Page 2 of 4 FirstFirst 1234 LastLast
Results 11 to 20 of 38

Thread: Need help with possible virtumonde virus/trojan

  1. 2010-07-07, 01:03 #11
    eaglescout
    eaglescout is offline
    Junior Member
    Join Date
    Jul 2010
    Posts
    21

    Default resend rsit log.txt

    Logfile of random's system information tool 1.07 (written by random/random)
    Run by Owner at 2010-07-06 18:03:36
    Microsoft Windows XP Professional Service Pack 2
    System drive C: has 73 GB (67%) free of 109 GB
    Total RAM: 503 MB (31% free)

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 6:03:53 PM, on 7/6/2010
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Program Files\Suze Orman\Identity Theft Kit\agent\Bin\SanaSafeConnectWatcher.exe
    C:\Program Files\SentryBay\sbupdate.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Owner.YOUR-E7D118DC12\Desktop\RSIT.exe
    C:\Program Files\trend micro\Owner.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hughhewitt.townhall.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: Secure Browse - {ff507020-a257-4527-a222-b6f5732e55ee} - C:\Program Files\SentryBay\PhishLock\plbho.dll
    O3 - Toolbar: (no name) - {2C0A5F28-48D8-408B-9172-9C6121025BCE} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://*.mcafee.com
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: SanaSafeConnectAgent - Sana Security - C:\Program Files\Suze Orman\Identity Theft Kit\agent\Bin\SanaAgent.exe
    O23 - Service: SanaSafeConnectWatcher - Sana Security - C:\Program Files\Suze Orman\Identity Theft Kit\agent\Bin\SanaSafeConnectWatcher.exe
    O23 - Service: SentryBay Update Service (sbupdate) - SentryBay - C:\Program Files\SentryBay\sbupdate.exe

    --
    End of file - 6186 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    C:\WINDOWS\tasks\EasyShare Registration Task.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
    RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-12-30 304736]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2008-03-26 2403392]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-10-08 737776]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-09-04 73728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ff507020-a257-4527-a222-b6f5732e55ee}]
    Secure Browse - C:\Program Files\SentryBay\PhishLock\plbho.dll [2009-03-08 209208]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {2C0A5F28-48D8-408B-9172-9C6121025BCE}
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2008-03-26 2403392]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]
    "Lexmark X74-X75"=C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe [2002-10-14 57344]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2010-07-02 2403568]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\08288056785047268639960369600591]
    C:\Program Files\A360\av360.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-08-13 177440]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamMonitor]
    C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    C:\WINDOWS\system32\ctfmon.exe [2004-08-10 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
    C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
    C:\WINDOWS\system32\hkcmd.exe [2006-03-23 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
    C:\WINDOWS\system32\igfxpers.exe [2006-03-23 118784]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
    C:\WINDOWS\system32\igfxtray.exe [2006-03-23 94208]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-09-11 218032]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    C:\Program Files\iTunes\iTunesHelper.exe [2009-10-28 141600]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    C:\WINDOWS\system32\dumprep 0 -k []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X74-X75]
    C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe [2002-10-14 57344]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
    C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
    C:\Program Files\McAfee\SpamKiller\MSKDetct.exe [2006-11-07 1121280]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
    NA []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    C:\Program Files\QuickTime\qttask.exe [2009-09-05 417792]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\readericon]
    C:\Program Files\Digital Media Reader\readericon45G.exe [2005-12-09 139264]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
    C:\WINDOWS\SMINST\RECGUARD.EXE [2002-09-14 212992]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
    C:\WINDOWS\Creator\Remind_XP.exe [2005-02-25 966656]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SanaSafeConnect]
    C:\Program Files\Suze Orman\Identity Theft Kit\agent\bin\SanaSafeConnect.exe [2007-10-18 1731096]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiteAdvisor]
    C:\Program Files\SiteAdvisor\6172\SiteAdv.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smifasic]
    C:\WINDOWS\azumagabobituyi.dll,Startup []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    C:\WINDOWS\SOUNDMAN.EXE [2006-03-01 577536]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-04-05 68856]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2008-04-23 29696]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
    C:\PROGRA~1\BigFix\bigfix.exe [2005-10-11 2168360]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Install Pending Files.LNK]
    C:\PROGRA~1\SIFXINST\SIFXINST.EXE /ApplyPending []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
    C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE [2008-10-30 282624]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [2001-02-13 83360]

    C:\Documents and Settings\Owner.YOUR-E7D118DC12\Start Menu\Programs\Startup
    ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "DisableTaskMgr"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1
    "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
    "DisableTaskMgr"=0

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=149

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "HonorAutoRunSetting"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
    "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
    "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
    shell\AutoRun\command - E:\setup\rsrc\Autorun.exe
    shell\dinstall\command - E:\Directx\dxsetup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{105fed0f-7bd7-11db-a61a-806d6172696f}]
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f14b1e81-7a86-11db-b123-806d6172696f}]
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480


