:38 <DIR> d-------- C:\rsit
2008-11-17 00:38 . 2008-11-23 14:14 <DIR> d-------- c:\program files\trend micro
2008-11-15 22:10 . 2008-11-15 22:10 <DIR> d-------- c:\documents and settings\Administrator
2008-11-15 22:03 . 2008-11-15 22:03 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\GetModule
2008-11-15 22:03 . 2008-11-22 14:00 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\gadcom
2008-11-13 03:00 . 2008-11-13 03:00 <DIR> d-------- c:\program files\MSXML 4.0
2008-11-12 23:29 . 2008-09-04 12:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 23:29 . 2008-10-24 06:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-04 19:34 . 2008-11-22 13:47 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-11-04 19:34 . 2008-11-23 05:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-04 15:25 . 2008-10-23 10:00 12,752 --a------ c:\windows\system32\SDEarlyDelete.exe
2008-11-04 15:25 . 2008-11-04 15:25 110 --a------ c:\windows\system32\SDEarlyDelete.ini
2008-11-04 15:25 . 2005-02-06 09:02 104 --a------ c:\windows\system32\ProxySettings.ini
2008-11-04 15:25 . 2008-11-04 15:58 63 --a------ c:\windows\system\SysSD.dll
2008-11-04 15:24 . 2008-11-04 20:14 <DIR> d-------- c:\program files\SpywareDetector
2008-11-04 15:24 . 2008-09-23 09:14 921,600 --a------ c:\windows\system32\CheckDll.dll
2008-11-04 00:41 . 2008-11-04 00:41 <DIR> d-------- c:\windows\system32\scripting
2008-11-04 00:40 . 2008-11-04 00:40 <DIR> d-------- c:\windows\system32\en
2008-11-04 00:40 . 2008-11-04 00:40 <DIR> d-------- c:\windows\system32\bits
2008-11-04 00:40 . 2008-11-04 00:40 <DIR> d-------- c:\windows\l2schemas
2008-11-04 00:36 . 2008-11-04 00:41 <DIR> d-------- c:\windows\ServicePackFiles
2008-11-03 00:01 . 2008-11-04 14:39 <DIR> d-------- c:\program files\SpyHunter
2008-11-02 19:27 . 2008-11-02 19:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-23 17:34 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-16 08:05 --------- d-----w c:\documents and settings\All Users\Application Data\PlayFirst
2008-11-16 08:04 --------- d-----w c:\documents and settings\Calvin D Stone\Application Data\PlayFirst
2008-11-16 08:02 --------- d-----w c:\program files\Yahoo! Games
2008-11-16 07:42 --------- d-----w c:\documents and settings\Calvin D Stone\Application Data\LimeWire
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-27 02:05 40,960 --sha-r c:\windows\system32\Kcrnad1Drv.dll
2008-08-26 07:24 826,368 ----a-w c:\windows\system32\wininet.dll
2007-05-06 23:12 32 --sha-w c:\windows\{61F619DA-22AC-4292-B9C2-AFDB35602C2A}.dat
1990-01-01 01:01 40,960 --sha-r c:\windows\system32\KcrnadDrv.dll
2007-05-06 23:12 32 --sha-w c:\windows\system32\{B26B46C6-58DB-4524-BBB8-8751C8C59929}.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95428be1-00b3-4919-8e16-e38550ce7366}]
c:\windows\system32\vvvdgq.dll [BU]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 454784]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2002-08-19 50880]
"ccRegVfy"="c:\program files\Common Files\Symantec Shared\ccRegVfy.exe" [2002-08-19 34504]
"Advanced Tools Check"="c:\progra~1\NORTON~1\AdvTools\ADVCHK.EXE" [2002-08-26 79480]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-07-10 270648]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-02 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-02 86016]
"SDActiveMonitor"="c:\program files\SpywareDetector\SDActiveMonitor.exe" [BU]
"SDAutoLiveupdate"="c:\program files\SpywareDetector\LiveUpdateSD.exe" [BU]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"nwiz"="nwiz.exe" [2008-05-02 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [2002-08-07 54936]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]

c:\documents and settings\Calvin D Stone\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2007-05-06 106560]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i263_32.drv
"aux"= ctwdm32.dll
"msacm.g723"= g723.acm
"vidc.I263"= I263_32.drv
"VIDC.HFYU"= huffyuv.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"60440:TCP"= 60440:TCP:*:Disabled:SolidNetworkManager
"60440:UDP"= 60440:UDP:*:Disabled:SolidNetworkManager

R0 sojubus;sojubus;c:\windows\system32\DRIVERS\sojubus.sys [2003-10-05 123520]
R0 sojuscsi;sojuscsi;c:\windows\system32\DRIVERS\sojuscsi.sys [2003-09-28 5504]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder

2008-11-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 14:42]

2008-11-22 c:\windows\Tasks\Norton AntiVirus - Scan my computer.job
- c:\progra~1\NORTON~1\NAVW32.exe [2002-11-14 19:31]

2008-11-24 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2002-08-07 08:04]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-24 16:44:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(592)
c:\windows\system32\WgaLogon.dll
.
Completion time: 2008-11-24 16:45:43
ComboFix-quarantined-files.txt 2008-11-24 21:45:23
ComboFix2.txt 2008-11-23 19:04:19

Pre-Run: 11,186,896,896 bytes free
Post-Run: 11,601,367,040 bytes free

166 --- E O F --- 2008-11-13 08:04:29



Logfile of random's system information tool 1.04 (written by random/random)
Run by Calvin D Stone at 2008-11-24 16:46:55
Microsoft Windows XP Professional Service Pack 3
System drive C: has 11 GB (28%) free of 40 GB
Total RAM: 511 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:47:03 PM, on 11/24/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Calvin D Stone\Desktop\RSIT.exe
C:\Program Files\trend micro\Calvin D Stone.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: {6637ec05-583e-61e8-9194-3b001eb82459} - {95428be1-00b3-4919-8e16-e38550ce7366} - C:\WINDOWS\system32\vvvdgq.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SDActiveMonitor] C:\Program Files\SpywareDetector\SDActiveMonitor.exe -AUTO
O4 - HKLM\..\Run: [SDAutoLiveupdate] C:\Program Files\SpywareDetector\LiveUpdateSD.exe -AUTO
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SDService - Unknown owner - C:\Program Files\SpywareDetector\SDService.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 8082 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
C:\WINDOWS\tasks\Symantec NetDetect.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2007-12-18 817936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95428be1-00b3-4919-8e16-e38550ce7366}]
C:\WINDOWS\system32\vvvdgq.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Norton AntiVirus - C:\Program Files\Norton AntiVirus\NavShExt.dll [2002-11-15 112248]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2002-08-19 50880]
"ccRegVfy"=C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe [2002-08-19 34504]
"Advanced Tools Check"=C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE [2002-08-26 79480]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"=C:\Program Files\Google\Gmail Notifier\gnotify.exe [2005-07-15 479232]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-06-29 286720]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2007-07-10 270648]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-02 13529088]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-02 86016]
"SDActiveMonitor"=C:\Program Files\SpywareDetector\SDActiveMonitor.exe -AUTO []
"SDAutoLiveupdate"=C:\Program Files\SpywareDetector\LiveUpdateSD.exe -AUTO []
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]
"nwiz"=nwiz.exe /install []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"EasyLinkAdvisor"=C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe [2007-03-15 454784]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE

C:\Documents and Settings\Calvin D Stone\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SYMTDI]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2008-11-24 16:45:47 ----D---- C:\WINDOWS\temp
2008-11-24 16:45:45 ----A---- C:\ComboFix.txt
2008-11-23 05:34:03 ----A---- C:\Boot.bak
2008-11-23 05:33:47 ----RASHD---- C:\cmdcons
2008-11-23 05:32:19 ----A---- C:\WINDOWS\zip.exe
2008-11-23 05:32:19 ----A---- C:\WINDOWS\SWREG.exe
2008-11-23 05:32:19 ----A---- C:\WINDOWS\sed.exe
2008-11-23 05:32:19 ----A---- C:\WINDOWS\NIRCMD.exe
2008-11-23 05:32:19 ----A---- C:\WINDOWS\grep.exe
2008-11-23 05:32:19 ----A---- C:\WINDOWS\fdsv.exe
2008-11-23 05:32:18 ----A---- C:\WINDOWS\VFIND.exe
2008-11-23 05:32:18 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-11-23 05:32:18 ----A---- C:\WINDOWS\SWSC.exe
2008-11-23 05:30:55 ----D---- C:\WINDOWS\ERDNT
2008-11-23 05:30:55 ----D---- C:\Qoobox
2008-11-22 14:37:15 ----D---- C:\Documents and Settings\Calvin D Stone\Application Data\Malwarebytes
2008-11-22 14:37:06 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-22 14:37:06 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-17 00:38:12 ----D---- C:\Program Files\trend micro
2008-11-17 00:38:11 ----D---- C:\rsit
2008-11-15 23:11:30 ----A---- C:\WINDOWS\system32\6361d4d7-.txt
2008-11-13 03:01:38 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-13 03:01:30 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-13 03:01:18 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-13 03:00:28 ----D---- C:\Program Files\MSXML 4.0
2008-11-05 03:01:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-11-04 19:34:21 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-04 19:34:21 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-04 15:25:09 ----A---- C:\WINDOWS\system32\ProxySettings.ini
2008-11-04 15:25:08 ----A---- C:\WINDOWS\system32\SDEarlyDelete.ini
2008-11-04 15:25:08 ----A---- C:\WINDOWS\system32\SDEarlyDelete.exe
2008-11-04 15:24:47 ----A---- C:\WINDOWS\system32\CheckDll.dll
2008-11-04 15:24:43 ----D---- C:\Program Files\SpywareDetector
2008-11-04 01:00:55 ----A---- C:\WINDOWS\OEWABLog.txt
2008-11-04 01:00:30 ----D---- C:\WINDOWS\Prefetch
2008-11-04 00:49:20 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-11-04 00:49:10 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-11-04 00:48:58 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-11-04 00:48:47 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-11-04 00:48:35 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-11-04 00:48:21 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-11-04 00:48:08 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-11-04 00:47:54 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-11-04 00:47:43 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-11-04 00:47:34 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-11-04 00:47:23 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-11-04 00:47:10 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-11-04 00:47:00 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-11-04 00:46:50 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-11-04 00:46:35 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-11-04 00:46:25 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-11-04 00:42:36 ----A---- C:\WINDOWS\setuplog.txt
2008-11-04 00:41:00 ----D---- C:\WINDOWS\system32\scripting
2008-11-04 00:40:59 ----D---- C:\WINDOWS\l2schemas
2008-11-04 00:40:58 ----D---- C:\WINDOWS\system32\en
2008-11-04 00:40:57 ----D---- C:\WINDOWS\system32\bits
2008-11-04 00:36:18 ----D---- C:\WINDOWS\ServicePackFiles
2008-11-04 00:27:09 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-11-03 19:54:33 ----D---- C:\WINDOWS\pss
2008-11-03 00:01:00 ----D---- C:\Program Files\SpyHunter
2008-11-02 19:27:11 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft

======List of files/folders modified in the last 1 months======

2008-11-24 16:45:49 ----D---- C:\WINDOWS\system32
2008-11-24 16:45:47 ----SHD---- C:\RECYCLER
2008-11-24 16:45:47 ----D---- C:\WINDOWS
2008-11-24 16:44:38 ----A---- C:\WINDOWS\system.ini
2008-11-24 16:43:19 ----D---- C:\WINDOWS\system32\drivers
2008-11-24 16:43:18 ----D---- C:\WINDOWS\AppPatch
2008-11-24 16:43:18 ----D---- C:\Program Files\Common Files
2008-11-24 16:42:14 ----RD---- C:\Program Files
2008-11-24 16:41:23 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-24 16:39:53 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-24 15:16:25 ----D---- C:\WINDOWS\network diagnostic
2008-11-23 17:50:15 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-23 12:34:58 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-11-23 05:40:05 ----D---- C:\WINDOWS\system32\config
2008-11-23 05:34:03 ----RASH---- C:\boot.ini
2008-11-22 14:01:04 ----A---- C:\WINDOWS\win.ini
2008-11-16 03:05:01 ----D---- C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-11-16 03:04:59 ----D---- C:\Documents and Settings\Calvin D Stone\Application Data\PlayFirst
2008-11-16 03:02:42 ----D---- C:\Program Files\Yahoo! Games
2008-11-16 02:42:23 ----D---- C:\Documents and Settings\Calvin D Stone\Application Data\LimeWire
2008-11-15 22:10:10 ----D---- C:\Documents and Settings
2008-11-13 03:01:43 ----HD---- C:\WINDOWS\inf
2008-11-13 03:01:37 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-13 03:01:35 ----A---- C:\WINDOWS\imsins.BAK
2008-11-13 03:00:30 ----SHD---- C:\WINDOWS\Installer
2008-11-13 03:00:29 ----D---- C:\WINDOWS\WinSxS
2008-11-06 23:26:36 ----D---- C:\WINDOWS\system32\wbem
2008-11-06 23:26:36 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-06 23:26:30 ----SD---- C:\Documents and Settings\Calvin D Stone\Application Data\Microsoft
2008-11-06 21:57:12 ----A---- C:\WINDOWS\NeroDigital.ini
2008-11-04 20:14:31 ----A---- C:\WINDOWS\wininit.ini
2008-11-04 20:09:36 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-04 15:25:52 ----D---- C:\WINDOWS\system
2008-11-04 01:01:28 ----D---- C:\WINDOWS\Debug
2008-11-04 01:00:07 ----D---- C:\WINDOWS\system32\Setup
2008-11-04 01:00:07 ----D---- C:\WINDOWS\ime
2008-11-04 01:00:05 ----RSD---- C:\WINDOWS\Fonts
2008-11-04 01:00:03 ----D---- C:\WINDOWS\security
2008-11-04 00:50:05 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-04 00:46:37 ----D---- C:\Program Files\Messenger
2008-11-04 00:41:24 ----D---- C:\WINDOWS\system32\inetsrv
2008-11-04 00:41:24 ----D---- C:\WINDOWS\Help
2008-11-04 00:41:01 ----D---- C:\WINDOWS\system32\usmt
2008-11-04 00:41:01 ----D---- C:\WINDOWS\system32\en-US
2008-11-04 00:40:57 ----D---- C:\WINDOWS\PeerNet
2008-11-04 00:40:57 ----D---- C:\Program Files\Movie Maker
2008-11-04 00:36:03 ----D---- C:\WINDOWS\system32\Restore
2008-11-04 00:36:03 ----D---- C:\WINDOWS\system32\npp
2008-11-04 00:36:03 ----D---- C:\WINDOWS\mui
2008-11-04 00:36:01 ----D---- C:\WINDOWS\msagent
2008-11-04 00:35:59 ----D---- C:\WINDOWS\srchasst
2008-11-04 00:35:58 ----D---- C:\Program Files\NetMeeting
2008-11-04 00:35:55 ----D---- C:\WINDOWS\system32\Com
2008-11-04 00:35:51 ----D---- C:\Program Files\Windows Media Player
2008-11-04 00:35:50 ----D---- C:\Program Files\Windows NT
2008-11-04 00:35:50 ----D---- C:\Program Files\Outlook Express
2008-11-04 00:35:44 ----D---- C:\Program Files\Common Files\System
2008-11-04 00:35:10 ----D---- C:\WINDOWS\system32\oobe
2008-11-04 00:30:58 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-11-04 00:27:07 ----D---- C:\WINDOWS\ehome
2008-11-03 19:10:25 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-13 37760]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R2 elagopro;GoProto Protocol Driver for LELA; C:\WINDOWS\system32\DRIVERS\elagopro.sys [2007-03-22 28672]
R2 elaunidr;UniDriver for LELA; C:\WINDOWS\system32\DRIVERS\elaunidr.sys [2007-03-22 5376]
R2 SAVRTPEL;SAVRTPEL; \??\C:\WINDOWS\system32\Drivers\SAVRTPEL.SYS []
R2 SYMTDI;SYMTDI; \??\C:\WINDOWS\system32\Drivers\SYMTDI.SYS []
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ctljystk;Creative SBLive! Gameport; C:\WINDOWS\system32\DRIVERS\ctljystk.sys [2001-08-17 3712]
R3 emu10k;Creative SB Live! (WDM); C:\WINDOWS\system32\drivers\emu10k1m.sys [2001-08-17 283904]
R3 emu10k1;Creative Interface Manager Driver (WDM); C:\WINDOWS\system32\drivers\ctlfacem.sys [2001-08-17 6912]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080430.017\NAVENG.Sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080430.017\NavEx15.Sys []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NPDriver;Norton Unerase Protection Driver; \??\C:\WINDOWS\system32\Drivers\NPDRIVER.SYS []
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-02 6554496]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 SAVRT;SAVRT; \??\C:\WINDOWS\system32\Drivers\SAVRT.SYS []
R3 sfman;Creative SoundFont Manager Driver (WDM); C:\WINDOWS\system32\drivers\sfmanm.sys [2001-08-17 36480]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; \??\C:\WINDOWS\system32\Drivers\SYMREDRV.SYS []
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S2 npkcrypt;npkcrypt; \??\C:\Nexon\MapleStory\npkcrypt.sys []
S3 av48twop;av48twop; C:\WINDOWS\system32\drivers\av48twop.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-10-27 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-10-27 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-21 21568]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 npkcusb;npkcusb; \??\C:\Nexon\MapleStory\npkcusb.sys []
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-06-28 106496]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2002-08-08 308936]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NProtectService;Norton Unerase Protection; C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE [2002-08-14 135168]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-02 159812]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
R2 SymWSC;SymWMI Service; C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe [2004-11-02 316544]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2007-07-10 501048]
R3 navapsvc;Norton AntiVirus Auto Protect Service; C:\Program Files\Norton AntiVirus\navapsvc.exe [2002-11-14 116336]
S2 SBService;ScriptBlocking Service; C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe [2001-08-13 54408]
S2 SDService;SDService; C:\Program Files\SpywareDetector\SDService.exe []
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-05-06 72704]
S3 ccPwdSvc;Symantec Password Validation Service; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2002-08-19 63176]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

Shaba
2008-11-25, 11:23
Looks like it worked :)

You can now unhide those folders again.

Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply along with a fresh HijackThis log.

If you need a tutorial, see here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif)

N_Cobb
2008-11-28, 06:41
info.txt

info.txt logfile of random's system information tool 1.04 2008-11-27 23:45:43

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos 1.0-->MsiExec.exe /I{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}
Alcohol 120%-->MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
AOL Instant Messenger-->C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
Apple Mobile Device Support-->MsiExec.exe /I{A43B2A2F-1DB5-47F9-A608-F11A4835D7CB}
Apple Software Update-->MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
Canon Camera Support Core Library-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{A1D0D14A-B776-4907-BC00-5149F2298086} /l1033
Canon Camera Window DC_DV 5 for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}
Canon Camera Window DSLR 5 for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{0A146245-DB79-4197-BF5D-FE1A699A2CC7}
Canon Camera Window MC 5 for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{36C65B50-37BA-4467-AAD5-0523EFDF6F62}
Canon EOS 5D WIA Driver-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BB3AB664-D92B-4CB5-8B3E-D841841F4E68} /l1033
Canon PhotoRecord-->MsiExec.exe /X{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}
Canon RAW Image Task for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}
Canon Utilities Digital Photo Professional 2.0-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{17BF3045-AB1D-4048-8356-6C584B83565E} /l1033
Canon Utilities EOS Capture 1.5-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{589D17BB-C997-48C0-BCD2-CC8DC3375FE8}
Canon Utilities PhotoStitch 3.1-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}
Canon ZoomBrowser EX (E)-->MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
Cooking Dash (remove only)-->"C:\Program Files\Yahoo! Games\Cooking Dash\Uninstall.exe"
Diner Dash Flo Through Time (remove only)-->"C:\Program Files\Yahoo! Games\Diner Dash Flo Through Time\Uninstall.exe"
DivX 4.11 Codec-->"C:\Program Files\DivXCodec\uninstall.exe"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter-->C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Drivers Install For Linksys Easylink Advisor-->MsiExec.exe /I{A1960A82-DB70-474D-A86B-FA74466103C6}
EAX(tm) Unified (SHELL)-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative Labs\EAX(tm) Unified (SHELL)\Uninst.isu"
Flock (Photobucket Edition) 0.7-->C:\Program Files\Flock\uninst.exe
Google Gmail Notifier-->"C:\Program Files\Google\Gmail Notifier\UninstallGmail.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Photosmart, Officejet and Deskjet 7.0.A-->C:\Program Files\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe -datfile hposcr11.dat
HP Software Update-->MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP Solution Center 7.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
Huffyuv AVI lossless video codec (Remove Only)-->rundll.exe setupx.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\HUFFYUV.INF
Icy Tower v1.3.1-->"c:\games\icytower1.3\unins000.exe"
Indeo® Software-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Ligos\Indeo\Uninst.isu" -c"C:\Program Files\Ligos\Indeo\Indeo System Files\indounin.dll"
Intel A/V Codecs V2.0-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\system32\CDUninst.isu
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
iTunes-->MsiExec.exe /I{9357AE3A-B2ED-4138-BB9B-0564352C3F0A}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Jojo’s Fashion Show 2 - Las Cruces (remove only)-->"C:\Program Files\Yahoo! Games\Jojo’s Fashion Show 2 - Las Cruces\Uninstall.exe"
LexarMedia ImageRescue Software-->MsiExec.exe /X{8685BFA3-470B-4E20-A41F-A60BBD40E6E2}
Linksys EasyLink Advisor 1.6 (0044)-->rundll32 C:\PROGRA~1\LINKSY~1\AUInst.dll,ExUninstall
LiveReg (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.80 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero Suite-->C:\Program Files\Common Files\Ahead\Uninstall\Setup.exe /uninstall
Norton AntiVirus 2003 Professional Edition-->MsiExec.exe /I{F4C9398F-B6C6-4A4B-8B6D-795CD86F915D}
Norton WMI Update-->MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
Pro Media Director Version 1.1.1.1-->"C:\Program Files\Pelican Performance\Pro Media Director\unins000.exe"
QuickTime-->MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RescuePRO 3.2-->C:\WINDOWS\iun507.exe C:\Program Files\RescuePRO\irunin.ini
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
The Sims™ 2 Deluxe-->C:\Program Files\EA GAMES\The Sims 2 Deluxe\EAUninstall.exe
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Westwood Shared Internet Components-->C:\Westwood\Internet\UnstllAP.EXE
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Xvid 1.1.2 final uninstall-->"C:\Program Files\Xvid\unins000.exe"
Yahoo! ¤u¨ã¦C-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
Yahoo! Browser Services-->C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

======Security center information======

AV: Norton AntiVirus (disabled) (outdated)

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0a00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip

-----------------EOF-----------------


log.txt

Logfile of random's system information tool 1.04 (written by random/random)
Run by Calvin D Stone at 2008-11-27 23:45:31
Microsoft Windows XP Professional Service Pack 3
System drive C: has 10 GB (24%) free of 40 GB
Total RAM: 511 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:45:41 PM, on 11/27/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Calvin D Stone\Desktop\RSIT.exe
C:\Program Files\trend micro\Calvin D Stone.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: {6637ec05-583e-61e8-9194-3b001eb82459} - {95428be1-00b3-4919-8e16-e38550ce7366} - C:\WINDOWS\system32\vvvdgq.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SDActiveMonitor] C:\Program Files\SpywareDetector\SDActiveMonitor.exe -AUTO
O4 - HKLM\..\Run: [SDAutoLiveupdate] C:\Program Files\SpywareDetector\LiveUpdateSD.exe -AUTO
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SDService - Unknown owner - C:\Program Files\SpywareDetector\SDService.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 8085 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
C:\WINDOWS\tasks\Symantec NetDetect.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2007-12-18 817936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95428be1-00b3-4919-8e16-e38550ce7366}]
C:\WINDOWS\system32\vvvdgq.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Norton AntiVirus - C:\Program Files\Norton AntiVirus\NavShExt.dll [2002-11-15 112248]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2002-08-19 50880]
"ccRegVfy"=C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe [2002-08-19 34504]
"Advanced Tools Check"=C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE [2002-08-26 79480]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"=C:\Program Files\Google\Gmail Notifier\gnotify.exe [2005-07-15 479232]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-06-29 286720]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2007-07-10 270648]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-02 13529088]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-02 86016]
"SDActiveMonitor"=C:\Program Files\SpywareDetector\SDActiveMonitor.exe -AUTO []
"SDAutoLiveupdate"=C:\Program Files\SpywareDetector\LiveUpdateSD.exe -AUTO []
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]
"nwiz"=nwiz.exe /install []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"EasyLinkAdvisor"=C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe [2007-03-15 454784]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE

C:\Documents and Settings\Calvin D Stone\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SYMTDI]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2008-11-27 01:21:26 ----D---- C:\WINDOWS\LastGood
2008-11-24 16:45:47 ----D---- C:\WINDOWS\temp
2008-11-24 16:45:45 ----A---- C:\ComboFix.txt
2008-11-23 05:34:03 ----A---- C:\Boot.bak
2008-11-23 05:33:47 ----RASHD---- C:\cmdcons
2008-11-23 05:32:19 ----A---- C:\WINDOWS\zip.exe
2008-11-23 05:32:19 ----A---- C:\WINDOWS\SWREG.exe
2008-11-23 05:32:19 ----A---- C:\WINDOWS\sed.exe
2008-11-23 05:32:19 ----A---- C:\WINDOWS\NIRCMD.exe
2008-11-23 05:32:19 ----A---- C:\WINDOWS\grep.exe
2008-11-23 05:32:19 ----A---- C:\WINDOWS\fdsv.exe
2008-11-23 05:32:18 ----A---- C:\WINDOWS\VFIND.exe
2008-11-23 05:32:18 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-11-23 05:32:18 ----A---- C:\WINDOWS\SWSC.exe
2008-11-23 05:30:55 ----D---- C:\WINDOWS\ERDNT
2008-11-23 05:30:55 ----D---- C:\Qoobox
2008-11-22 14:37:15 ----D---- C:\Documents and Settings\Calvin D Stone\Application Data\Malwarebytes
2008-11-22 14:37:06 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-22 14:37:06 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-17 00:38:12 ----D---- C:\Program Files\trend micro
2008-11-17 00:38:11 ----D---- C:\rsit
2008-11-15 23:11:30 ----A---- C:\WINDOWS\system32\6361d4d7-.txt
2008-11-13 03:01:38 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-13 03:01:30 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-13 03:01:18 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-13 03:00:28 ----D---- C:\Program Files\MSXML 4.0
2008-11-05 03:01:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-11-04 19:34:21 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-04 19:34:21 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-04 15:25:09 ----A---- C:\WINDOWS\system32\ProxySettings.ini
2008-11-04 15:25:08 ----A---- C:\WINDOWS\system32\SDEarlyDelete.ini
2008-11-04 15:25:08 ----A---- C:\WINDOWS\system32\SDEarlyDelete.exe
2008-11-04 15:24:47 ----A---- C:\WINDOWS\system32\CheckDll.dll
2008-11-04 15:24:43 ----D---- C:\Program Files\SpywareDetector
2008-11-04 01:00:55 ----A---- C:\WINDOWS\OEWABLog.txt
2008-11-04 01:00:30 ----D---- C:\WINDOWS\Prefetch
2008-11-04 00:49:20 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-11-04 00:49:10 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-11-04 00:48:58 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-11-04 00:48:47 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-11-04 00:48:35 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-11-04 00:48:21 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-11-04 00:48:08 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-11-04 00:47:54 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-11-04 00:47:43 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-11-04 00:47:34 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-11-04 00:47:23 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-11-04 00:47:10 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-11-04 00:47:00 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-11-04 00:46:50 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-11-04 00:46:35 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-11-04 00:46:25 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-11-04 00:42:36 ----A---- C:\WINDOWS\setuplog.txt
2008-11-04 00:41:00 ----D---- C:\WINDOWS\system32\scripting
2008-11-04 00:40:59 ----D---- C:\WINDOWS\l2schemas
2008-11-04 00:40:58 ----D---- C:\WINDOWS\system32\en
2008-11-04 00:40:57 ----D---- C:\WINDOWS\system32\bits
2008-11-04 00:36:18 ----D---- C:\WINDOWS\ServicePackFiles
2008-11-04 00:27:09 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-11-03 19:54:33 ----D---- C:\WINDOWS\pss
2008-11-03 00:01:00 ----D---- C:\Program Files\SpyHunter
2008-11-02 19:27:11 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft

======List of files/folders modified in the last 1 months======

2008-11-27 01:21:40 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-27 01:21:34 ----HD---- C:\WINDOWS\inf
2008-11-27 01:21:34 ----D---- C:\WINDOWS\system32
2008-11-27 01:21:34 ----D---- C:\WINDOWS\Help
2008-11-27 01:21:26 ----D---- C:\WINDOWS
2008-11-24 20:26:42 ----SHD---- C:\RECYCLER
2008-11-24 16:44:38 ----A---- C:\WINDOWS\system.ini
2008-11-24 16:43:19 ----D---- C:\WINDOWS\system32\drivers
2008-11-24 16:43:18 ----D---- C:\WINDOWS\AppPatch
2008-11-24 16:43:18 ----D---- C:\Program Files\Common Files
2008-11-24 16:42:14 ----RD---- C:\Program Files
2008-11-24 16:41:23 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-24 15:16:25 ----D---- C:\WINDOWS\network diagnostic
2008-11-23 17:50:15 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-23 12:34:58 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-11-23 05:40:05 ----D---- C:\WINDOWS\system32\config
2008-11-23 05:34:03 ----RASH---- C:\boot.ini
2008-11-22 14:01:04 ----A---- C:\WINDOWS\win.ini
2008-11-16 03:05:01 ----D---- C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-11-16 03:04:59 ----D---- C:\Documents and Settings\Calvin D Stone\Application Data\PlayFirst
2008-11-16 03:02:42 ----D---- C:\Program Files\Yahoo! Games
2008-11-16 02:42:23 ----D---- C:\Documents and Settings\Calvin D Stone\Application Data\LimeWire
2008-11-15 22:10:10 ----D---- C:\Documents and Settings
2008-11-13 03:01:37 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-13 03:01:35 ----A---- C:\WINDOWS\imsins.BAK
2008-11-13 03:00:30 ----SHD---- C:\WINDOWS\Installer
2008-11-13 03:00:29 ----D---- C:\WINDOWS\WinSxS
2008-11-06 23:26:36 ----D---- C:\WINDOWS\system32\wbem
2008-11-06 23:26:36 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-06 23:26:30 ----SD---- C:\Documents and Settings\Calvin D Stone\Application Data\Microsoft
2008-11-06 21:57:12 ----A---- C:\WINDOWS\NeroDigital.ini
2008-11-04 20:14:31 ----A---- C:\WINDOWS\wininit.ini
2008-11-04 20:09:36 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-04 15:25:52 ----D---- C:\WINDOWS\system
2008-11-04 01:01:28 ----D---- C:\WINDOWS\Debug
2008-11-04 01:00:07 ----D---- C:\WINDOWS\system32\Setup
2008-11-04 01:00:07 ----D---- C:\WINDOWS\ime
2008-11-04 01:00:05 ----RSD---- C:\WINDOWS\Fonts
2008-11-04 01:00:03 ----D---- C:\WINDOWS\security
2008-11-04 00:50:05 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-04 00:46:37 ----D---- C:\Program Files\Messenger
2008-11-04 00:41:24 ----D---- C:\WINDOWS\system32\inetsrv
2008-11-04 00:41:01 ----D---- C:\WINDOWS\system32\usmt
2008-11-04 00:41:01 ----D---- C:\WINDOWS\system32\en-US
2008-11-04 00:40:57 ----D---- C:\WINDOWS\PeerNet
2008-11-04 00:40:57 ----D---- C:\Program Files\Movie Maker
2008-11-04 00:36:03 ----D---- C:\WINDOWS\system32\Restore
2008-11-04 00:36:03 ----D---- C:\WINDOWS\system32\npp
2008-11-04 00:36:03 ----D---- C:\WINDOWS\mui
2008-11-04 00:36:01 ----D---- C:\WINDOWS\msagent
2008-11-04 00:35:59 ----D---- C:\WINDOWS\srchasst
2008-11-04 00:35:58 ----D---- C:\Program Files\NetMeeting
2008-11-04 00:35:55 ----D---- C:\WINDOWS\system32\Com
2008-11-04 00:35:51 ----D---- C:\Program Files\Windows Media Player
2008-11-04 00:35:50 ----D---- C:\Program Files\Windows NT
2008-11-04 00:35:50 ----D---- C:\Program Files\Outlook Express
2008-11-04 00:35:44 ----D---- C:\Program Files\Common Files\System
2008-11-04 00:35:10 ----D---- C:\WINDOWS\system32\oobe
2008-11-04 00:30:58 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-11-04 00:27:07 ----D---- C:\WINDOWS\ehome
2008-11-03 19:10:25 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-13 37760]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R2 elagopro;GoProto Protocol Driver for LELA; C:\WINDOWS\system32\DRIVERS\elagopro.sys [2007-03-22 28672]
R2 elaunidr;UniDriver for LELA; C:\WINDOWS\system32\DRIVERS\elaunidr.sys [2007-03-22 5376]
R2 SAVRTPEL;SAVRTPEL; \??\C:\WINDOWS\system32\Drivers\SAVRTPEL.SYS []
R2 SYMTDI;SYMTDI; \??\C:\WINDOWS\system32\Drivers\SYMTDI.SYS []
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ctljystk;Creative SBLive! Gameport; C:\WINDOWS\system32\DRIVERS\ctljystk.sys [2001-08-17 3712]
R3 emu10k;Creative SB Live! (WDM); C:\WINDOWS\system32\drivers\emu10k1m.sys [2001-08-17 283904]
R3 emu10k1;Creative Interface Manager Driver (WDM); C:\WINDOWS\system32\drivers\ctlfacem.sys [2001-08-17 6912]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080430.017\NAVENG.Sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080430.017\NavEx15.Sys []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NPDriver;Norton Unerase Protection Driver; \??\C:\WINDOWS\system32\Drivers\NPDRIVER.SYS []
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-02 6554496]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 SAVRT;SAVRT; \??\C:\WINDOWS\system32\Drivers\SAVRT.SYS []
R3 sfman;Creative SoundFont Manager Driver (WDM); C:\WINDOWS\system32\drivers\sfmanm.sys [2001-08-17 36480]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; \??\C:\WINDOWS\system32\Drivers\SYMREDRV.SYS []
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S2 npkcrypt;npkcrypt; \??\C:\Nexon\MapleStory\npkcrypt.sys []
S3 av48twop;av48twop; C:\WINDOWS\system32\drivers\av48twop.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-10-27 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-10-27 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-21 21568]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 npkcusb;npkcusb; \??\C:\Nexon\MapleStory\npkcusb.sys []
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-06-28 106496]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2002-08-08 308936]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NProtectService;Norton Unerase Protection; C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE [2002-08-14 135168]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-02 159812]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
R2 SymWSC;SymWMI Service; C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe [2004-11-02 316544]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2007-07-10 501048]
R3 navapsvc;Norton AntiVirus Auto Protect Service; C:\Program Files\Norton AntiVirus\navapsvc.exe [2002-11-14 116336]
S2 SBService;ScriptBlocking Service; C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe [2001-08-13 54408]
S2 SDService;SDService; C:\Program Files\SpywareDetector\SDService.exe []
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-05-06 72704]
S3 ccPwdSvc;Symantec Password Validation Service; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2002-08-19 63176]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, November 27, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, November 27, 2008 18:32:39
Records in database: 1421760
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\

Scan statistics:
Files scanned: 76268
Threat name: 9
Infected objects: 19
Suspicious objects: 0
Duration of the scan: 04:06:31


File name / Threat name / Threats count
C:\Documents and Settings\Calvin D Stone\Incomplete\Preview-T-5745425-we pop champaine.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Documents and Settings\Calvin D Stone\Shared\Chronic Future - Apology For Non-Symmetry.mp3 Infected: Trojan-Downloader.WMA.GetCodec.a 1
C:\Documents and Settings\Calvin D Stone\Shared\Faith Evans - Jealous.wma Infected: Trojan-Downloader.WMA.GetCodec.a 1
C:\Documents and Settings\Calvin D Stone\Shared\Gangsta Rap The Glockumentary (2007) DVDRip.avi Infected: Trojan-Downloader.WMA.GetCodec.a 1
C:\Documents and Settings\Calvin D Stone\Shared\Gangsta Rap The Glockumentary 2007 COMPLETE NTSC DVDR-NTX.avi Infected: Trojan-Downloader.WMA.GetCodec.b 1
C:\Program Files\Norton AntiVirus\Quarantine\1EE65B22 Infected: not-a-virus:AdWare.Win32.Agent.zk 1
C:\Program Files\Norton AntiVirus\Quarantine\1EE65B22.exe Infected: not-a-virus:AdWare.Win32.Agent.zk 1
C:\Program Files\Norton AntiVirus\Quarantine\2C3C3BAB Infected: not-a-virus:AdWare.Win32.Agent.zk 1
C:\Program Files\Norton AntiVirus\Quarantine\2C3F65A8.exe Infected: not-a-virus:AdWare.Win32.Agent.zk 1
C:\Program Files\Norton AntiVirus\Quarantine\4CE071C4 Infected: not-a-virus:AdWare.Win32.Agent.vm 1
C:\Program Files\Norton AntiVirus\Quarantine\4CE31BC0 Infected: not-a-virus:AdWare.Win32.Agent.vm 1
C:\Program Files\Norton AntiVirus\Quarantine\4CE745BD Infected: not-a-virus:AdWare.Win32.Agent.vm 1
C:\Program Files\Norton AntiVirus\Quarantine\60B15537 Infected: not-a-virus:AdWare.Win32.Agent.zk 1
C:\Program Files\Norton AntiVirus\Quarantine\60B57F33.exe Infected: not-a-virus:AdWare.Win32.Agent.zk 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6V2RDZCV\mir12g[1].exe Infected: not-a-virus:AdWare.Win32.NetNucleus.c 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ERAWR7NC\101millmn[1].exe Infected: Backdoor.Win32.UltimateDefender.gwg 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\FPWRA5L7\152[1].net Infected: Trojan-Spy.Win32.Agent.euy 1
C:\WINDOWS\system32\Kcrnad1Drv.dll Infected: Trojan-GameThief.Win32.OnLineGames.tbvu 1
C:\WINDOWS\system32\KcrnadDrv.dll Infected: Trojan-GameThief.Win32.OnLineGames.tbvu 1

The selected area was scanned.

Shaba
2008-11-28, 11:30
If you play any online games, I suggest that you change their password

Open notepad and copy/paste the text in the codebox below into it:


File::
C:\Documents and Settings\Calvin D Stone\Incomplete\Preview-T-5745425-we pop champaine.mp3
C:\Documents and Settings\Calvin D Stone\Shared\Chronic Future - Apology For Non-Symmetry.mp3
C:\Documents and Settings\Calvin D Stone\Shared\Faith Evans - Jealous.wma
C:\Documents and Settings\Calvin D Stone\Shared\Gangsta Rap The Glockumentary (2007) DVDRip.avi I
C:\Documents and Settings\Calvin D Stone\Shared\Gangsta Rap The Glockumentary 2007 COMPLETE NTSC DVDR-NTX.avi
C:\Program Files\Norton AntiVirus\Quarantine\1EE65B22
C:\Program Files\Norton AntiVirus\Quarantine\1EE65B22.exe
C:\Program Files\Norton AntiVirus\Quarantine\2C3C3BAB
C:\Program Files\Norton AntiVirus\Quarantine\2C3F65A8.exe
C:\Program Files\Norton AntiVirus\Quarantine\4CE071C4
C:\Program Files\Norton AntiVirus\Quarantine\4CE31BC0
C:\Program Files\Norton AntiVirus\Quarantine\4CE745BD
C:\Program Files\Norton AntiVirus\Quarantine\60B15537 I
C:\Program Files\Norton AntiVirus\Quarantine\60B57F33.exe
C:\WINDOWS\system32\Kcrnad1Drv.dll
C:\WINDOWS\system32\KcrnadDrv.dll


Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

N_Cobb
2008-11-28, 20:42
ComboFix 08-11-27.07 - Calvin D Stone 2008-11-28 13:42:22.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.229 [GMT -5:00]
Running from: c:\documents and settings\Calvin D Stone\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Calvin D Stone\Desktop\cfscript.txt
* Created a new restore point

FILE ::
c:\documents and settings\Calvin D Stone\Incomplete\Preview-T-5745425-we pop champaine.mp3
c:\documents and settings\Calvin D Stone\Shared\Chronic Future - Apology For Non-Symmetry.mp3
c:\documents and settings\Calvin D Stone\Shared\Faith Evans - Jealous.wma
c:\documents and settings\Calvin D Stone\Shared\Gangsta Rap The Glockumentary (2007) DVDRip.avi I
c:\documents and settings\Calvin D Stone\Shared\Gangsta Rap The Glockumentary 2007 COMPLETE NTSC DVDR-NTX.avi
c:\program files\Norton AntiVirus\Quarantine\1EE65B22
c:\program files\Norton AntiVirus\Quarantine\1EE65B22.exe
c:\program files\Norton AntiVirus\Quarantine\2C3C3BAB
c:\program files\Norton AntiVirus\Quarantine\2C3F65A8.exe
c:\program files\Norton AntiVirus\Quarantine\4CE071C4
c:\program files\Norton AntiVirus\Quarantine\4CE31BC0
c:\program files\Norton AntiVirus\Quarantine\4CE745BD
c:\program files\Norton AntiVirus\Quarantine\60B15537 I
c:\program files\Norton AntiVirus\Quarantine\60B57F33.exe
c:\windows\system32\Kcrnad1Drv.dll
c:\windows\system32\KcrnadDrv.dll
.