    ======List of files/folders created in the last 1 months======

    2010-07-06 18:03:37 ----D---- C:\Program Files\trend micro
    2010-07-06 18:03:36 ----D---- C:\rsit
    2010-07-05 23:05:57 ----D---- C:\Documents and Settings\Owner.YOUR-E7D118DC12\Application Data\QuickScan
    2010-07-05 22:56:48 ----D---- C:\Documents and Settings\Owner.YOUR-E7D118DC12\Application Data\K-Meleon
    2010-07-05 22:56:32 ----D---- C:\Program Files\K-Meleon
    2010-07-05 14:36:52 ----D---- C:\Program Files\ERUNT
    2010-07-03 14:08:34 ----D---- C:\Documents and Settings\Owner.YOUR-E7D118DC12\Application Data\tor
    2010-07-03 13:35:57 ----D---- C:\Documents and Settings\Owner.YOUR-E7D118DC12\Application Data\Vidalia
    2010-07-02 14:52:17 ----D---- C:\Program Files\Panda Security
    2010-07-02 14:38:20 ----D---- C:\Program Files\ESET
    2010-07-02 13:59:19 ----D---- C:\Documents and Settings\Owner.YOUR-E7D118DC12\Application Data\Auslogics
    2010-07-02 13:57:56 ----D---- C:\Program Files\Auslogics
    2010-07-02 13:27:22 ----D---- C:\Program Files\CCleaner
    2010-07-02 13:26:34 ----D---- C:\Program Files\ToniArts
    2010-07-02 00:13:06 ----D---- C:\WINDOWS\ERDNT
    2010-07-02 00:11:16 ----A---- C:\erunt-setup(2).exe
    2010-06-08 23:06:53 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$
    2010-06-08 23:06:24 ----HDC---- C:\WINDOWS\$NtUninstallKB979904$
    2010-06-08 23:04:53 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$
    2010-06-08 23:02:54 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$
    2010-06-08 22:50:55 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
    2010-06-08 22:50:43 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
    2010-06-08 22:50:30 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$
    2010-06-08 22:42:11 ----HDC---- C:\WINDOWS\$NtUninstallKB982381$

    ======List of files/folders modified in the last 1 months======

    2010-07-06 18:03:44 ----D---- C:\WINDOWS\Prefetch
    2010-07-06 18:03:37 ----D---- C:\Program Files
    2010-07-06 17:24:21 ----D---- C:\Program Files\Mozilla Firefox
    2010-07-06 16:14:35 ----D---- C:\WINDOWS\Help
    2010-07-06 15:46:41 ----D---- C:\WINDOWS\Temp
    2010-07-06 15:46:41 ----D---- C:\WINDOWS\system32\ias
    2010-07-06 15:46:29 ----D---- C:\WINDOWS\Registration
    2010-07-06 15:46:20 ----D---- C:\WINDOWS\system32\CatRoot2
    2010-07-06 15:46:15 ----A---- C:\WINDOWS\ModemLog_PCI Soft Data Fax Modem with SmartCP.txt
    2010-07-06 15:45:40 ----D---- C:\WINDOWS
    2010-07-06 08:13:27 ----A---- C:\WINDOWS\SchedLgU.Txt
    2010-07-05 23:18:44 ----D---- C:\WINDOWS\system32\drivers
    2010-07-05 18:03:00 ----SHD---- C:\WINDOWS\Installer
    2010-07-05 18:02:59 ----SHD---- C:\Config.Msi
    2010-07-05 16:25:46 ----ASH---- C:\boot.ini
    2010-07-05 16:25:46 ----A---- C:\WINDOWS\win.ini
    2010-07-05 16:25:46 ----A---- C:\WINDOWS\system.ini
    2010-07-05 14:26:54 ----D---- C:\WINDOWS\system32\appmgmt
    2010-07-05 14:25:05 ----SHD---- C:\RECYCLER
    2010-07-03 08:49:39 ----SHD---- C:\System Volume Information
    2010-07-03 08:49:39 ----D---- C:\WINDOWS\system32\Restore
    2010-07-03 08:38:54 ----D---- C:\WINDOWS\Debug
    2010-07-03 08:36:40 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2010-07-02 23:35:53 ----D---- C:\Program Files\Common Files
    2010-07-02 14:52:58 ----HD---- C:\WINDOWS\inf
    2010-07-02 13:55:32 ----D---- C:\Program Files\SUPERAntiSpyware
    2010-07-02 13:34:25 ----D---- C:\WINDOWS\Minidump
    2010-07-02 13:26:33 ----HD---- C:\Program Files\InstallShield Installation Information
    2010-07-02 04:11:49 ----RSD---- C:\WINDOWS\assembly
    2010-07-02 04:11:32 ----D---- C:\WINDOWS\Microsoft.NET
    2010-07-02 04:07:38 ----D---- C:\WINDOWS\system32
    2010-07-02 04:06:26 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
    2010-07-02 04:05:57 ----D---- C:\WINDOWS\WinSxS
    2010-06-19 14:56:19 ----A---- C:\WINDOWS\LEXSTAT.INI
    2010-06-15 23:07:50 ----A---- C:\WINDOWS\Sfc3ng.ini
    2010-06-10 16:14:27 ----D---- C:\Documents and Settings\Owner.YOUR-E7D118DC12\Application Data\Identities
    2010-06-08 23:06:55 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2010-06-08 23:04:34 ----HD---- C:\WINDOWS\$hf_mig$
    2010-06-08 22:42:19 ----D---- C:\Program Files\Internet Explorer

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
    R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-03-01 124784]
    R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-10 36096]
    R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-09-16 214664]
    R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
    R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
    R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
    R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-02-16 60936]
    R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
    R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2006-05-19 3965056]
    R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
    R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-07-18 990592]
    R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2006-07-18 256128]
    R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-03-23 1166972]
    R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-02-26 81408]
    R3 SanaSafeConnectDriver;SanaSafeConnectDriver; \??\C:\Program Files\Suze Orman\Identity Theft Kit\agent\driver\platform_XP\SafeConnectDriver.sys []
    R3 SanaSafeConnectFilter;SanaSafeConnectFilter; \??\C:\Program Files\Suze Orman\Identity Theft Kit\agent\driver\platform_XP\SafeConnectFilter.sys []
    R3 SanaSafeConnectShim;SanaSafeConnectShim; \??\C:\Program Files\Suze Orman\Identity Theft Kit\agent\driver\platform_XP\SafeConnectShim.sys []
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
    R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
    R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
    R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
    R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-11-22 20480]
    R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-07-18 728192]
    S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
    S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-10 60800]
    S3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]
    S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-18 9600]
    S3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-09-16 79816]
    S3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-09-16 35272]
    S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-09-16 34248]
    S3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-09-16 40552]
    S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
    S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
    S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-10 61824]
    S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
    S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
    S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-10 67584]
    S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
    S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
    S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
    S3 uxtdapow;uxtdapow; \??\C:\DOCUME~1\OWNER~1.YOU\LOCALS~1\Temp\uxtdapow.sys []
    S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
    R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-04-01 267432]
    R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
    R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
    R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
    R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
    R2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-10 267776]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-09-04 153376]
    R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2002-10-14 303104]
    R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
    R2 SanaSafeConnectWatcher;SanaSafeConnectWatcher; C:\Program Files\Suze Orman\Identity Theft Kit\agent\Bin\SanaSafeConnectWatcher.exe [2007-10-18 547352]
    R2 sbupdate;SentryBay Update Service; C:\Program Files\SentryBay\sbupdate.exe [2009-03-08 41272]
    R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
    S2 SanaSafeConnectAgent;SanaSafeConnectAgent; C:\Program Files\Suze Orman\Identity Theft Kit\agent\Bin\SanaAgent.exe [2007-10-18 5218328]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
    S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
    S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-26 138168]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
    S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
    S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-10-28 545568]
    S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2004-08-10 14336]
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-10 14336]
    S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

    -----------------EOF-----------------
  2. 2010-07-07, 01:06 #12
    eaglescout
    eaglescout is offline
    Junior Member
    Join Date
    Jul 2010
    Posts
    21

    Default resend rsit log.txt

    I may have made a mistake and posted this as a new thread instead of a reply...

    Here is a resend of log.txt...I will need to step away for a couple of hours, but I'll be back...thanks again...

    Logfile of random's system information tool 1.07 (written by random/random)
    Run by Owner at 2010-07-06 18:03:36
    Microsoft Windows XP Professional Service Pack 2
    System drive C: has 73 GB (67%) free of 109 GB
    Total RAM: 503 MB (31% free)

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 6:03:53 PM, on 7/6/2010
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Program Files\Suze Orman\Identity Theft Kit\agent\Bin\SanaSafeConnectWatcher.exe
    C:\Program Files\SentryBay\sbupdate.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Owner.YOUR-E7D118DC12\Desktop\RSIT.exe
    C:\Program Files\trend micro\Owner.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hughhewitt.townhall.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: Secure Browse - {ff507020-a257-4527-a222-b6f5732e55ee} - C:\Program Files\SentryBay\PhishLock\plbho.dll
    O3 - Toolbar: (no name) - {2C0A5F28-48D8-408B-9172-9C6121025BCE} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://*.mcafee.com
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: SanaSafeConnectAgent - Sana Security - C:\Program Files\Suze Orman\Identity Theft Kit\agent\Bin\SanaAgent.exe
    O23 - Service: SanaSafeConnectWatcher - Sana Security - C:\Program Files\Suze Orman\Identity Theft Kit\agent\Bin\SanaSafeConnectWatcher.exe
    O23 - Service: SentryBay Update Service (sbupdate) - SentryBay - C:\Program Files\SentryBay\sbupdate.exe

    --
    End of file - 6186 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    C:\WINDOWS\tasks\EasyShare Registration Task.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
    RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-12-30 304736]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2008-03-26 2403392]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-10-08 737776]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-09-04 73728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ff507020-a257-4527-a222-b6f5732e55ee}]
    Secure Browse - C:\Program Files\SentryBay\PhishLock\plbho.dll [2009-03-08 209208]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {2C0A5F28-48D8-408B-9172-9C6121025BCE}
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2008-03-26 2403392]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]
    "Lexmark X74-X75"=C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe [2002-10-14 57344]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2010-07-02 2403568]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\08288056785047268639960369600591]
    C:\Program Files\A360\av360.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-08-13 177440]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamMonitor]
    C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    C:\WINDOWS\system32\ctfmon.exe [2004-08-10 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
    C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
    C:\WINDOWS\system32\hkcmd.exe [2006-03-23 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
    C:\WINDOWS\system32\igfxpers.exe [2006-03-23 118784]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
    C:\WINDOWS\system32\igfxtray.exe [2006-03-23 94208]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-09-11 218032]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    C:\Program Files\iTunes\iTunesHelper.exe [2009-10-28 141600]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    C:\WINDOWS\system32\dumprep 0 -k []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X74-X75]
    C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe [2002-10-14 57344]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
    C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
    C:\Program Files\McAfee\SpamKiller\MSKDetct.exe [2006-11-07 1121280]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
    NA []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    C:\Program Files\QuickTime\qttask.exe [2009-09-05 417792]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\readericon]
    C:\Program Files\Digital Media Reader\readericon45G.exe [2005-12-09 139264]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
    C:\WINDOWS\SMINST\RECGUARD.EXE [2002-09-14 212992]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
    C:\WINDOWS\Creator\Remind_XP.exe [2005-02-25 966656]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SanaSafeConnect]
    C:\Program Files\Suze Orman\Identity Theft Kit\agent\bin\SanaSafeConnect.exe [2007-10-18 1731096]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiteAdvisor]
    C:\Program Files\SiteAdvisor\6172\SiteAdv.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smifasic]
    C:\WINDOWS\azumagabobituyi.dll,Startup []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    C:\WINDOWS\SOUNDMAN.EXE [2006-03-01 577536]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-04-05 68856]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2008-04-23 29696]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
    C:\PROGRA~1\BigFix\bigfix.exe [2005-10-11 2168360]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Install Pending Files.LNK]
    C:\PROGRA~1\SIFXINST\SIFXINST.EXE /ApplyPending []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
    C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE [2008-10-30 282624]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [2001-02-13 83360]