((((((((((((((((((((((((( Files Created from 2008-10-28 to 2008-11-28 )))))))))))))))))))))))))))))))
.

2008-11-28 02:10 . 2008-11-28 02:11 <DIR> d-------- c:\program files\NCSoft
2008-11-28 02:00 . 2008-11-28 02:00 <DIR> d-------- c:\documents and settings\Calvin D Stone\Application Data\InstallShield
2008-11-28 01:51 . 2008-11-28 02:00 <DIR> d-------- c:\documents and settings\Calvin D Stone\Application Data\GetRightToGo
2008-11-23 17:50 . 2008-11-24 16:39 4,224 --a------ c:\windows\system32\drivers\beep.sys
2008-11-23 17:50 . 2008-11-24 16:39 4,224 --a--c--- c:\windows\system32\dllcache\beep.sys
2008-11-22 14:37 . 2008-11-22 14:37 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-22 14:37 . 2008-11-22 14:37 <DIR> d-------- c:\documents and settings\Calvin D Stone\Application Data\Malwarebytes
2008-11-22 14:37 . 2008-11-22 14:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-22 14:37 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-22 14:37 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-17 00:38 . 2008-11-17 00:38 <DIR> d-------- C:\rsit
2008-11-17 00:38 . 2008-11-28 13:37 <DIR> d-------- c:\program files\trend micro
2008-11-15 22:10 . 2008-11-15 22:10 <DIR> d-------- c:\documents and settings\Administrator
2008-11-15 22:03 . 2008-11-15 22:03 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\GetModule
2008-11-15 22:03 . 2008-11-22 14:00 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\gadcom
2008-11-13 03:00 . 2008-11-13 03:00 <DIR> d-------- c:\program files\MSXML 4.0
2008-11-12 23:29 . 2008-09-04 12:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 23:29 . 2008-10-24 06:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-04 19:34 . 2008-11-22 13:47 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-11-04 19:34 . 2008-11-23 05:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-04 15:25 . 2008-10-23 10:00 12,752 --a------ c:\windows\system32\SDEarlyDelete.exe
2008-11-04 15:25 . 2008-11-04 15:25 110 --a------ c:\windows\system32\SDEarlyDelete.ini
2008-11-04 15:25 . 2005-02-06 09:02 104 --a------ c:\windows\system32\ProxySettings.ini
2008-11-04 15:25 . 2008-11-04 15:58 63 --a------ c:\windows\system\SysSD.dll
2008-11-04 15:24 . 2008-11-04 20:14 <DIR> d-------- c:\program files\SpywareDetector
2008-11-04 15:24 . 2008-09-23 09:14 921,600 --a------ c:\windows\system32\CheckDll.dll
2008-11-04 00:41 . 2008-11-04 00:41 <DIR> d-------- c:\windows\system32\scripting
2008-11-04 00:40 . 2008-11-04 00:40 <DIR> d-------- c:\windows\system32\en
2008-11-04 00:40 . 2008-11-04 00:40 <DIR> d-------- c:\windows\system32\bits
2008-11-04 00:40 . 2008-11-04 00:40 <DIR> d-------- c:\windows\l2schemas
2008-11-04 00:36 . 2008-11-04 00:41 <DIR> d-------- c:\windows\ServicePackFiles
2008-11-03 00:01 . 2008-11-04 14:39 <DIR> d-------- c:\program files\SpyHunter
2008-11-02 19:27 . 2008-11-02 19:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-28 08:40 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-28 07:10 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-16 08:05 --------- d-----w c:\documents and settings\All Users\Application Data\PlayFirst
2008-11-16 08:04 --------- d-----w c:\documents and settings\Calvin D Stone\Application Data\PlayFirst
2008-11-16 08:02 --------- d-----w c:\program files\Yahoo! Games
2008-11-16 07:42 --------- d-----w c:\documents and settings\Calvin D Stone\Application Data\LimeWire
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2007-05-06 23:12 32 --sha-w c:\windows\{61F619DA-22AC-4292-B9C2-AFDB35602C2A}.dat
2007-05-06 23:12 32 --sha-w c:\windows\system32\{B26B46C6-58DB-4524-BBB8-8751C8C59929}.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95428be1-00b3-4919-8e16-e38550ce7366}]
c:\windows\system32\vvvdgq.dll [BU]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 454784]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"PlayNC Launcher"="c:\program files\NCSoft\Launcher\NCLauncher.exe" [2008-06-09 38128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2002-08-19 50880]
"ccRegVfy"="c:\program files\Common Files\Symantec Shared\ccRegVfy.exe" [2002-08-19 34504]
"Advanced Tools Check"="c:\progra~1\NORTON~1\AdvTools\ADVCHK.EXE" [2002-08-26 79480]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-07-10 270648]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-02 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-02 86016]
"SDActiveMonitor"="c:\program files\SpywareDetector\SDActiveMonitor.exe" [BU]
"SDAutoLiveupdate"="c:\program files\SpywareDetector\LiveUpdateSD.exe" [BU]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"nwiz"="nwiz.exe" [2008-05-02 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [2002-08-07 54936]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]

c:\documents and settings\Calvin D Stone\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2007-05-06 106560]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i263_32.drv
"aux"= ctwdm32.dll
"msacm.g723"= g723.acm
"vidc.I263"= I263_32.drv
"VIDC.HFYU"= huffyuv.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\NCsoft\\Exteel\\System\\Exteel.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"60440:TCP"= 60440:TCP:*:Disabled:SolidNetworkManager
"60440:UDP"= 60440:UDP:*:Disabled:SolidNetworkManager

R0 sojubus;sojubus;c:\windows\system32\DRIVERS\sojubus.sys [2003-10-05 123520]
R0 sojuscsi;sojuscsi;c:\windows\system32\DRIVERS\sojuscsi.sys [2003-09-28 5504]
.
Contents of the 'Scheduled Tasks' folder

2008-11-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 14:42]

2008-11-22 c:\windows\Tasks\Norton AntiVirus - Scan my computer.job
- c:\progra~1\NORTON~1\NAVW32.exe [2002-11-14 19:31]

2008-11-28 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2002-08-07 08:04]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-28 13:44:05
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-11-28 13:45:09
ComboFix-quarantined-files.txt 2008-11-28 18:44:54
ComboFix2.txt 2008-11-28 18:32:41
ComboFix3.txt 2008-11-24 21:45:45
ComboFix4.txt 2008-11-23 19:04:19

Pre-Run: 13,241,663,488 bytes free
Post-Run: 13,288,484,864 bytes free

173 --- E O F --- 2008-11-13 08:04:29

info.txt
info.txt logfile of random's system information tool 1.04 2008-11-28 13:37:15

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos 1.0-->MsiExec.exe /I{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}
Alcohol 120%-->MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
AOL Instant Messenger-->C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
Apple Mobile Device Support-->MsiExec.exe /I{A43B2A2F-1DB5-47F9-A608-F11A4835D7CB}
Apple Software Update-->MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
Canon Camera Support Core Library-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{A1D0D14A-B776-4907-BC00-5149F2298086} /l1033
Canon Camera Window DC_DV 5 for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}
Canon Camera Window DSLR 5 for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{0A146245-DB79-4197-BF5D-FE1A699A2CC7}
Canon Camera Window MC 5 for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{36C65B50-37BA-4467-AAD5-0523EFDF6F62}
Canon EOS 5D WIA Driver-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BB3AB664-D92B-4CB5-8B3E-D841841F4E68} /l1033
Canon PhotoRecord-->MsiExec.exe /X{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}
Canon RAW Image Task for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}
Canon Utilities Digital Photo Professional 2.0-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{17BF3045-AB1D-4048-8356-6C584B83565E} /l1033
Canon Utilities EOS Capture 1.5-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{589D17BB-C997-48C0-BCD2-CC8DC3375FE8}
Canon Utilities PhotoStitch 3.1-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}
Canon ZoomBrowser EX (E)-->MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
Cooking Dash (remove only)-->"C:\Program Files\Yahoo! Games\Cooking Dash\Uninstall.exe"
Diner Dash Flo Through Time (remove only)-->"C:\Program Files\Yahoo! Games\Diner Dash Flo Through Time\Uninstall.exe"
DivX 4.11 Codec-->"C:\Program Files\DivXCodec\uninstall.exe"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter-->C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Drivers Install For Linksys Easylink Advisor-->MsiExec.exe /I{A1960A82-DB70-474D-A86B-FA74466103C6}
EAX(tm) Unified (SHELL)-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative Labs\EAX(tm) Unified (SHELL)\Uninst.isu"
Flock (Photobucket Edition) 0.7-->C:\Program Files\Flock\uninst.exe
Google Gmail Notifier-->"C:\Program Files\Google\Gmail Notifier\UninstallGmail.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Photosmart, Officejet and Deskjet 7.0.A-->C:\Program Files\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe -datfile hposcr11.dat
HP Software Update-->MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP Solution Center 7.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
Huffyuv AVI lossless video codec (Remove Only)-->rundll.exe setupx.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\HUFFYUV.INF
Icy Tower v1.3.1-->"c:\games\icytower1.3\unins000.exe"
Indeo® Software-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Ligos\Indeo\Uninst.isu" -c"C:\Program Files\Ligos\Indeo\Indeo System Files\indounin.dll"
Intel A/V Codecs V2.0-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\system32\CDUninst.isu
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
iTunes-->MsiExec.exe /I{9357AE3A-B2ED-4138-BB9B-0564352C3F0A}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Jojo’s Fashion Show 2 - Las Cruces (remove only)-->"C:\Program Files\Yahoo! Games\Jojo’s Fashion Show 2 - Las Cruces\Uninstall.exe"
LexarMedia ImageRescue Software-->MsiExec.exe /X{8685BFA3-470B-4E20-A41F-A60BBD40E6E2}
Linksys EasyLink Advisor 1.6 (0044)-->rundll32 C:\PROGRA~1\LINKSY~1\AUInst.dll,ExUninstall
LiveReg (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.80 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero Suite-->C:\Program Files\Common Files\Ahead\Uninstall\Setup.exe /uninstall
Norton AntiVirus 2003 Professional Edition-->MsiExec.exe /I{F4C9398F-B6C6-4A4B-8B6D-795CD86F915D}
Norton WMI Update-->MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
PlayNC Launcher-->C:\Program Files\InstallShield Installation Information\{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}\setup.exe -runfromtemp -l0x0009 -removeonly
Pro Media Director Version 1.1.1.1-->"C:\Program Files\Pelican Performance\Pro Media Director\unins000.exe"
QuickTime-->MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RescuePRO 3.2-->C:\WINDOWS\iun507.exe C:\Program Files\RescuePRO\irunin.ini
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
The Sims™ 2 Deluxe-->C:\Program Files\EA GAMES\The Sims 2 Deluxe\EAUninstall.exe
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Westwood Shared Internet Components-->C:\Westwood\Internet\UnstllAP.EXE
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Xvid 1.1.2 final uninstall-->"C:\Program Files\Xvid\unins000.exe"
Yahoo! ¤u¨ã¦C-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
Yahoo! Browser Services-->C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

======Security center information======

AV: Norton AntiVirus (disabled) (outdated)

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0a00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip

-----------------EOF-----------------

log.txt

Logfile of random's system information tool 1.04 (written by random/random)
Run by Calvin D Stone at 2008-11-28 13:37:05
Microsoft Windows XP Professional Service Pack 3
System drive C: has 13 GB (32%) free of 40 GB
Total RAM: 511 MB (45% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:37:13 PM, on 11/28/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NCSoft\Launcher\NCLauncher.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Calvin D Stone\Desktop\RSIT.exe
C:\Program Files\trend micro\Calvin D Stone.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: {6637ec05-583e-61e8-9194-3b001eb82459} - {95428be1-00b3-4919-8e16-e38550ce7366} - C:\WINDOWS\system32\vvvdgq.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SDActiveMonitor] C:\Program Files\SpywareDetector\SDActiveMonitor.exe -AUTO
O4 - HKLM\..\Run: [SDAutoLiveupdate] C:\Program Files\SpywareDetector\LiveUpdateSD.exe -AUTO
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PlayNC Launcher] C:\Program Files\NCSoft\Launcher\NCLauncher.exe /Minimized
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SDService - Unknown owner - C:\Program Files\SpywareDetector\SDService.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 8129 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
C:\WINDOWS\tasks\Symantec NetDetect.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2007-12-18 817936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95428be1-00b3-4919-8e16-e38550ce7366}]
C:\WINDOWS\system32\vvvdgq.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Norton AntiVirus - C:\Program Files\Norton AntiVirus\NavShExt.dll [2002-11-15 112248]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2002-08-19 50880]
"ccRegVfy"=C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe [2002-08-19 34504]
"Advanced Tools Check"=C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE [2002-08-26 79480]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"=C:\Program Files\Google\Gmail Notifier\gnotify.exe [2005-07-15 479232]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-06-29 286720]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2007-07-10 270648]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-02 13529088]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-02 86016]
"SDActiveMonitor"=C:\Program Files\SpywareDetector\SDActiveMonitor.exe -AUTO []
"SDAutoLiveupdate"=C:\Program Files\SpywareDetector\LiveUpdateSD.exe -AUTO []
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]
"nwiz"=nwiz.exe /install []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"EasyLinkAdvisor"=C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe [2007-03-15 454784]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"PlayNC Launcher"=C:\Program Files\NCSoft\Launcher\NCLauncher.exe [2008-06-09 38128]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE

C:\Documents and Settings\Calvin D Stone\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SYMTDI]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\NCsoft\Exteel\System\Exteel.exe"="C:\Program Files\NCsoft\Exteel\System\Exteel.exe:*:Enabled:Exteel"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\NCsoft\Exteel\System\Exteel.exe"="C:\Program Files\NCsoft\Exteel\System\Exteel.exe:*:Enabled:Exteel"

======List of files/folders created in the last 1 months======

2008-11-28 13:32:41 ----A---- C:\ComboFix.txt
2008-11-28 02:10:27 ----D---- C:\Program Files\NCSoft
2008-11-28 02:04:43 ----RSD---- C:\WINDOWS\assembly
2008-11-28 02:03:03 ----D---- C:\WINDOWS\Microsoft.NET
2008-11-28 02:00:48 ----D---- C:\Documents and Settings\Calvin D Stone\Application Data\InstallShield
2008-11-28 01:51:31 ----D---- C:\Documents and Settings\Calvin D Stone\Application Data\GetRightToGo
2008-11-24 16:45:47 ----D---- C:\WINDOWS\temp
2008-11-23 05:34:03 ----A---- C:\Boot.bak
2008-11-23 05:33:47 ----RASHD---- C:\cmdcons
2008-11-23 05:32:19 ----A---- C:\WINDOWS\zip.exe
2008-11-23 05:32:19 ----A---- C:\WINDOWS\SWREG.exe
2008-11-23 05:32:19 ----A---- C:\WINDOWS\sed.exe
2008-11-23 05:32:19 ----A---- C:\WINDOWS\NIRCMD.exe
2008-11-23 05:32:19 ----A---- C:\WINDOWS\grep.exe
2008-11-23 05:32:19 ----A---- C:\WINDOWS\fdsv.exe
2008-11-23 05:32:18 ----A---- C:\WINDOWS\VFIND.exe
2008-11-23 05:32:18 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-11-23 05:32:18 ----A---- C:\WINDOWS\SWSC.exe
2008-11-23 05:30:55 ----D---- C:\WINDOWS\ERDNT
2008-11-23 05:30:55 ----D---- C:\Qoobox
2008-11-22 14:37:15 ----D---- C:\Documents and Settings\Calvin D Stone\Application Data\Malwarebytes
2008-11-22 14:37:06 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-22 14:37:06 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-17 00:38:12 ----D---- C:\Program Files\trend micro
2008-11-17 00:38:11 ----D---- C:\rsit
2008-11-15 23:11:30 ----A---- C:\WINDOWS\system32\6361d4d7-.txt
2008-11-13 03:01:38 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-13 03:01:30 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-13 03:01:18 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-13 03:00:28 ----D---- C:\Program Files\MSXML 4.0
2008-11-05 03:01:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-11-04 19:34:21 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-04 19:34:21 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-04 15:25:09 ----A---- C:\WINDOWS\system32\ProxySettings.ini
2008-11-04 15:25:08 ----A---- C:\WINDOWS\system32\SDEarlyDelete.ini
2008-11-04 15:25:08 ----A---- C:\WINDOWS\system32\SDEarlyDelete.exe
2008-11-04 15:24:47 ----A---- C:\WINDOWS\system32\CheckDll.dll
2008-11-04 15:24:43 ----D---- C:\Program Files\SpywareDetector
2008-11-04 01:00:55 ----A---- C:\WINDOWS\OEWABLog.txt
2008-11-04 01:00:30 ----D---- C:\WINDOWS\Prefetch
2008-11-04 00:49:20 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-11-04 00:49:10 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-11-04 00:48:58 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-11-04 00:48:47 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-11-04 00:48:35 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-11-04 00:48:21 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-11-04 00:48:08 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-11-04 00:47:54 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-11-04 00:47:43 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-11-04 00:47:34 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-11-04 00:47:23 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-11-04 00:47:10 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-11-04 00:47:00 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-11-04 00:46:50 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-11-04 00:46:35 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-11-04 00:46:25 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-11-04 00:42:36 ----A---- C:\WINDOWS\setuplog.txt
2008-11-04 00:41:00 ----D---- C:\WINDOWS\system32\scripting
2008-11-04 00:40:59 ----D---- C:\WINDOWS\l2schemas
2008-11-04 00:40:58 ----D---- C:\WINDOWS\system32\en
2008-11-04 00:40:57 ----D---- C:\WINDOWS\system32\bits
2008-11-04 00:36:18 ----D---- C:\WINDOWS\ServicePackFiles
2008-11-04 00:27:09 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-11-03 19:54:33 ----D---- C:\WINDOWS\pss
2008-11-03 00:01:00 ----D---- C:\Program Files\SpyHunter
2008-11-02 19:27:11 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft

======List of files/folders modified in the last 1 months======

2008-11-28 13:32:45 ----D---- C:\WINDOWS\system32
2008-11-28 13:32:43 ----SHD---- C:\RECYCLER
2008-11-28 13:32:43 ----D---- C:\WINDOWS
2008-11-28 13:31:32 ----A---- C:\WINDOWS\system.ini
2008-11-28 13:30:41 ----D---- C:\WINDOWS\system32\drivers
2008-11-28 13:30:40 ----D---- C:\WINDOWS\AppPatch
2008-11-28 13:30:40 ----D---- C:\Program Files\Common Files
2008-11-28 13:28:33 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-28 03:41:06 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-28 03:40:54 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-28 03:40:50 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-11-28 03:11:39 ----HD---- C:\WINDOWS\inf
2008-11-28 02:41:47 ----A---- C:\WINDOWS\NeroDigital.ini
2008-11-28 02:31:09 ----SD---- C:\Documents and Settings\Calvin D Stone\Application Data\Microsoft
2008-11-28 02:10:27 ----RD---- C:\Program Files
2008-11-28 02:10:24 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-28 02:09:43 ----SHD---- C:\WINDOWS\Installer
2008-11-28 02:09:39 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-28 02:04:46 ----D---- C:\WINDOWS\WinSxS
2008-11-28 02:03:12 ----D---- C:\WINDOWS\system32\mui
2008-11-28 02:03:12 ----D---- C:\Program Files\Internet Explorer
2008-11-27 01:21:34 ----D---- C:\WINDOWS\Help
2008-11-24 15:16:25 ----D---- C:\WINDOWS\network diagnostic
2008-11-23 05:40:05 ----D---- C:\WINDOWS\system32\config
2008-11-23 05:34:03 ----RASH---- C:\boot.ini
2008-11-22 14:01:04 ----A---- C:\WINDOWS\win.ini
2008-11-16 03:05:01 ----D---- C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-11-16 03:04:59 ----D---- C:\Documents and Settings\Calvin D Stone\Application Data\PlayFirst
2008-11-16 03:02:42 ----D---- C:\Program Files\Yahoo! Games
2008-11-16 02:42:23 ----D---- C:\Documents and Settings\Calvin D Stone\Application Data\LimeWire
2008-11-15 22:10:10 ----D---- C:\Documents and Settings
2008-11-13 03:01:37 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-13 03:01:35 ----A---- C:\WINDOWS\imsins.BAK
2008-11-06 23:26:36 ----D---- C:\WINDOWS\system32\wbem
2008-11-04 20:14:31 ----A---- C:\WINDOWS\wininit.ini
2008-11-04 20:09:36 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-04 15:25:52 ----D---- C:\WINDOWS\system
2008-11-04 01:01:28 ----D---- C:\WINDOWS\Debug
2008-11-04 01:00:07 ----D---- C:\WINDOWS\system32\Setup
2008-11-04 01:00:07 ----D---- C:\WINDOWS\ime
2008-11-04 01:00:05 ----RSD---- C:\WINDOWS\Fonts
2008-11-04 01:00:03 ----D---- C:\WINDOWS\security
2008-11-04 00:50:05 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-04 00:46:37 ----D---- C:\Program Files\Messenger
2008-11-04 00:41:24 ----D---- C:\WINDOWS\system32\inetsrv
2008-11-04 00:41:01 ----D---- C:\WINDOWS\system32\usmt
2008-11-04 00:41:01 ----D---- C:\WINDOWS\system32\en-US
2008-11-04 00:40:57 ----D---- C:\WINDOWS\PeerNet
2008-11-04 00:40:57 ----D---- C:\Program Files\Movie Maker
2008-11-04 00:36:03 ----D---- C:\WINDOWS\system32\Restore
2008-11-04 00:36:03 ----D---- C:\WINDOWS\system32\npp
2008-11-04 00:36:03 ----D---- C:\WINDOWS\mui
2008-11-04 00:36:01 ----D---- C:\WINDOWS\msagent
2008-11-04 00:35:59 ----D---- C:\WINDOWS\srchasst
2008-11-04 00:35:58 ----D---- C:\Program Files\NetMeeting
2008-11-04 00:35:55 ----D---- C:\WINDOWS\system32\Com
2008-11-04 00:35:51 ----D---- C:\Program Files\Windows Media Player
2008-11-04 00:35:50 ----D---- C:\Program Files\Windows NT
2008-11-04 00:35:50 ----D---- C:\Program Files\Outlook Express
2008-11-04 00:35:44 ----D---- C:\Program Files\Common Files\System
2008-11-04 00:35:10 ----D---- C:\WINDOWS\system32\oobe
2008-11-04 00:30:58 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-11-04 00:27:07 ----D---- C:\WINDOWS\ehome
2008-11-03 19:10:25 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-13 37760]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R2 elagopro;GoProto Protocol Driver for LELA; C:\WINDOWS\system32\DRIVERS\elagopro.sys [2007-03-22 28672]
R2 elaunidr;UniDriver for LELA; C:\WINDOWS\system32\DRIVERS\elaunidr.sys [2007-03-22 5376]
R2 SAVRTPEL;SAVRTPEL; \??\C:\WINDOWS\system32\Drivers\SAVRTPEL.SYS []
R2 SYMTDI;SYMTDI; \??\C:\WINDOWS\system32\Drivers\SYMTDI.SYS []
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ctljystk;Creative SBLive! Gameport; C:\WINDOWS\system32\DRIVERS\ctljystk.sys [2001-08-17 3712]
R3 emu10k;Creative SB Live! (WDM); C:\WINDOWS\system32\drivers\emu10k1m.sys [2001-08-17 283904]
R3 emu10k1;Creative Interface Manager Driver (WDM); C:\WINDOWS\system32\drivers\ctlfacem.sys [2001-08-17 6912]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NPDriver;Norton Unerase Protection Driver; \??\C:\WINDOWS\system32\Drivers\NPDRIVER.SYS []
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-02 6554496]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 sfman;Creative SoundFont Manager Driver (WDM); C:\WINDOWS\system32\drivers\sfmanm.sys [2001-08-17 36480]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; \??\C:\WINDOWS\system32\Drivers\SYMREDRV.SYS []
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S2 npkcrypt;npkcrypt; \??\C:\Nexon\MapleStory\npkcrypt.sys []
S3 ajjzp46s;ajjzp46s; C:\WINDOWS\system32\drivers\ajjzp46s.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-10-27 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-10-27 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-21 21568]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080430.017\NAVENG.Sys []
S3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080430.017\NavEx15.Sys []
S3 npkcusb;npkcusb; \??\C:\Nexon\MapleStory\npkcusb.sys []
S3 SAVRT;SAVRT; \??\C:\WINDOWS\system32\Drivers\SAVRT.SYS []
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-06-28 106496]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2002-08-08 308936]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NProtectService;Norton Unerase Protection; C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE [2002-08-14 135168]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-02 159812]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
R2 SymWSC;SymWMI Service; C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe [2004-11-02 316544]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2007-07-10 501048]
S2 SBService;ScriptBlocking Service; C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe [2001-08-13 54408]
S2 SDService;SDService; C:\Program Files\SpywareDetector\SDService.exe []
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-05-06 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 ccPwdSvc;Symantec Password Validation Service; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2002-08-19 63176]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 navapsvc;Norton AntiVirus Auto Protect Service; C:\Program Files\Norton AntiVirus\navapsvc.exe [2002-11-14 116336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

Shaba
2008-11-28, 20:44
Please check if these files exist:

c:\documents and settings\Calvin D Stone\Incomplete\Preview-T-5745425-we pop champaine.mp3
c:\documents and settings\Calvin D Stone\Shared\Chronic Future - Apology For Non-Symmetry.mp3
c:\documents and settings\Calvin D Stone\Shared\Faith Evans - Jealous.wma
c:\documents and settings\Calvin D Stone\Shared\Gangsta Rap The Glockumentary (2007) DVDRip.avi I
c:\documents and settings\Calvin D Stone\Shared\Gangsta Rap The Glockumentary 2007 COMPLETE NTSC DVDR-NTX.avi
c:\program files\Norton AntiVirus\Quarantine\1EE65B22
c:\program files\Norton AntiVirus\Quarantine\1EE65B22.exe
c:\program files\Norton AntiVirus\Quarantine\2C3C3BAB
c:\program files\Norton AntiVirus\Quarantine\2C3F65A8.exe
c:\program files\Norton AntiVirus\Quarantine\4CE071C4
c:\program files\Norton AntiVirus\Quarantine\4CE31BC0
c:\program files\Norton AntiVirus\Quarantine\4CE745BD
c:\program files\Norton AntiVirus\Quarantine\60B15537 I
c:\program files\Norton AntiVirus\Quarantine\60B57F33.exe
c:\windows\system32\Kcrnad1Drv.dll
c:\windows\system32\KcrnadDrv.dll

If they do, please delete them.

N_Cobb
2008-11-29, 01:47
i found one out of all of those files but on another note, throughout my computer exists hidden files called album art and they are image files, can you shed some light on that?

Shaba
2008-11-29, 12:06
They are likely thumbs.db files.

See here (http://en.wikipedia.org/wiki/Thumbs.db) for more information.

Other concerns? :)

N_Cobb
2008-11-29, 22:00
nope, as long as they are fine i'm cool

Shaba
2008-11-29, 22:03
Great :)

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Please download JavaRa (http://sourceforge.net/project/downloading.php?groupname=javara&filename=JavaRa.zip&use_mirror=osdn) and unzip it to your desktop.