    C:\Documents and Settings\Owner.YOUR-E7D118DC12\Start Menu\Programs\Startup
    ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "DisableTaskMgr"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1
    "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
    "DisableTaskMgr"=0

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=149

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "HonorAutoRunSetting"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
    "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
    "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
    shell\AutoRun\command - E:\setup\rsrc\Autorun.exe
    shell\dinstall\command - E:\Directx\dxsetup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{105fed0f-7bd7-11db-a61a-806d6172696f}]
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f14b1e81-7a86-11db-b123-806d6172696f}]
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480


    ======List of files/folders created in the last 1 months======

    2010-07-06 18:03:37 ----D---- C:\Program Files\trend micro
    2010-07-06 18:03:36 ----D---- C:\rsit
    2010-07-05 23:05:57 ----D---- C:\Documents and Settings\Owner.YOUR-E7D118DC12\Application Data\QuickScan
    2010-07-05 22:56:48 ----D---- C:\Documents and Settings\Owner.YOUR-E7D118DC12\Application Data\K-Meleon
    2010-07-05 22:56:32 ----D---- C:\Program Files\K-Meleon
    2010-07-05 14:36:52 ----D---- C:\Program Files\ERUNT
    2010-07-03 14:08:34 ----D---- C:\Documents and Settings\Owner.YOUR-E7D118DC12\Application Data\tor
    2010-07-03 13:35:57 ----D---- C:\Documents and Settings\Owner.YOUR-E7D118DC12\Application Data\Vidalia
    2010-07-02 14:52:17 ----D---- C:\Program Files\Panda Security
    2010-07-02 14:38:20 ----D---- C:\Program Files\ESET
    2010-07-02 13:59:19 ----D---- C:\Documents and Settings\Owner.YOUR-E7D118DC12\Application Data\Auslogics
    2010-07-02 13:57:56 ----D---- C:\Program Files\Auslogics
    2010-07-02 13:27:22 ----D---- C:\Program Files\CCleaner
    2010-07-02 13:26:34 ----D---- C:\Program Files\ToniArts
    2010-07-02 00:13:06 ----D---- C:\WINDOWS\ERDNT
    2010-07-02 00:11:16 ----A---- C:\erunt-setup(2).exe
    2010-06-08 23:06:53 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$
    2010-06-08 23:06:24 ----HDC---- C:\WINDOWS\$NtUninstallKB979904$
    2010-06-08 23:04:53 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$
    2010-06-08 23:02:54 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$
    2010-06-08 22:50:55 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
    2010-06-08 22:50:43 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
    2010-06-08 22:50:30 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$
    2010-06-08 22:42:11 ----HDC---- C:\WINDOWS\$NtUninstallKB982381$

    ======List of files/folders modified in the last 1 months======

    2010-07-06 18:03:44 ----D---- C:\WINDOWS\Prefetch
    2010-07-06 18:03:37 ----D---- C:\Program Files
    2010-07-06 17:24:21 ----D---- C:\Program Files\Mozilla Firefox
    2010-07-06 16:14:35 ----D---- C:\WINDOWS\Help
    2010-07-06 15:46:41 ----D---- C:\WINDOWS\Temp
    2010-07-06 15:46:41 ----D---- C:\WINDOWS\system32\ias
    2010-07-06 15:46:29 ----D---- C:\WINDOWS\Registration
    2010-07-06 15:46:20 ----D---- C:\WINDOWS\system32\CatRoot2
    2010-07-06 15:46:15 ----A---- C:\WINDOWS\ModemLog_PCI Soft Data Fax Modem with SmartCP.txt
    2010-07-06 15:45:40 ----D---- C:\WINDOWS
    2010-07-06 08:13:27 ----A---- C:\WINDOWS\SchedLgU.Txt
    2010-07-05 23:18:44 ----D---- C:\WINDOWS\system32\drivers
    2010-07-05 18:03:00 ----SHD---- C:\WINDOWS\Installer
    2010-07-05 18:02:59 ----SHD---- C:\Config.Msi
    2010-07-05 16:25:46 ----ASH---- C:\boot.ini
    2010-07-05 16:25:46 ----A---- C:\WINDOWS\win.ini
    2010-07-05 16:25:46 ----A---- C:\WINDOWS\system.ini
    2010-07-05 14:26:54 ----D---- C:\WINDOWS\system32\appmgmt
    2010-07-05 14:25:05 ----SHD---- C:\RECYCLER
    2010-07-03 08:49:39 ----SHD---- C:\System Volume Information
    2010-07-03 08:49:39 ----D---- C:\WINDOWS\system32\Restore
    2010-07-03 08:38:54 ----D---- C:\WINDOWS\Debug
    2010-07-03 08:36:40 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2010-07-02 23:35:53 ----D---- C:\Program Files\Common Files
    2010-07-02 14:52:58 ----HD---- C:\WINDOWS\inf
    2010-07-02 13:55:32 ----D---- C:\Program Files\SUPERAntiSpyware
    2010-07-02 13:34:25 ----D---- C:\WINDOWS\Minidump
    2010-07-02 13:26:33 ----HD---- C:\Program Files\InstallShield Installation Information
    2010-07-02 04:11:49 ----RSD---- C:\WINDOWS\assembly
    2010-07-02 04:11:32 ----D---- C:\WINDOWS\Microsoft.NET
    2010-07-02 04:07:38 ----D---- C:\WINDOWS\system32
    2010-07-02 04:06:26 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
    2010-07-02 04:05:57 ----D---- C:\WINDOWS\WinSxS
    2010-06-19 14:56:19 ----A---- C:\WINDOWS\LEXSTAT.INI
    2010-06-15 23:07:50 ----A---- C:\WINDOWS\Sfc3ng.ini
    2010-06-10 16:14:27 ----D---- C:\Documents and Settings\Owner.YOUR-E7D118DC12\Application Data\Identities
    2010-06-08 23:06:55 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2010-06-08 23:04:34 ----HD---- C:\WINDOWS\$hf_mig$
    2010-06-08 22:42:19 ----D---- C:\Program Files\Internet Explorer