***Please close any instances of Internet Explorer before continuing!***

Double-click on JavaRa.exe to start the program.
From the drop-down menu, choose English and click on Select.
JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
A logfile will pop up. Please save it to a convenient location.

Then download and install Java Runtime Environment (JRE) 6 Update 7 (http://java.sun.com/javase/downloads/index.jsp).

Next we remove all used tools.

You can delete rsit and c:\rsit folder.

You can again unhide hidden & system files.

Please download OTCleanIt (http://download.bleepingcomputer.com/oldtimer/OTCleanIt.exe) and save it to desktop.

Double-click OTCleanIt.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.


Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

Disable and Enable System Restore. - If you are using Windows XP or Vista then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.

You can find instructions on how to enable and re-enable system restore here:

Windows XP System Restore Guide (http://www.bleepingcomputer.com/forums/tutorial56.html)

or

Windows Vista System Restore Guide (http://www.bleepingcomputer.com/tutorials/tutorial143.html)

Re-enable system restore with instructions from tutorial above

Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt

Change the Download unsigned ActiveX controls to Disable

Change the Initialize and script ActiveX controls not marked as safe to Disable

Change the Installation of desktop items to Prompt

Change the Launching programs and files in an IFRAME to Prompt

Change the Navigate sub-frames across different domains to Prompt

When all these settings have been made, click on the OK button.

If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.

Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.


Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com (http://www.windowsupdate.com) regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Install Malwarebytes' Anti-Malware - Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
totally free but for real-time protection you will have to pay a small one-time fee. Tutorial on installing & using this product can be found below:

Malwarebytes' Anti-Malware Setup Guide (http://www.bfccomputers.com/forum/index.php?showtopic=1644)

Malwarebytes' Anti-Malware Scanning Guide (http://www.bfccomputers.com/forum/index.php?showtopic=1645)


Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/tutorials/tutorial49.html)


Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety

MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm) <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
Winpatrol (http://www.winpatrol.com/) <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software (http://www.winpatrol.com/features.html)

Stand Up and Be Counted ---> Malware Complaints (http://www.malwarecomplaints.info/index.php) <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Also, please read this great article by Tony Klein So How Did I Get Infected In First Place (http://castlecops.com/postlite7736-.html)

Happy surfing and stay clean! :bigthumb:

N_Cobb
2008-11-30, 03:34
im not able to download the java that you suggested, should i proceed with the remainder of the process?

Shaba
2008-11-30, 12:16
My bad, that was an old canned.

Please download this from Sun website:

Java SE Runtime Environment (JRE) 6 Update 10

N_Cobb
2008-12-01, 08:52
my final problem is that firefox claims to be running even though i just installed it and for that reason i can't use it...any suggestions there?

Shaba
2008-12-01, 11:25
Does it appear in task manager as well?

N_Cobb
2008-12-01, 23:22
no, and even though i just downloaded it didn't show up on the spyware blaster scan

Shaba
2008-12-02, 15:37
Have you tried to uninstall/re-install it?

N_Cobb
2008-12-03, 04:52
Yes, multiple times with no different results

Shaba
2008-12-03, 12:12
Then I think that you might be best to ask about it in mozilla forums (http://support.mozilla.com/forum)

Any malware issues left?

N_Cobb
2008-12-04, 03:33
No, i suppose not. All clear

N_Cobb
2008-12-04, 04:02
I supposed wrong, on turning on tea timer I recieved repeated reports of registry changes varyingf rom different search engines to rundll changes and i believe that shouldn't be happening.

N_Cobb
2008-12-04, 04:09
new scan shows virtumonde is back

Shaba
2008-12-04, 10:56
That might just mean that TeaTimer needs to be resetted.

Please post back spybot report and a fresh HijackThis log next.

N_Cobb
2008-12-05, 00:27
Logfile of random's system information tool 1.04 (written by random/random)
Run by Calvin D Stone at 2008-12-04 17:02:44
Microsoft Windows XP Professional Service Pack 3
System drive C: has 13 GB (33%) free of 40 GB
Total RAM: 511 MB (19% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:03:06 PM, on 12/4/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Calvin D Stone\Desktop\RSIT.exe
C:\Program Files\trend micro\Calvin D Stone.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {95428be1-00b3-4919-8e16-e38550ce7366} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SDActiveMonitor] C:\Program Files\SpywareDetector\SDActiveMonitor.exe -AUTO
O4 - HKLM\..\Run: [SDAutoLiveupdate] C:\Program Files\SpywareDetector\LiveUpdateSD.exe -AUTO
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Plug-in 1.6.0_05) -
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O20 - AppInit_DLLs: tijxmf.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SDService - Unknown owner - C:\Program Files\SpywareDetector\SDService.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 8289 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
C:\WINDOWS\tasks\Symantec NetDetect.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2007-12-18 817936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-01 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95428be1-00b3-4919-8e16-e38550ce7366}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-01 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Norton AntiVirus - C:\Program Files\Norton AntiVirus\NavShExt.dll [2002-11-15 112248]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2002-08-19 50880]
"ccRegVfy"=C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe [2002-08-19 34504]
"Advanced Tools Check"=C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE [2002-08-26 79480]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"=C:\Program Files\Google\Gmail Notifier\gnotify.exe [2005-07-15 479232]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-06-29 286720]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2007-07-10 270648]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-02 13529088]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-02 86016]
"SDActiveMonitor"=C:\Program Files\SpywareDetector\SDActiveMonitor.exe -AUTO []
"SDAutoLiveupdate"=C:\Program Files\SpywareDetector\LiveUpdateSD.exe -AUTO []
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-01 136600]
"nwiz"=nwiz.exe /install []
"RAM_DEFRAG"= []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"EasyLinkAdvisor"=C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe [2007-03-15 454784]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE

C:\Documents and Settings\Calvin D Stone\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="tijxmf.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SYMTDI]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\NCsoft\Exteel\System\Exteel.exe"="C:\Program Files\NCsoft\Exteel\System\Exteel.exe:*:Enabled:Exteel"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\NCsoft\Exteel\System\Exteel.exe"="C:\Program Files\NCsoft\Exteel\System\Exteel.exe:*:Enabled:Exteel"

======List of files/folders created in the last 1 months======

2008-12-04 17:02:44 ----D---- C:\rsit
2008-12-04 02:55:07 ----A---- C:\WINDOWS\system32\aupnsu.dll
2008-12-04 02:55:06 ----A---- C:\WINDOWS\system32\iqjfqrbc.dll
2008-12-01 01:58:35 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-01 01:58:30 ----D---- C:\Program Files\SpywareBlaster
2008-12-01 01:50:08 ----SHD---- C:\Config.Msi
2008-12-01 01:16:44 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-01 01:16:44 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-01 01:16:44 ----A---- C:\WINDOWS\system32\java.exe
2008-12-01 01:16:44 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-01 01:08:01 ----D---- C:\Program Files\Mozilla Firefox
2008-11-30 01:47:51 ----D---- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-11-29 21:09:09 ----A---- C:\WINDOWS\system32\GkSui18.EXE
2008-11-28 13:45:14 ----D---- C:\WINDOWS\temp
2008-11-28 02:10:27 ----D---- C:\Program Files\NCSoft
2008-11-28 02:04:43 ----RSD---- C:\WINDOWS\assembly
2008-11-28 02:03:03 ----D---- C:\WINDOWS\Microsoft.NET
2008-11-28 01:51:31 ----D---- C:\Documents and Settings\Calvin D Stone\Application Data\GetRightToGo
2008-11-23 05:34:03 ----A---- C:\Boot.bak
2008-11-23 05:33:47 ----RASHD---- C:\cmdcons
2008-11-23 05:30:55 ----D---- C:\WINDOWS\ERDNT
2008-11-22 14:37:15 ----D---- C:\Documents and Settings\Calvin D Stone\Application Data\Malwarebytes
2008-11-22 14:37:06 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-22 14:37:06 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-17 00:38:12 ----D---- C:\Program Files\trend micro
2008-11-15 23:11:30 ----A---- C:\WINDOWS\system32\6361d4d7-.txt
2008-11-13 03:01:38 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-13 03:01:30 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-13 03:01:18 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-13 03:00:28 ----D---- C:\Program Files\MSXML 4.0
2008-11-05 03:01:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$

======List of files/folders modified in the last 1 months======

2008-12-04 17:02:58 ----D---- C:\WINDOWS\Prefetch
2008-12-04 17:00:06 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-04 16:59:56 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-12-04 16:59:17 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-04 14:58:05 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-04 02:56:52 ----D---- C:\WINDOWS\system32
2008-12-04 02:56:51 ----D---- C:\WINDOWS\system32\drivers
2008-12-03 02:51:30 ----D---- C:\WINDOWS
2008-12-01 01:58:30 ----RD---- C:\Program Files
2008-12-01 01:53:08 ----SHD---- C:\WINDOWS\Installer
2008-12-01 01:52:00 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-01 01:51:45 ----D---- C:\WINDOWS\WinSxS
2008-12-01 01:50:41 ----D---- C:\WINDOWS\system32\mui
2008-12-01 01:50:41 ----D---- C:\Program Files\Internet Explorer
2008-12-01 01:45:56 ----D---- C:\WINDOWS\SoftwareDistribution
2008-12-01 01:43:16 ----SHD---- C:\System Volume Information
2008-12-01 01:43:16 ----D---- C:\WINDOWS\system32\Restore
2008-12-01 01:36:47 ----D---- C:\Program Files\Norton AntiVirus
2008-12-01 01:16:14 ----D---- C:\Program Files\Java
2008-11-30 01:48:55 ----D---- C:\Program Files\HP
2008-11-29 18:04:09 ----A---- C:\WINDOWS\NeroDigital.ini
2008-11-29 01:01:05 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-28 14:00:18 ----SHD---- C:\RECYCLER
2008-11-28 13:44:08 ----A---- C:\WINDOWS\system.ini
2008-11-28 13:43:25 ----D---- C:\WINDOWS\AppPatch
2008-11-28 13:43:25 ----D---- C:\Program Files\Common Files
2008-11-28 03:11:39 ----HD---- C:\WINDOWS\inf
2008-11-28 02:31:09 ----SD---- C:\Documents and Settings\Calvin D Stone\Application Data\Microsoft
2008-11-28 02:10:24 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-27 01:21:34 ----D---- C:\WINDOWS\Help
2008-11-24 15:16:25 ----D---- C:\WINDOWS\network diagnostic
2008-11-23 05:40:05 ----D---- C:\WINDOWS\system32\config
2008-11-23 05:34:03 ----RASH---- C:\boot.ini
2008-11-23 05:28:16 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-22 14:01:04 ----A---- C:\WINDOWS\win.ini
2008-11-16 03:05:01 ----D---- C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-11-16 03:04:59 ----D---- C:\Documents and Settings\Calvin D Stone\Application Data\PlayFirst
2008-11-16 03:02:42 ----D---- C:\Program Files\Yahoo! Games
2008-11-16 02:42:23 ----D---- C:\Documents and Settings\Calvin D Stone\Application Data\LimeWire
2008-11-15 22:10:10 ----D---- C:\Documents and Settings
2008-11-13 03:01:37 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-13 03:01:35 ----A---- C:\WINDOWS\imsins.BAK
2008-11-06 23:26:36 ----D---- C:\WINDOWS\system32\wbem

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-13 37760]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R2 elagopro;GoProto Protocol Driver for LELA; C:\WINDOWS\system32\DRIVERS\elagopro.sys [2007-03-22 28672]
R2 elaunidr;UniDriver for LELA; C:\WINDOWS\system32\DRIVERS\elaunidr.sys [2007-03-22 5376]
R2 SAVRTPEL;SAVRTPEL; \??\C:\WINDOWS\system32\Drivers\SAVRTPEL.SYS []
R2 SYMTDI;SYMTDI; \??\C:\WINDOWS\system32\Drivers\SYMTDI.SYS []
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ctljystk;Creative SBLive! Gameport; C:\WINDOWS\system32\DRIVERS\ctljystk.sys [2001-08-17 3712]
R3 emu10k;Creative SB Live! (WDM); C:\WINDOWS\system32\drivers\emu10k1m.sys [2001-08-17 283904]
R3 emu10k1;Creative Interface Manager Driver (WDM); C:\WINDOWS\system32\drivers\ctlfacem.sys [2001-08-17 6912]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080430.017\NAVENG.Sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080430.017\NavEx15.Sys []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NPDriver;Norton Unerase Protection Driver; \??\C:\WINDOWS\system32\Drivers\NPDRIVER.SYS []
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-02 6554496]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 SAVRT;SAVRT; \??\C:\WINDOWS\system32\Drivers\SAVRT.SYS []
R3 sfman;Creative SoundFont Manager Driver (WDM); C:\WINDOWS\system32\drivers\sfmanm.sys [2001-08-17 36480]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; \??\C:\WINDOWS\system32\Drivers\SYMREDRV.SYS []
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S2 npkcrypt;npkcrypt; \??\C:\Nexon\MapleStory\npkcrypt.sys []
S3 a5xq9fij;a5xq9fij; C:\WINDOWS\system32\drivers\a5xq9fij.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-10-27 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-10-27 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-21 21568]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 npkcusb;npkcusb; \??\C:\Nexon\MapleStory\npkcusb.sys []
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-06-28 106496]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2002-08-08 308936]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-01 152984]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 navapsvc;Norton AntiVirus Auto Protect Service; C:\Program Files\Norton AntiVirus\navapsvc.exe [2002-11-14 116336]
R2 NProtectService;Norton Unerase Protection; C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE [2002-08-14 135168]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-02 159812]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
R2 SymWSC;SymWMI Service; C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe [2004-11-02 316544]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2007-07-10 501048]
S2 SBService;ScriptBlocking Service; C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe [2001-08-13 54408]
S2 SDService;SDService; C:\Program Files\SpywareDetector\SDService.exe []
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-05-06 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 ccPwdSvc;Symantec Password Validation Service; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2002-08-19 63176]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.04 2008-12-04 17:03:20