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
    R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-03-01 124784]
    R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-10 36096]
    R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-09-16 214664]
    R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
    R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
    R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
    R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-02-16 60936]
    R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
    R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2006-05-19 3965056]
    R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
    R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-07-18 990592]
    R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2006-07-18 256128]
    R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-03-23 1166972]
    R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-02-26 81408]
    R3 SanaSafeConnectDriver;SanaSafeConnectDriver; \??\C:\Program Files\Suze Orman\Identity Theft Kit\agent\driver\platform_XP\SafeConnectDriver.sys []
    R3 SanaSafeConnectFilter;SanaSafeConnectFilter; \??\C:\Program Files\Suze Orman\Identity Theft Kit\agent\driver\platform_XP\SafeConnectFilter.sys []
    R3 SanaSafeConnectShim;SanaSafeConnectShim; \??\C:\Program Files\Suze Orman\Identity Theft Kit\agent\driver\platform_XP\SafeConnectShim.sys []
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
    R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
    R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
    R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
    R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-11-22 20480]
    R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-07-18 728192]
    S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
    S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-10 60800]
    S3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]
    S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-18 9600]
    S3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-09-16 79816]
    S3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-09-16 35272]
    S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-09-16 34248]
    S3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-09-16 40552]
    S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
    S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
    S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-10 61824]
    S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
    S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
    S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-10 67584]
    S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
    S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
    S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
    S3 uxtdapow;uxtdapow; \??\C:\DOCUME~1\OWNER~1.YOU\LOCALS~1\Temp\uxtdapow.sys []
    S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
    R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-04-01 267432]
    R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
    R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
    R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
    R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
    R2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-10 267776]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-09-04 153376]
    R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2002-10-14 303104]
    R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
    R2 SanaSafeConnectWatcher;SanaSafeConnectWatcher; C:\Program Files\Suze Orman\Identity Theft Kit\agent\Bin\SanaSafeConnectWatcher.exe [2007-10-18 547352]
    R2 sbupdate;SentryBay Update Service; C:\Program Files\SentryBay\sbupdate.exe [2009-03-08 41272]
    R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
    S2 SanaSafeConnectAgent;SanaSafeConnectAgent; C:\Program Files\Suze Orman\Identity Theft Kit\agent\Bin\SanaAgent.exe [2007-10-18 5218328]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
    S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
    S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-26 138168]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
    S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
    S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-10-28 545568]
    S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2004-08-10 14336]
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-10 14336]
    S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

    -----------------EOF-----------------
  3. 2010-07-07, 01:46 #13
    ken545
    ken545 is offline
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Thats better , thank you, I am looking it over now
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.
  4. 2010-07-07, 01:55 #14
    ken545
    ken545 is offline
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Hi,

    It looks like your running Avira AV and may have had McAfee at one time, but McAfee is still trying to run on start up, can you clear this up for me .

    Also, your Operating System and your Internet Explorer browser are very outdated leaving holes in your system to let this garbage in, but dont fix that yet, your system needs to be clean before we do any updating.



    Your infected with a rogue program, lets do this

    Download ComboFix from one of these locations:

    Link 1
    Link 2


    * IMPORTANT !!! Save ComboFix.exe to your Desktop


    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    • See this Link for programs that need to be disabled and instruction on how to disable them.
    • Remember to re-enable them when we're done.

    • Double click on ComboFix.exe & follow the prompts.

    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

    *If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.
  5. 2010-07-07, 05:25 #15
    eaglescout
    eaglescout is offline
    Junior Member
    Join Date
    Jul 2010
    Posts
    21

    Default combofix log

    Okay, here is the combofix log...

    ComboFix 10-07-06.02 - Owner 07/06/2010 23:07:01.1.1 - x86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.503.128 [GMT -4:00]
    Running from: c:\documents and settings\Owner.YOUR-E7D118DC12\Desktop\ComboFix.exe
    AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Owner.YOUR-E7D118DC12\Local Settings\Application Data\{ED59A1AE-6106-4BA1-B155-3EADCA9787BD}
    c:\documents and settings\Owner.YOUR-E7D118DC12\Local Settings\Application Data\{ED59A1AE-6106-4BA1-B155-3EADCA9787BD}\chrome.manifest
    c:\documents and settings\Owner.YOUR-E7D118DC12\Local Settings\Application Data\{ED59A1AE-6106-4BA1-B155-3EADCA9787BD}\chrome\content\_cfg.js
    c:\documents and settings\Owner.YOUR-E7D118DC12\Local Settings\Application Data\{ED59A1AE-6106-4BA1-B155-3EADCA9787BD}\chrome\content\overlay.xul
    c:\documents and settings\Owner.YOUR-E7D118DC12\Local Settings\Application Data\{ED59A1AE-6106-4BA1-B155-3EADCA9787BD}\install.rdf
    c:\windows\system32\system
    c:\windows\system32\Thumbs.db
    D:\Autorun.inf

    .
    ((((((((((((((((((((((((( Files Created from 2010-06-07 to 2010-07-07 )))))))))))))))))))))))))))))))
    .

    2010-07-06 22:03 . 2010-07-06 22:03 -------- d-----w- c:\program files\trend micro
    2010-07-06 22:03 . 2010-07-06 22:03 -------- d-----w- C:\rsit
    2010-07-06 03:05 . 2010-07-06 03:13 -------- d-----w- c:\documents and settings\Owner.YOUR-E7D118DC12\Application Data\QuickScan
    2010-07-06 02:57 . 2010-07-06 02:57 -------- d-----w- c:\documents and settings\Owner.YOUR-E7D118DC12\Local Settings\Application Data\K-Meleon
    2010-07-06 02:56 . 2010-07-06 02:57 -------- d-----w- c:\documents and settings\Owner.YOUR-E7D118DC12\Application Data\K-Meleon
    2010-07-06 02:56 . 2010-07-06 02:56 -------- d-----w- c:\program files\K-Meleon
    2010-07-05 18:36 . 2010-07-05 18:36 -------- d-----w- c:\program files\ERUNT
    2010-07-03 18:08 . 2010-07-03 18:36 -------- d-----w- c:\documents and settings\Owner.YOUR-E7D118DC12\Application Data\tor
    2010-07-03 17:35 . 2010-07-03 18:09 -------- d-----w- c:\documents and settings\Owner.YOUR-E7D118DC12\Application Data\Vidalia
    2010-07-02 19:48 . 2010-07-02 19:48 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    2010-07-02 19:48 . 2010-07-02 19:48 -------- d-----w- c:\documents and settings\Administrator\Application Data\Avira
    2010-07-02 19:47 . 2010-07-02 19:47 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
    2010-07-02 18:53 . 2009-06-30 13:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
    2010-07-02 18:52 . 2010-07-02 18:52 -------- d-----w- c:\program files\Panda Security
    2010-07-02 18:38 . 2010-07-02 18:38 -------- d-----w- c:\program files\ESET
    2010-07-02 17:59 . 2010-07-02 17:59 -------- d-----w- c:\documents and settings\Owner.YOUR-E7D118DC12\Application Data\Auslogics
    2010-07-02 17:57 . 2010-07-02 17:57 -------- d-----w- c:\program files\Auslogics
    2010-07-02 17:27 . 2010-07-02 17:27 -------- d-----w- c:\program files\CCleaner
    2010-07-02 17:26 . 2010-07-02 17:26 -------- d-----w- c:\program files\ToniArts
    2010-07-02 17:18 . 2010-07-02 17:18 63488 ----a-w- c:\documents and settings\Owner.YOUR-E7D118DC12\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
    2010-07-02 04:11 . 2010-07-02 04:11 791393 ----a-w- C:\erunt-setup(2).exe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-07-07 02:58 . 2009-12-25 17:27 -------- d-----w- c:\program files\SUPERAntiSpyware
    2010-07-06 19:45 . 2009-05-11 01:56 720 ----a-w- c:\documents and settings\All Users\Application Data\ArcSoft\kodak-printcreations-22-080812-oem\acforall.dll
    2010-07-03 15:54 . 2009-09-05 03:02 1 ----a-w- c:\documents and settings\Owner.YOUR-E7D118DC12\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
    2010-07-03 12:36 . 2010-05-19 23:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2010-07-02 17:26 . 2006-11-23 00:20 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-07-02 17:18 . 2009-12-25 17:27 117760 ----a-w- c:\documents and settings\Owner.YOUR-E7D118DC12\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    2010-06-04 20:13 . 2009-02-17 17:06 -------- d-----w- c:\program files\Microsoft Silverlight
    2010-05-30 21:33 . 2010-05-30 21:33 127 ----a-w- c:\documents and settings\Boss\Local Settings\Application Data\fusioncache.dat
    2010-05-26 02:24 . 2010-05-22 02:30 117760 ----a-w- c:\documents and settings\Boss\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    2010-05-25 00:38 . 2010-05-25 00:38 -------- d-----w- c:\program files\Photo Story 3 for Windows
    2010-05-23 13:18 . 2010-05-19 23:22 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2010-05-22 02:30 . 2010-05-22 02:30 63488 ----a-w- c:\documents and settings\Boss\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
    2010-05-22 02:30 . 2010-05-22 02:30 52224 ----a-w- c:\documents and settings\Boss\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
    2010-05-22 02:29 . 2010-05-22 02:29 -------- d-----w- c:\documents and settings\Boss\Application Data\SUPERAntiSpyware.com
    2010-05-22 01:06 . 2010-05-22 01:06 -------- d-----w- c:\documents and settings\Boss\Application Data\Malwarebytes
    2010-05-21 00:20 . 2007-01-20 19:26 -------- d-----w- c:\documents and settings\Owner.YOUR-E7D118DC12\Application Data\Apple Computer
    2010-05-21 00:17 . 2007-07-03 15:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
    2010-05-20 00:11 . 2010-05-20 00:11 -------- d-----w- c:\documents and settings\Boss\Application Data\Avira
    2010-05-18 15:23 . 2010-05-18 15:23 -------- d-----w- c:\documents and settings\Boss\Application Data\Skinux
    2010-05-18 15:23 . 2010-05-18 15:22 -------- d-----w- c:\documents and settings\Boss\Application Data\ArcSoft
    2010-05-18 00:29 . 2006-12-29 22:27 40416 ----a-w- c:\documents and settings\Owner.YOUR-E7D118DC12\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-05-17 02:52 . 2010-05-17 02:52 63488 ----a-w- c:\documents and settings\Donna\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
    2010-05-17 02:52 . 2010-05-17 02:52 52224 ----a-w- c:\documents and settings\Donna\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
    2010-05-17 02:52 . 2010-05-17 02:52 117760 ----a-w- c:\documents and settings\Donna\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    2010-05-17 02:52 . 2010-05-17 02:52 -------- d-----w- c:\documents and settings\Donna\Application Data\SUPERAntiSpyware.com
    2010-05-14 21:57 . 2010-05-14 21:57 -------- d-----w- c:\documents and settings\Donna\Application Data\Avira
    2010-05-14 21:57 . 2010-05-14 21:57 -------- d-----w- c:\documents and settings\Owner.YOUR-E7D118DC12\Application Data\Avira
    2010-05-14 21:57 . 2010-05-05 23:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
    2010-05-14 21:47 . 2010-05-14 21:53 343906 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat
    2010-05-14 21:33 . 2010-04-03 11:30 439816 ----a-w- c:\documents and settings\Owner.YOUR-E7D118DC12\Application Data\Real\Update\setup3.10\setup.exe
    2010-05-14 01:38 . 2010-05-14 01:38 -------- d-----w- c:\documents and settings\Donna\Application Data\Malwarebytes
    2010-05-14 00:16 . 2010-05-14 00:16 -------- d-----w- c:\documents and settings\Donna\Application Data\Apple Computer
    2010-05-14 00:16 . 2010-05-14 00:12 40416 ----a-w- c:\documents and settings\Donna\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-05-14 00:13 . 2006-11-23 00:19 -------- d-----w- c:\program files\Google
    2010-05-14 00:13 . 2010-05-14 00:12 -------- d-----w- c:\documents and settings\Donna\Application Data\ArcSoft
    2010-05-14 00:13 . 2010-05-14 00:13 -------- d-----w- c:\documents and settings\Donna\Application Data\Skinux
    2010-05-05 22:04 . 2010-01-10 01:22 0 ----a-w- c:\windows\Ysizesux.bin
    2010-05-02 14:29 . 2010-05-02 14:29 54016 ----a-w- c:\windows\system32\drivers\mgvpbuw.sys
    2010-05-02 05:56 . 2006-06-17 09:23 1850880 ----a-w- c:\windows\system32\win32k.sys
    2010-05-01 12:06 . 2010-01-10 01:22 120 ----a-w- c:\windows\Qnaxejadazay.dat
    2010-04-29 19:39 . 2009-12-24 15:10 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-04-29 19:39 . 2009-12-24 15:10 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-04-24 15:23 . 2007-02-23 15:57 2816 ----a-w- c:\documents and settings\Owner.YOUR-E7D118DC12\Application Data\wklnhst.dat
    2010-04-20 05:51 . 2006-06-17 09:23 285696 ----a-w- c:\windows\system32\atmfd.dll
    2010-04-17 19:11 . 2008-11-04 17:32 36124 ---ha-w- c:\windows\system32\mlfcache.dat
    2010-04-16 15:20 . 2006-06-17 09:23 668672 ----a-w- c:\windows\system32\wininet.dll
    2010-04-16 15:20 . 2006-06-17 09:23 81920 ----a-w- c:\windows\system32\ieencode.dll
    2010-04-15 04:28 . 2006-06-19 04:25 40416 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-02 2403568]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
    "Lexmark X74-X75"="c:\program files\Lexmark X74-X75\lxbbbmgr.exe" [2002-10-14 57344]