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos 1.0-->MsiExec.exe /I{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}
Alcohol 120%-->MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
AOL Instant Messenger-->C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
Apple Mobile Device Support-->MsiExec.exe /I{A43B2A2F-1DB5-47F9-A608-F11A4835D7CB}
Apple Software Update-->MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
Canon Camera Support Core Library-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{A1D0D14A-B776-4907-BC00-5149F2298086} /l1033
Canon Camera Window DC_DV 5 for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}
Canon Camera Window DSLR 5 for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{0A146245-DB79-4197-BF5D-FE1A699A2CC7}
Canon Camera Window MC 5 for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{36C65B50-37BA-4467-AAD5-0523EFDF6F62}
Canon EOS 5D WIA Driver-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BB3AB664-D92B-4CB5-8B3E-D841841F4E68} /l1033
Canon PhotoRecord-->MsiExec.exe /X{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}
Canon RAW Image Task for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}
Canon Utilities Digital Photo Professional 2.0-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{17BF3045-AB1D-4048-8356-6C584B83565E} /l1033
Canon Utilities EOS Capture 1.5-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{589D17BB-C997-48C0-BCD2-CC8DC3375FE8}
Canon Utilities PhotoStitch 3.1-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}
Canon ZoomBrowser EX (E)-->MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
Cooking Dash (remove only)-->"C:\Program Files\Yahoo! Games\Cooking Dash\Uninstall.exe"
Diner Dash Flo Through Time (remove only)-->"C:\Program Files\Yahoo! Games\Diner Dash Flo Through Time\Uninstall.exe"
DivX 4.11 Codec-->"C:\Program Files\DivXCodec\uninstall.exe"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter-->C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Drivers Install For Linksys Easylink Advisor-->MsiExec.exe /I{A1960A82-DB70-474D-A86B-FA74466103C6}
EAX(tm) Unified (SHELL)-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative Labs\EAX(tm) Unified (SHELL)\Uninst.isu"
Flock (Photobucket Edition) 0.7-->C:\Program Files\Flock\uninst.exe
Google Gmail Notifier-->"C:\Program Files\Google\Gmail Notifier\UninstallGmail.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Photosmart, Officejet and Deskjet 7.0.A-->C:\Program Files\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe -datfile hposcr11.dat
HP Product Assistant-->MsiExec.exe /I{36FDBE6E-6684-462B-AE98-9A39A1B200CC}
HP Solution Center 7.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{FE57DE70-95DE-4B64-9266-84DA811053DB}
Huffyuv AVI lossless video codec (Remove Only)-->rundll.exe setupx.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\HUFFYUV.INF
Icy Tower v1.3.1-->"c:\games\icytower1.3\unins000.exe"
Indeo® Software-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Ligos\Indeo\Uninst.isu" -c"C:\Program Files\Ligos\Indeo\Indeo System Files\indounin.dll"
Intel A/V Codecs V2.0-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\system32\CDUninst.isu
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
iTunes-->MsiExec.exe /I{9357AE3A-B2ED-4138-BB9B-0564352C3F0A}
Java(TM) 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Jojo’s Fashion Show 2 - Las Cruces (remove only)-->"C:\Program Files\Yahoo! Games\Jojo’s Fashion Show 2 - Las Cruces\Uninstall.exe"
LexarMedia ImageRescue Software-->MsiExec.exe /X{8685BFA3-470B-4E20-A41F-A60BBD40E6E2}
Linksys EasyLink Advisor 1.6 (0044)-->rundll32 C:\PROGRA~1\LINKSY~1\AUInst.dll,ExUninstall
LiveReg (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.80 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero Suite-->C:\Program Files\Common Files\Ahead\Uninstall\Setup.exe /uninstall
Norton AntiVirus 2003 Professional Edition-->MsiExec.exe /I{F4C9398F-B6C6-4A4B-8B6D-795CD86F915D}
Norton WMI Update-->MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
Pro Media Director Version 1.1.1.1-->"C:\Program Files\Pelican Performance\Pro Media Director\unins000.exe"
QuickTime-->MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RAM Defrag-->C:\WINDOWS\system32\GKSUI18.EXE C:\Program Files\RAM Defrag V2.55\UNINSTAL.DAT
RescuePRO 3.2-->C:\WINDOWS\iun507.exe C:\Program Files\RescuePRO\irunin.ini
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster 4.1-->"C:\Program Files\SpywareBlaster\unins000.exe"
The Sims™ 2 Deluxe-->C:\Program Files\EA GAMES\The Sims 2 Deluxe\EAUninstall.exe
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Westwood Shared Internet Components-->C:\Westwood\Internet\UnstllAP.EXE
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Xvid 1.1.2 final uninstall-->"C:\Program Files\Xvid\unins000.exe"
Yahoo! ¤u¨ã¦C-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
Yahoo! Browser Services-->C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: Norton AntiVirus (disabled) (outdated)

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0a00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip

-----------------EOF-----------------
my most recent check came up clear, after i restarted and had it check upon loading, so should i post any logs?

Shaba
2008-12-05, 12:41
There are some bad files.

We need first to disable TeaTimer that it doesn't interfere with fixes. You can re-enable it when you're clean again:

1. Run Spybot-S&D in Advanced Mode.
2. If it is not already set to do this Go to the Mode menu select "Advanced Mode"
3. On the left hand side, Click on Tools
4. Then click on the Resident Icon in the List
5. Uncheck "Resident TeaTimer" and OK any prompts.
6. Restart your computer.

Download ResetTeaTimer.bat to the Desktop
http://downloads.subratam.org/ResetTeaTimer.bat
Double click ResetTeaTimer.bat to remove all entries set by TeaTimer (and preventing TeaTimer to restore them upon reactivation).

Open notepad and copy/paste the text in the codebox below into it:


File::
C:\WINDOWS\system32\aupnsu.dll
C:\WINDOWS\system32\iqjfqrbc.dll

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=-


Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

N_Cobb
2008-12-06, 05:35
ComboFix 08-12-05.02 - Calvin D Stone 2008-12-05 22:30:29.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.251 [GMT -5:00]
Running from: c:\documents and settings\Calvin D Stone\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Calvin D Stone\Desktop\cfscript.txt
* Created a new restore point

FILE ::
c:\windows\system32\aupnsu.dll
c:\windows\system32\iqjfqrbc.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Calvin D Stone\Local Settings\Temporary Internet Files\fbk.sts
c:\windows\system32\aupnsu.dll
c:\windows\system32\iqjfqrbc.dll
c:\windows\wiaserviv.log

.
((((((((((((((((((((((((( Files Created from 2008-11-06 to 2008-12-06 )))))))))))))))))))))))))))))))
.

2008-12-05 22:28 . 2008-12-05 22:28 <DIR> d-------- C:\32788R22FWJFW
2008-12-04 17:02 . 2008-12-04 17:03 <DIR> d-------- C:\rsit
2008-12-01 01:58 . 2008-12-01 02:00 <DIR> d-------- c:\program files\SpywareBlaster
2008-12-01 01:58 . 2008-12-01 02:12 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-12-01 01:16 . 2008-12-01 01:16 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-30 01:47 . 2008-11-30 01:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP Product Assistant
2008-11-29 21:09 . 2001-03-28 09:38 69,632 --a------ c:\windows\system32\GkSui18.EXE
2008-11-28 02:10 . 2008-12-03 02:46 <DIR> d-------- c:\program files\NCSoft
2008-11-28 01:51 . 2008-11-28 02:00 <DIR> d-------- c:\documents and settings\Calvin D Stone\Application Data\GetRightToGo
2008-11-23 17:50 . 2008-11-24 16:39 4,224 --a------ c:\windows\system32\drivers\beep.sys
2008-11-23 17:50 . 2008-11-24 16:39 4,224 --a--c--- c:\windows\system32\dllcache\beep.sys
2008-11-22 14:37 . 2008-11-22 14:37 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-22 14:37 . 2008-11-22 14:37 <DIR> d-------- c:\documents and settings\Calvin D Stone\Application Data\Malwarebytes
2008-11-22 14:37 . 2008-11-22 14:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-22 14:37 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-22 14:37 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-17 00:38 . 2008-12-04 17:02 <DIR> d-------- c:\program files\trend micro
2008-11-15 22:10 . 2008-11-15 22:10 <DIR> d-------- c:\documents and settings\Administrator
2008-11-15 22:03 . 2008-11-15 22:03 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\GetModule
2008-11-13 03:00 . 2008-11-13 03:00 <DIR> d-------- c:\program files\MSXML 4.0
2008-11-12 23:29 . 2008-09-04 12:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 23:29 . 2008-10-24 06:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-04 21:59 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-01 06:36 --------- d-----w c:\program files\Norton AntiVirus
2008-12-01 06:16 --------- d-----w c:\program files\Java
2008-11-30 06:48 --------- d-----w c:\program files\HP
2008-11-29 06:01 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-28 07:10 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-23 10:28 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-16 08:05 --------- d-----w c:\documents and settings\All Users\Application Data\PlayFirst
2008-11-16 08:04 --------- d-----w c:\documents and settings\Calvin D Stone\Application Data\PlayFirst
2008-11-16 08:02 --------- d-----w c:\program files\Yahoo! Games
2008-11-16 07:42 --------- d-----w c:\documents and settings\Calvin D Stone\Application Data\LimeWire
2008-11-05 01:14 --------- d-----w c:\program files\SpywareDetector
2008-11-04 19:39 --------- d-----w c:\program files\SpyHunter
2008-11-03 00:28 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 15:00 12,752 ----a-w c:\windows\system32\SDEarlyDelete.exe
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-23 14:14 921,600 ----a-w c:\windows\system32\CheckDll.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll
2007-05-06 23:12 32 --sha-w c:\windows\{61F619DA-22AC-4292-B9C2-AFDB35602C2A}.dat
2007-05-06 23:12 32 --sha-w c:\windows\system32\{B26B46C6-58DB-4524-BBB8-8751C8C59929}.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 454784]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2002-08-19 50880]
"ccRegVfy"="c:\program files\Common Files\Symantec Shared\ccRegVfy.exe" [2002-08-19 34504]
"Advanced Tools Check"="c:\progra~1\NORTON~1\AdvTools\ADVCHK.EXE" [2002-08-26 79480]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-07-10 270648]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-02 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-02 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-01 136600]
"nwiz"="nwiz.exe" [2008-05-02 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [2002-08-07 54936]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]

c:\documents and settings\Calvin D Stone\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2007-05-06 106560]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i263_32.drv
"aux"= ctwdm32.dll
"msacm.g723"= g723.acm
"vidc.I263"= I263_32.drv
"VIDC.HFYU"= huffyuv.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"60440:TCP"= 60440:TCP:*:Disabled:SolidNetworkManager
"60440:UDP"= 60440:UDP:*:Disabled:SolidNetworkManager

R0 sojubus;sojubus;c:\windows\system32\DRIVERS\sojubus.sys [2003-10-05 123520]
R0 sojuscsi;sojuscsi;c:\windows\system32\DRIVERS\sojuscsi.sys [2003-09-28 5504]
R2 NProtectService;Norton Unerase Protection;"c:\program files\Norton AntiVirus\AdvTools\NPROTECT.EXE" [2007-05-06 135168]
S2 SDService;SDService;c:\program files\SpywareDetector\SDService.exe []
.
Contents of the 'Scheduled Tasks' folder

2008-12-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 14:42]

2008-12-06 c:\windows\Tasks\Norton AntiVirus - Scan my computer.job
- c:\progra~1\NORTON~1\NAVW32.exe [2002-11-14 19:31]

2008-12-05 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2002-08-07 08:04]
.
- - - - ORPHANS REMOVED - - - -

BHO-{95428be1-00b3-4919-8e16-e38550ce7366} - (no file)
HKLM-Run-SDActiveMonitor - c:\program files\SpywareDetector\SDActiveMonitor.exe
HKLM-Run-SDAutoLiveupdate - c:\program files\SpywareDetector\LiveUpdateSD.exe
HKLM-Run-RAM_DEFRAG - (no file)



**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-05 22:34:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-12-05 22:35:49
ComboFix-quarantined-files.txt 2008-12-06 03:35:35

Pre-Run: 14,119,895,040 bytes free
Post-Run: 15,826,894,848 bytes free

160 --- E O F --- 2008-11-13 08:04:29

Logfile of random's system information tool 1.04 (written by random/random)
Run by Calvin D Stone at 2008-12-05 22:40:12
Microsoft Windows XP Professional Service Pack 3
System drive C: has 15 GB (38%) free of 40 GB
Total RAM: 511 MB (45% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:40:25 PM, on 12/5/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Calvin D Stone\Desktop\RSIT.exe
C:\Program Files\trend micro\Calvin D Stone.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Plug-in 1.6.0_05) -
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SDService - Unknown owner - C:\Program Files\SpywareDetector\SDService.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 7910 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
C:\WINDOWS\tasks\Symantec NetDetect.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2007-12-18 817936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-01 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-01 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Norton AntiVirus - C:\Program Files\Norton AntiVirus\NavShExt.dll [2002-11-15 112248]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2002-08-19 50880]
"ccRegVfy"=C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe [2002-08-19 34504]
"Advanced Tools Check"=C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE [2002-08-26 79480]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"=C:\Program Files\Google\Gmail Notifier\gnotify.exe [2005-07-15 479232]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-06-29 286720]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2007-07-10 270648]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-02 13529088]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-02 86016]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-01 136600]
"nwiz"=nwiz.exe /install []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"EasyLinkAdvisor"=C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe [2007-03-15 454784]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE

C:\Documents and Settings\Calvin D Stone\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SYMTDI]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\NCsoft\Exteel\System\Exteel.exe"="C:\Program Files\NCsoft\Exteel\System\Exteel.exe:*:Enabled:Exteel"

======List of files/folders created in the last 1 months======

2008-12-05 22:35:51 ----A---- C:\ComboFix.txt
2008-12-05 22:29:03 ----A---- C:\WINDOWS\zip.exe
2008-12-05 22:29:03 ----A---- C:\WINDOWS\VFIND.exe
2008-12-05 22:29:03 ----A---- C:\WINDOWS\SWREG.exe
2008-12-05 22:29:03 ----A---- C:\WINDOWS\sed.exe
2008-12-05 22:29:03 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-05 22:29:03 ----A---- C:\WINDOWS\grep.exe
2008-12-05 22:29:03 ----A---- C:\WINDOWS\fdsv.exe
2008-12-05 22:29:02 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-05 22:29:02 ----A---- C:\WINDOWS\SWSC.exe
2008-12-05 22:28:47 ----D---- C:\Qoobox
2008-12-05 22:28:18 ----D---- C:\32788R22FWJFW
2008-12-04 17:02:44 ----D---- C:\rsit
2008-12-01 01:58:35 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-01 01:58:30 ----D---- C:\Program Files\SpywareBlaster
2008-12-01 01:50:08 ----SHD---- C:\Config.Msi
2008-12-01 01:16:44 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-01 01:16:44 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-01 01:16:44 ----A---- C:\WINDOWS\system32\java.exe
2008-12-01 01:16:44 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-01 01:08:01 ----D---- C:\Program Files\Mozilla Firefox
2008-11-30 01:47:51 ----D---- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-11-29 21:09:09 ----A---- C:\WINDOWS\system32\GkSui18.EXE
2008-11-28 13:45:14 ----D---- C:\WINDOWS\temp
2008-11-28 02:10:27 ----D---- C:\Program Files\NCSoft
2008-11-28 02:04:43 ----RSD---- C:\WINDOWS\assembly
2008-11-28 02:03:03 ----D---- C:\WINDOWS\Microsoft.NET
2008-11-28 01:51:31 ----D---- C:\Documents and Settings\Calvin D Stone\Application Data\GetRightToGo
2008-11-23 05:34:03 ----A---- C:\Boot.bak
2008-11-23 05:33:47 ----RASHD---- C:\cmdcons
2008-11-23 05:30:55 ----D---- C:\WINDOWS\ERDNT
2008-11-22 14:37:15 ----D---- C:\Documents and Settings\Calvin D Stone\Application Data\Malwarebytes
2008-11-22 14:37:06 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-22 14:37:06 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-17 00:38:12 ----D---- C:\Program Files\trend micro
2008-11-15 23:11:30 ----A---- C:\WINDOWS\system32\6361d4d7-.txt
2008-11-13 03:01:38 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-13 03:01:30 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-13 03:01:18 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-13 03:00:28 ----D---- C:\Program Files\MSXML 4.0

======List of files/folders modified in the last 1 months======

2008-12-05 22:35:57 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-05 22:35:56 ----D---- C:\WINDOWS\system32
2008-12-05 22:35:54 ----SHD---- C:\RECYCLER
2008-12-05 22:35:54 ----D---- C:\WINDOWS
2008-12-05 22:34:27 ----A---- C:\WINDOWS\system.ini
2008-12-05 22:32:28 ----D---- C:\WINDOWS\system32\drivers
2008-12-05 22:32:26 ----D---- C:\Program Files\Common Files
2008-12-05 22:32:25 ----D---- C:\WINDOWS\AppPatch
2008-12-05 22:29:42 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-05 22:28:59 ----D---- C:\WINDOWS\Prefetch
2008-12-04 16:59:56 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-12-04 16:59:17 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-01 01:58:30 ----RD---- C:\Program Files
2008-12-01 01:53:08 ----SHD---- C:\WINDOWS\Installer
2008-12-01 01:52:00 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-01 01:51:45 ----D---- C:\WINDOWS\WinSxS
2008-12-01 01:50:41 ----D---- C:\WINDOWS\system32\mui
2008-12-01 01:50:41 ----D---- C:\Program Files\Internet Explorer
2008-12-01 01:45:56 ----D---- C:\WINDOWS\SoftwareDistribution
2008-12-01 01:43:16 ----SHD---- C:\System Volume Information
2008-12-01 01:43:16 ----D---- C:\WINDOWS\system32\Restore
2008-12-01 01:36:47 ----D---- C:\Program Files\Norton AntiVirus
2008-12-01 01:16:14 ----D---- C:\Program Files\Java
2008-11-30 01:48:55 ----D---- C:\Program Files\HP
2008-11-29 18:04:09 ----A---- C:\WINDOWS\NeroDigital.ini
2008-11-29 01:01:05 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-28 03:11:39 ----HD---- C:\WINDOWS\inf
2008-11-28 02:31:09 ----SD---- C:\Documents and Settings\Calvin D Stone\Application Data\Microsoft
2008-11-28 02:10:24 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-27 01:21:34 ----D---- C:\WINDOWS\Help
2008-11-24 15:16:25 ----D---- C:\WINDOWS\network diagnostic
2008-11-23 05:40:05 ----D---- C:\WINDOWS\system32\config
2008-11-23 05:34:03 ----RASH---- C:\boot.ini
2008-11-23 05:28:16 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-22 14:01:04 ----A---- C:\WINDOWS\win.ini
2008-11-16 03:05:01 ----D---- C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-11-16 03:04:59 ----D---- C:\Documents and Settings\Calvin D Stone\Application Data\PlayFirst
2008-11-16 03:02:42 ----D---- C:\Program Files\Yahoo! Games
2008-11-16 02:42:23 ----D---- C:\Documents and Settings\Calvin D Stone\Application Data\LimeWire
2008-11-15 22:10:10 ----D---- C:\Documents and Settings
2008-11-13 03:01:37 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-13 03:01:35 ----A---- C:\WINDOWS\imsins.BAK
2008-11-06 23:26:36 ----D---- C:\WINDOWS\system32\wbem

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-13 37760]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R2 elagopro;GoProto Protocol Driver for LELA; C:\WINDOWS\system32\DRIVERS\elagopro.sys [2007-03-22 28672]
R2 elaunidr;UniDriver for LELA; C:\WINDOWS\system32\DRIVERS\elaunidr.sys [2007-03-22 5376]
R2 SAVRTPEL;SAVRTPEL; \??\C:\WINDOWS\system32\Drivers\SAVRTPEL.SYS []
R2 SYMTDI;SYMTDI; \??\C:\WINDOWS\system32\Drivers\SYMTDI.SYS []
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ctljystk;Creative SBLive! Gameport; C:\WINDOWS\system32\DRIVERS\ctljystk.sys [2001-08-17 3712]
R3 emu10k;Creative SB Live! (WDM); C:\WINDOWS\system32\drivers\emu10k1m.sys [2001-08-17 283904]
R3 emu10k1;Creative Interface Manager Driver (WDM); C:\WINDOWS\system32\drivers\ctlfacem.sys [2001-08-17 6912]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-10-27 49664]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-10-27 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-21 21568]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080430.017\NAVENG.Sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080430.017\NavEx15.Sys []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NPDriver;Norton Unerase Protection Driver; \??\C:\WINDOWS\system32\Drivers\NPDRIVER.SYS []
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-02 6554496]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 SAVRT;SAVRT; \??\C:\WINDOWS\system32\Drivers\SAVRT.SYS []
R3 sfman;Creative SoundFont Manager Driver (WDM); C:\WINDOWS\system32\drivers\sfmanm.sys [2001-08-17 36480]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; \??\C:\WINDOWS\system32\Drivers\SYMREDRV.SYS []
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S2 npkcrypt;npkcrypt; \??\C:\Nexon\MapleStory\npkcrypt.sys []
S3 a5xq9fij;a5xq9fij; C:\WINDOWS\system32\drivers\a5xq9fij.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 npkcusb;npkcusb; \??\C:\Nexon\MapleStory\npkcusb.sys []
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-06-28 106496]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2002-08-08 308936]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-01 152984]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 navapsvc;Norton AntiVirus Auto Protect Service; C:\Program Files\Norton AntiVirus\navapsvc.exe [2002-11-14 116336]
R2 NProtectService;Norton Unerase Protection; C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE [2002-08-14 135168]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-02 159812]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
R2 SymWSC;SymWMI Service; C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe [2004-11-02 316544]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2007-07-10 501048]
S2 SBService;ScriptBlocking Service; C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe [2001-08-13 54408]
S2 SDService;SDService; C:\Program Files\SpywareDetector\SDService.exe []
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-05-06 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 ccPwdSvc;Symantec Password Validation Service; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2002-08-19 63176]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

no info file whats the run command again?

N_Cobb
2008-12-06, 05:38
nvm here's the info

info.txt logfile of random's system information tool 1.04 2008-12-05 22:43:57

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos 1.0-->MsiExec.exe /I{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}
Alcohol 120%-->MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
AOL Instant Messenger-->C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
Apple Mobile Device Support-->MsiExec.exe /I{A43B2A2F-1DB5-47F9-A608-F11A4835D7CB}
Apple Software Update-->MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
Canon Camera Support Core Library-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{A1D0D14A-B776-4907-BC00-5149F2298086} /l1033
Canon Camera Window DC_DV 5 for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}
Canon Camera Window DSLR 5 for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{0A146245-DB79-4197-BF5D-FE1A699A2CC7}
Canon Camera Window MC 5 for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{36C65B50-37BA-4467-AAD5-0523EFDF6F62}
Canon EOS 5D WIA Driver-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BB3AB664-D92B-4CB5-8B3E-D841841F4E68} /l1033
Canon PhotoRecord-->MsiExec.exe /X{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}
Canon RAW Image Task for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}
Canon Utilities Digital Photo Professional 2.0-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{17BF3045-AB1D-4048-8356-6C584B83565E} /l1033
Canon Utilities EOS Capture 1.5-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{589D17BB-C997-48C0-BCD2-CC8DC3375FE8}
Canon Utilities PhotoStitch 3.1-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}
Canon ZoomBrowser EX (E)-->MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
Cooking Dash (remove only)-->"C:\Program Files\Yahoo! Games\Cooking Dash\Uninstall.exe"
Diner Dash Flo Through Time (remove only)-->"C:\Program Files\Yahoo! Games\Diner Dash Flo Through Time\Uninstall.exe"
DivX 4.11 Codec-->"C:\Program Files\DivXCodec\uninstall.exe"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter-->C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Drivers Install For Linksys Easylink Advisor-->MsiExec.exe /I{A1960A82-DB70-474D-A86B-FA74466103C6}
EAX(tm) Unified (SHELL)-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative Labs\EAX(tm) Unified (SHELL)\Uninst.isu"
Flock (Photobucket Edition) 0.7-->C:\Program Files\Flock\uninst.exe
Google Gmail Notifier-->"C:\Program Files\Google\Gmail Notifier\UninstallGmail.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Photosmart, Officejet and Deskjet 7.0.A-->C:\Program Files\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe -datfile hposcr11.dat
HP Product Assistant-->MsiExec.exe /I{36FDBE6E-6684-462B-AE98-9A39A1B200CC}
HP Solution Center 7.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{FE57DE70-95DE-4B64-9266-84DA811053DB}
Huffyuv AVI lossless video codec (Remove Only)-->rundll.exe setupx.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\HUFFYUV.INF
Icy Tower v1.3.1-->"c:\games\icytower1.3\unins000.exe"
Indeo® Software-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Ligos\Indeo\Uninst.isu" -c"C:\Program Files\Ligos\Indeo\Indeo System Files\indounin.dll"
Intel A/V Codecs V2.0-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\system32\CDUninst.isu
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
iTunes-->MsiExec.exe /I{9357AE3A-B2ED-4138-BB9B-0564352C3F0A}
Java(TM) 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Jojo’s Fashion Show 2 - Las Cruces (remove only)-->"C:\Program Files\Yahoo! Games\Jojo’s Fashion Show 2 - Las Cruces\Uninstall.exe"
LexarMedia ImageRescue Software-->MsiExec.exe /X{8685BFA3-470B-4E20-A41F-A60BBD40E6E2}
Linksys EasyLink Advisor 1.6 (0044)-->rundll32 C:\PROGRA~1\LINKSY~1\AUInst.dll,ExUninstall
LiveReg (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.80 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero Suite-->C:\Program Files\Common Files\Ahead\Uninstall\Setup.exe /uninstall
Norton AntiVirus 2003 Professional Edition-->MsiExec.exe /I{F4C9398F-B6C6-4A4B-8B6D-795CD86F915D}
Norton WMI Update-->MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
Pro Media Director Version 1.1.1.1-->"C:\Program Files\Pelican Performance\Pro Media Director\unins000.exe"
QuickTime-->MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RAM Defrag-->C:\WINDOWS\system32\GKSUI18.EXE C:\Program Files\RAM Defrag V2.55\UNINSTAL.DAT
RescuePRO 3.2-->C:\WINDOWS\iun507.exe C:\Program Files\RescuePRO\irunin.ini
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster 4.1-->"C:\Program Files\SpywareBlaster\unins000.exe"
The Sims™ 2 Deluxe-->C:\Program Files\EA GAMES\The Sims 2 Deluxe\EAUninstall.exe
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Westwood Shared Internet Components-->C:\Westwood\Internet\UnstllAP.EXE
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Xvid 1.1.2 final uninstall-->"C:\Program Files\Xvid\unins000.exe"
Yahoo! ¤u¨ã¦C-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
Yahoo! Browser Services-->C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: Norton AntiVirus (disabled) (outdated)

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0a00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip

-----------------EOF-----------------

Shaba
2008-12-06, 12:33
Delete this file:

C:\WINDOWS\system32\6361d4d7-.txt

Empty Recycle Bin.

Still problems?

N_Cobb
2008-12-07, 01:04
nope, looks clear

Shaba
2008-12-07, 12:15
Glad to hear :)

Please follow my earlier final cleanup instructions next.

Shaba
2008-12-09, 16:23
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

Note: If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.

Thank you Shaba-tashi