    c:\documents and settings\Boss\Start Menu\Programs\Startup\
    ERUNT AutoBackup.lnk.disabled [2010-7-2 783]

    c:\documents and settings\Owner.YOUR-E7D118DC12\Start Menu\Programs\Startup\
    ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
    backup=c:\windows\pss\BigFix.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Install Pending Files.LNK]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Install Pending Files.LNK
    backup=c:\windows\pss\Install Pending Files.LNKCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
    backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    c:\windows\system32\dumprep 0 -k [X]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
    NA [X]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    2009-08-13 19:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2004-08-10 19:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
    2005-08-06 03:56 64512 ----a-w- c:\windows\ehome\ehtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
    2006-03-23 05:13 77824 ----a-w- c:\windows\system32\hkcmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
    2006-03-23 05:17 118784 ----a-w- c:\windows\system32\igfxpers.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
    2006-03-23 05:17 94208 ----a-w- c:\windows\system32\igfxtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
    2006-09-11 09:40 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2009-10-29 01:21 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X74-X75]
    2002-10-14 20:09 57344 ------w- c:\program files\Lexmark X74-X75\lxbbbmgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
    2006-11-07 19:49 1121280 ----a-w- c:\program files\McAfee\SpamKiller\MSKDetct.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2004-10-13 23:24 1694208 ------w- c:\program files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2009-09-05 05:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\readericon]
    2005-12-10 02:44 139264 ----a-w- c:\program files\Digital Media Reader\readericon45G.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
    2002-09-14 07:42 212992 ----a-w- c:\windows\SMINST\Recguard.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
    2005-02-26 02:24 966656 ----a-w- c:\windows\creator\Remind_XP.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SanaSafeConnect]
    2007-10-18 23:23 1731096 ----a-r- c:\program files\Suze Orman\Identity Theft Kit\agent\Bin\SanaSafeConnect.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    2006-03-02 00:22 577536 ----a-w- c:\windows\soundman.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2008-06-10 08:27 144784 ----a-w- c:\program files\Java\jre1.6.0_07\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2008-04-05 23:30 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    2006-10-19 01:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
    "ArcSoft Connection Service"=c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "DisableNotifications"= 1 (0x1)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=

    R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [7/2/2010 2:53 PM 28552]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [11/23/2009 9:43 AM 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/23/2009 9:43 AM 67656]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/25/2009 1:19 PM 135336]
    R2 SanaSafeConnectWatcher;SanaSafeConnectWatcher;c:\program files\Suze Orman\Identity Theft Kit\agent\Bin\SanaSafeConnectWatcher.exe [10/18/2007 7:23 PM 547352]
    R2 sbupdate;SentryBay Update Service;c:\program files\SentryBay\sbupdate.exe [3/8/2009 5:30 PM 41272]
    R3 SanaSafeConnectDriver;SanaSafeConnectDriver;c:\program files\Suze Orman\Identity Theft Kit\agent\driver\platform_XP\SafeConnectDriver.sys [10/18/2007 7:24 PM 160280]
    R3 SanaSafeConnectFilter;SanaSafeConnectFilter;c:\program files\Suze Orman\Identity Theft Kit\agent\driver\platform_XP\SafeConnectFilter.sys [10/18/2007 7:24 PM 30232]
    R3 SanaSafeConnectShim;SanaSafeConnectShim;c:\program files\Suze Orman\Identity Theft Kit\agent\driver\platform_XP\SafeConnectShim.sys [10/18/2007 7:24 PM 27312]
    S2 SanaSafeConnectAgent;SanaSafeConnectAgent;c:\program files\Suze Orman\Identity Theft Kit\agent\Bin\SanaAgent.exe [10/18/2007 7:23 PM 5218328]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11/23/2009 9:43 AM 12872]

    --- Other Services/Drivers In Memory ---

    *Deregistered* - uxtdapow
    .
    Contents of the 'Scheduled Tasks' folder

    2010-06-04 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://hughhewitt.townhall.com/
    uInternet Settings,ProxyServer = http=127.0.0.1:5555
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    Trusted Zone: internet
    Trusted Zone: mcafee.com
    FF - ProfilePath - c:\documents and settings\Owner.YOUR-E7D118DC12\Application Data\Mozilla\Firefox\Profiles\2rtg5gsv.default\
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: browser.startup.homepage - hxxp://hotair.com/
    FF - component: c:\program files\SentryBay\PhishLock\ffext\components\plext.dll
    FF - component: c:\program files\SentryBay\Secure Browse\toolbar\ffext\components\registrationkey.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    .
    - - - - ORPHANS REMOVED - - - -

    Notify-WgaLogon - (no file)
    SafeBoot-mcmscsvc
    SafeBoot-MCODS
    MSConfigStartUp-08288056785047268639960369600591 - c:\program files\A360\av360.exe
    MSConfigStartUp-CamMonitor - c:\program files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
    MSConfigStartUp-mcagent_exe - c:\program files\McAfee.com\Agent\mcagent.exe
    MSConfigStartUp-Share-to-Web Namespace Daemon - c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    MSConfigStartUp-SiteAdvisor - c:\program files\SiteAdvisor\6172\SiteAdv.exe
    MSConfigStartUp-Smifasic - c:\windows\azumagabobituyi.dll



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-07-06 23:16
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2010-07-06 23:20:59
    ComboFix-quarantined-files.txt 2010-07-07 03:20

    Pre-Run: 76,104,769,536 bytes free
    Post-Run: 76,498,042,880 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP MCE" /noexecute=optin /fastdetect

    - - End Of File - - 99313ABB0424FF72300F65BB3BD0E621
  6. 2010-07-07, 05:31 #16
    eaglescout
    eaglescout is offline
    Junior Member
    Join Date
    Jul 2010
    Posts
    21

    Default

    [QUOTE=ken545;376673]Hi,

    It looks like your running Avira AV and may have had McAfee at one time, but McAfee is still trying to run on start up, can you clear this up for me .


    This pc has a McAfee security suite offered by the ISP...obviously, it did not do it's job with this infection, so the owner tried to work with McAfee to disinfect, but they were of no help. So the owner disabled McAfee, and installed some other anti-malware, ie Spybot, MBAM, and Avira...all detected some malware, but were not able to completely clean it.




    Also, your Operating System and your Internet Explorer browser are very outdated leaving holes in your system to let this garbage in, but dont fix that yet, your system needs to be clean before we do any updating.

    I am using FF 3.5, as does the owner, but I can tell that someone has/is using IE as well.

    Hope this helps...
  7. 2010-07-07, 10:43 #17
    ken545
    ken545 is offline
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Looking a lot better.

    You need to go to the add remove programs in the control panel and uninstall Avira, having more than one AV is overkill and can hamper system performance, then re enable McAfee. I suspect because your system is so outdated is why this garbage snuck in, McAfee blocks viruses and this was malware not a virus.

    You need to enable windows to show all files and folders, instructions Here

    Go to VirusTotal and submit this file for analysis, just use the browse feature and then Send File, you will get a report back, post the report into this thread for me to see. If the site says this file has already been checked, have them check it again


    c:\windows\system32\drivers\mgvpbuw.sys <--This file

    If the site is busy you can try this one

    http://virusscan.jotti.org/en
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.
  8. 2010-07-07, 15:32 #18
    eaglescout
    eaglescout is offline
    Junior Member
    Join Date
    Jul 2010
    Posts
    21

    Default avira uninstalled

    Okay,
    Uninstalled Avira.
    Submitted the file to VirusTotal, four of the scanners showed it as a trojan or high-risk malware.

    Here is the link...

    http://www.virustotal.com/analisis/3...516-1278509110


    Also, what do you mean when you say that the system is outdated...just old, or not updated?
  9. 2010-07-07, 18:27 #19
    ken545
    ken545 is offline
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    HI,

    Your running Windows XP Professional SP2, you need to use windows updates and install SP3 ( Service Pack 3 ) .

    Your also using Internet Explorer 6 which is very insecure, you need to upgrade to Internet Explorer 8


    Open Notepad Go to Start> All Programs> Assessories> Notepad ( this will only work with Notepad )and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above File::


    Code:
    File::
c:\windows\system32\drivers\mgvpbuw.sys

Driver::
mgvpbuw
    Save this as CFScript to your desktop.

    Then drag the CFScript into ComboFix.exe as you see in the screenshot below.




    This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.
  10. 2010-07-07, 19:28 #20
    eaglescout
    eaglescout is offline
    Junior Member
    Join Date
    Jul 2010
    Posts
    21

    Default getting prompted for combofix update

    After dropping cfscript.txt onto combofix.exe, I get a message saying

    "there's a newer version of ComboFix available. Would you like to update Combofix? Yes of No.

    Should I update?
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules