Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

trojan.vundo!gen P

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

trojan.vundo!gen P

Unread postby madness » September 1st, 2008, 7:57 pm

HELP PLEASE!!!!!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:14:29 PM, on 9/1/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\AIM6\aim6.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Random\winlogon.exe
C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {C85BD9F1-5B95-46DA-9F39-979DB6B58484} - C:\Windows\system32\wvUmnKec.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SnapfishMediaDetector] C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\wvUmnKec.dll,#1
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Windows Logon Applicationedc] C:\Users\Random\winlogon.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Random\AppData\Local\Temp\opnmJCrO.dll,c
O4 - HKCU\..\Run: [lphc9qtj0egbf] C:\Windows\system32\lphc9qtj0egbf.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Random\AppData\Local\Temp\xxyvsTjI.dll,#1
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BM1d8b4aa6] Rundll32.exe "C:\Users\Random\AppData\Local\Temp\epspaqrp.dll",s
O4 - HKCU\..\Run: [1eb8793a] rundll32.exe "C:\Users\Random\AppData\Local\Temp\vhyxrckf.dll",b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-758419423-813517563-877775584-1000\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'boyers')
O4 - HKUS\S-1-5-21-758419423-813517563-877775584-1000\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (User 'boyers')
O4 - HKUS\S-1-5-21-758419423-813517563-877775584-1000\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'boyers')
O4 - HKUS\S-1-5-21-758419423-813517563-877775584-1000\..\Run: [Host Process] C:\Users\boyers\svchost.exe (User 'boyers')
O4 - HKUS\S-1-5-21-758419423-813517563-877775584-1000\..\Run: [PlayNC Launcher] C:\Program Files\NCSoft\Launcher\NCLauncher.exe /Minimized (User 'boyers')
O4 - HKUS\S-1-5-21-758419423-813517563-877775584-1000\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User 'boyers')
O4 - HKUS\S-1-5-21-758419423-813517563-877775584-1000\..\Run: [MSServer] rundll32.exe C:\Users\boyers\AppData\Local\Temp\yayYSKcy.dll,#1 (User 'boyers')
O4 - HKUS\S-1-5-21-758419423-813517563-877775584-1000\..\Run: [cmds] rundll32.exe C:\Users\boyers\AppData\Local\Temp\yayXoolJ.dll,c (User 'boyers')
O4 - HKUS\S-1-5-21-758419423-813517563-877775584-1000\..\Run: [1eb8793a] rundll32.exe "C:\Users\boyers\AppData\Local\Temp\gofcewdx.dll",a (User 'boyers')
O4 - S-1-5-21-758419423-813517563-877775584-1000 Startup: My_AutoWarkey_Script.lnk = C:\Users\boyers\Desktop\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe (User 'boyers')
O4 - S-1-5-21-758419423-813517563-877775584-1000 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'boyers')
O4 - S-1-5-21-758419423-813517563-877775584-1000 User Startup: My_AutoWarkey_Script.lnk = C:\Users\boyers\Desktop\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe (User 'boyers')
O4 - S-1-5-21-758419423-813517563-877775584-1000 User Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'boyers')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Snapfish Media Detector.lnk = C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Doyles Room Poker - {725E77D3-B919-4eef-8EEE-D09DE618B6C1} - C:\Microgaming\Poker\DoylesRoomMPP\MPPoker.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{4129B5DC-99F9-495A-8760-E0646DEAD679}: NameServer = 192.168.1.1
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 13863 bytes
madness
Regular Member
 
Posts: 16
Joined: September 1st, 2008, 7:53 pm
Advertisement
Register to Remove

Re: trojan.vundo!gen P

Unread postby Shaba » September 4th, 2008, 3:53 am

Hi madness

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Post:

- mbam log
- rsit logs (taken after mbam run)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: trojan.vundo!gen P

Unread postby madness » September 5th, 2008, 10:23 am

Malwarebytes' Anti-Malware 1.26
Database version: 1103
Windows 6.0.6000

9/5/2008 7:03:47 AM
mbam-log-2008-09-05 (07-03-47).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Objects scanned: 242223
Time elapsed: 4 hour(s), 47 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 5
Registry Values Infected: 10
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 52

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Windows\System32\wvUmnKec.dll (Trojan.Vundo) -> Delete on reboot.
C:\Users\Random\AppData\Local\Temp\ssqOfEtR.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{c85bd9f1-5b95-46da-9f39-979db6b58484} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c85bd9f1-5b95-46da-9f39-979db6b58484} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msserver (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{c85bd9f1-5b95-46da-9f39-979db6b58484} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msserver (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Logon Applicationedc (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm1d8b4aa6 (Trojan.Agent) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1eb8793a (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmds (Malware.Trace) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphc9qtj0egbf (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Random\AppData\Local\Temp\ssqOfEtR.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\wvUmnKec.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\boyers\services.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\boyers\AppData\Local\Temp\yayYSKcy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Random\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8RRLEP1E\cntr[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Random\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8RRLEP1E\kb65666[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Random\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8RRLEP1E\kb65666[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Random\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ERJ8V88\kb456456[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Random\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ERJ8V88\kb767887[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Random\AppData\Local\Temp\ddCTnMGV.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Random\AppData\Local\Temp\dxwlxdac.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Random\AppData\Local\Temp\geBtSIyX.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Random\AppData\Local\Temp\nnnMeDwV.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Random\AppData\Local\Temp\ohxahsmq.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Random\AppData\Local\Temp\tjlrtgbj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Random\AppData\Local\Temp\xxyyYoOf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Random\AppData\Local\Temp\yayxvWNd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Random\AppData\Local\Temp\yekxjijt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Random\AppData\Local\Temp\bYooMecY.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Random\AppData\Local\Temp\cbXRLbYr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Random\AppData\Local\Temp\awtqNDUN.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Random\AppData\Local\Temp\jdsktdnd.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Random\AppData\Local\Temp\jrtmtemc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Random\AppData\Local\Temp\pmnmkkIC.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Random\AppData\Local\Temp\rcplachd.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Random\AppData\Local\Temp\rqRHwXQK.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Random\AppData\Local\Temp\rqRkifEX.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Random\AppData\Local\Temp\vfgnqawd.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Random\AppData\Local\Temp\vtUomlii.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Random\AppData\Local\Temp\opnlKaYS.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Random\AppData\Local\Temp\tmp00012319 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Random\AppData\Local\Temp\tmp00019617 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Random\AppData\Local\Temp\tmp00021f81 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Random\AppData\Local\Temp\tmp0003fe2c (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Random\AppData\Local\Temp\tmp0004a459 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Random\AppData\Local\Temp\tmp0005c0ce (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Random\AppData\Local\Temp\tmp0005eee0 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Random\AppData\Local\Temp\tmp00086824 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Random\AppData\Local\Temp\tmp000a77cd (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Random\AppData\Local\Temp\tmp008cbc5e (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Random\AppData\Local\Temp\tmp00a5fae4 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Random\AppData\Local\Temp\tmp00a8c776 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Random\AppData\Local\Temp\tmp024dbe3b (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Random\AppData\Local\Temp\goguilwh.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Random\AppData\Local\Temp\hgGYPGyW.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Random\AppData\Local\Temp\idojsgma.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\opnkhebX.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\boyers\Setup.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Random\AppData\Local\Temp\qlxfdvof.dll (Trojan.Agent) -> Delete on reboot.
C:\Users\Random\AppData\Local\Temp\lnlgxyrw.dll (Trojan.Agent) -> Delete on reboot.
C:\Windows\System32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Random\AppData\Local\Temp\opnmJCrO.dll (Malware.Trace) -> Delete on reboot.


Logfile of random's system information tool (written by random/random)
Run by Random at 2008-09-05 07:16:43
Microsoft® Windows Vista™ Home Premium
System drive C: has 298 GB (80%) free of 373 GB
Total RAM: 2942 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:17:20 AM, on 9/5/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wuauclt.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Random\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Random.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SnapfishMediaDetector] C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Random\AppData\Local\Temp\opnmJCrO.dll,c
O4 - HKCU\..\Run: [BM1d8b4aa6] Rundll32.exe "C:\Users\Random\AppData\Local\Temp\qlxfdvof.dll",s
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Random\AppData\Local\Temp\ssqOfEtR.dll,#1
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Snapfish Media Detector.lnk = C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Doyles Room Poker - {725E77D3-B919-4eef-8EEE-D09DE618B6C1} - C:\Microgaming\Poker\DoylesRoomMPP\MPPoker.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{4129B5DC-99F9-495A-8760-E0646DEAD679}: NameServer = 192.168.1.1
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11746 bytes

Scheduled tasks folder

C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Ian.job
C:\Windows\tasks\User_Feed_Synchronization-{A5E1E1A6-CF71-43E7-B1C3-7F98D3DD1B94}.job

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-11-29 436288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}]
c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll [2007-01-11 96936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2008-08-14 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll [2007-07-12 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-11-29 436288]
{90222687-F593-4738-B738-FBEE9C7B26DF} - Show Norton Toolbar - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll [2007-01-11 607888]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2007-06-09 1006264]
"hpsysdrv"=c:\hp\support\hpsysdrv.exe [2006-09-28 65536]
"KBD"=C:\HP\KBD\KbdStub.EXE [2006-12-08 65536]
"OsdMaestro"=C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [2007-02-15 118784]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-03-01 4390912]
""= []
"SnapfishMediaDetector"=C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe [2007-03-02 1441792]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-02-16 49152]
"ccApp"=c:\Program Files\Common Files\Symantec Shared\ccApp.exe [2007-01-09 115816]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2007-04-25 185896]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2007-07-06 86016]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-07-06 8466432]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-07-06 81920]
"Symantec PIF AlertEng"=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2007-11-28 583048]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe [2007-07-12 132496]
"MSConfig"=C:\Windows\System32\msconfig.exe [2006-11-02 222208]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"WPCUMI"=C:\Windows\system32\WpcUmi.exe [2006-11-02 176128]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-22 116040]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2008-09-02 1244848]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"=C:\Windows\SMINST\launcher.exe [2007-03-07 44168]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-09 1232896]
"WindowsWelcomeCenter"=C:\Windows\system32\oobefldr.dll [2006-11-02 2159104]
"HPADVISOR"=C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [2007-03-12 1773568]
"Aim6"=C:\Program Files\AIM6\aim6.exe [2007-04-27 50736]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2006-11-02 125440]
"MsnMsgr"=C:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]
"cmds"=C:\Users\Random\AppData\Local\Temp\opnmJCrO.dll []
"BM1d8b4aa6"=C:\Users\Random\AppData\Local\Temp\qlxfdvof.dll []
"MSServer"=C:\Users\Random\AppData\Local\Temp\ssqOfEtR.dll []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\AIM6\aim6.exe [2007-04-27 50736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recordpad]
C:\Program Files\NCH Swift Sound\Recordpad\recordpad.exe -logon []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VRSRun]
C:\Program Files\NCH Swift Sound\VRS\vrs.exe -logon []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^boyers^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Warkeys Update.lnk]
C:\Program Files\Warkeys\update\Warkeys Update.exe []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Snapfish Media Detector.lnk - C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe

C:\Users\Random\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1bb0612b-fa1e-11db-84bd-806e6f6e6963}]
shell\AutoRun\command - E:\Installer.exe


File associations

.reg - open - regedit.exe "%1" %*
.scr - open - "%1" %*

List of files/folders created in the last three months

2008-09-05 07:16:43 ----D---- C:\rsit
2008-09-05 07:05:53 ----D---- C:\Avenger
2008-09-05 07:05:53 ----A---- C:\avenger.txt
2008-09-04 20:41:22 ----D---- C:\Users\Random\AppData\Roaming\Malwarebytes
2008-09-04 20:41:16 ----D---- C:\ProgramData\Malwarebytes
2008-09-04 20:41:16 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-03 19:12:48 ----D---- C:\ie-spyad_zo
2008-09-03 18:34:58 ----D---- C:\Program Files\SpywareBlaster
2008-09-02 20:06:26 ----D---- C:\Program Files\Panda Security
2008-09-02 19:57:04 ----D---- C:\Users\Random\AppData\Roaming\NCH Swift Sound
2008-09-01 18:28:28 ----D---- C:\Program Files\a-squared Free
2008-09-01 13:48:17 ----D---- C:\Program Files\Trend Micro
2008-08-31 20:51:18 ----D---- C:\Program Files\MSN Messenger
2008-08-27 22:25:16----A----C:\ProgramData\pskt.ini
2008-08-27 22:25:16----A----C:\ProgramData\BM1d8b4aa6.txt
2008-08-27 19:18:56 ----D---- C:\Windows\system32\eMaxt02
2008-08-27 19:18:56 ----D---- C:\Temp
2008-08-23 18:35:15 ----D---- C:\Users\Random\AppData\Roaming\WildTangent
2008-08-22 18:23:00 ----D---- C:\Program Files\Apple Software Update
2008-08-22 18:21:47 ----D---- C:\Program Files\iPod
2008-08-22 18:21:42 ----D---- C:\Program Files\iTunes
2008-08-22 18:20:19 ----D---- C:\Program Files\Bonjour
2008-08-22 18:18:38 ----D---- C:\Program Files\QuickTime
2008-08-22 09:40:09 ----A---- C:\Windows\system32\wups2.dll
2008-08-22 09:40:09 ----A---- C:\Windows\system32\wucltux.dll
2008-08-22 09:40:09 ----A---- C:\Windows\system32\wuaueng.dll
2008-08-22 09:40:09 ----A---- C:\Windows\system32\wuauclt.exe
2008-08-22 09:39:29 ----A---- C:\Windows\system32\wups.dll
2008-08-22 09:39:29 ----A---- C:\Windows\system32\wudriver.dll
2008-08-22 09:39:29 ----A---- C:\Windows\system32\wuapi.dll
2008-08-22 09:39:17 ----A---- C:\Windows\system32\wuwebv.dll
2008-08-22 09:39:17 ----A---- C:\Windows\system32\wuapp.exe
2008-08-13 03:03:27 ----A---- C:\Windows\system32\tzres.dll
2008-08-12 23:44:06 ----A---- C:\Windows\system32\winipsec.dll
2008-08-12 23:44:06 ----A---- C:\Windows\system32\polstore.dll
2008-08-12 23:44:06 ----A---- C:\Windows\system32\IPSECSVC.DLL
2008-08-12 23:44:06 ----A---- C:\Windows\system32\FwRemoteSvr.dll
2008-08-12 23:44:02 ----A---- C:\Windows\system32\es.dll
2008-08-12 23:43:53 ----A---- C:\Windows\system32\mshtml.dll
2008-08-12 23:43:52 ----A---- C:\Windows\system32\wininet.dll
2008-08-12 23:43:52 ----A---- C:\Windows\system32\urlmon.dll
2008-08-12 23:43:52 ----A---- C:\Windows\system32\mshtmled.dll
2008-08-12 23:43:52 ----A---- C:\Windows\system32\ieframe.dll
2008-08-12 23:43:51 ----A---- C:\Windows\system32\mstime.dll
2008-08-12 23:43:51 ----A---- C:\Windows\system32\ieui.dll
2008-08-12 23:43:51 ----A---- C:\Windows\system32\iesetup.dll
2008-08-12 23:43:51 ----A---- C:\Windows\system32\iernonce.dll
2008-08-12 23:43:51 ----A---- C:\Windows\system32\ieapfltr.dll
2008-08-12 23:43:51 ----A---- C:\Windows\system32\ie4uinit.exe
2008-08-12 23:43:51 ----A---- C:\Windows\system32\dxtrans.dll
2008-08-12 23:43:51 ----A---- C:\Windows\system32\advpack.dll
2008-08-12 23:43:50 ----A---- C:\Windows\system32\jsproxy.dll
2008-08-12 23:43:50 ----A---- C:\Windows\system32\ieUnatt.exe
2008-08-12 23:43:50 ----A---- C:\Windows\system32\icardie.dll
2008-08-12 23:43:50 ----A---- C:\Windows\system32\dxtmsft.dll
2008-08-12 23:43:49 ----A---- C:\Windows\system32\pngfilt.dll
2008-08-12 23:43:33 ----A---- C:\Windows\system32\INETRES.dll
2008-08-12 23:43:33 ----A---- C:\Windows\system32\inetcomm.dll
2008-08-11 13:54:12 ----D---- C:\Program Files\Bodog Poker
2008-08-10 17:55:12 ----D---- C:\Program Files\Microsoft Silverlight
2008-08-09 12:31:02 ----D---- C:\ProgramData\PlayersOnly Poker
2008-08-07 20:04:31 ----D---- C:\Users\Random\AppData\Roaming\InstallShield Installation Information
2008-08-07 19:51:00 ----D---- C:\Users\Random\AppData\Roaming\Full Tilt Poker
2008-08-07 19:31:10 ----AD---- C:\Program Files\PlayersOnly Poker
2008-08-07 19:18:09 ----D---- C:\Users\Random\AppData\Roaming\Microgaming
2008-07-29 13:30:04 ----D---- C:\Users\Random\AppData\Roaming\Template
2008-07-24 17:08:49 ----D---- C:\downloads
2008-07-24 17:08:37 ----D---- C:\Program Files\Free Music Zilla
2008-07-23 20:36:55 ----D---- C:\Users\Random\AppData\Roaming\vlc
2008-07-21 07:05:50 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2008-07-21 07:05:48 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2008-07-21 07:05:39 ----A---- C:\Windows\system32\NlsData0009.dll
2008-07-21 07:05:38 ----A---- C:\Windows\system32\NlsData000c.dll
2008-07-21 07:05:38 ----A---- C:\Windows\system32\NlsData000a.dll
2008-07-21 07:05:38 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2008-07-21 07:05:36 ----A---- C:\Windows\system32\NlsData0027.dll
2008-07-21 07:05:36 ----A---- C:\Windows\system32\NlsData000d.dll
2008-07-21 07:05:36 ----A---- C:\Windows\system32\NlsData0001.dll
2008-07-21 07:05:35 ----A---- C:\Windows\system32\NlsData0011.dll
2008-07-21 07:05:35 ----A---- C:\Windows\system32\NlsData0007.dll
2008-07-21 07:05:34 ----A---- C:\Windows\system32\NlsData003e.dll
2008-07-21 07:05:34 ----A---- C:\Windows\system32\NlsData002a.dll
2008-07-21 07:05:34 ----A---- C:\Windows\system32\NlsData0024.dll
2008-07-21 07:05:34 ----A---- C:\Windows\system32\NlsData0022.dll
2008-07-21 07:05:34 ----A---- C:\Windows\system32\NlsData0021.dll
2008-07-21 07:05:34 ----A---- C:\Windows\system32\NlsData001a.dll
2008-07-21 07:05:34 ----A---- C:\Windows\system32\NlsData0018.dll
2008-07-21 07:05:34 ----A---- C:\Windows\system32\NlsData000f.dll
2008-07-21 07:05:34 ----A---- C:\Windows\system32\NlsData0002.dll
2008-07-21 07:05:33 ----A---- C:\Windows\system32\NlsData0816.dll
2008-07-21 07:05:33 ----A---- C:\Windows\system32\NlsData001d.dll
2008-07-21 07:05:33 ----A---- C:\Windows\system32\NlsData0019.dll
2008-07-21 07:05:33 ----A---- C:\Windows\system32\NlsData0010.dll
2008-07-21 07:05:32 ----A---- C:\Windows\system32\NlsData0049.dll
2008-07-21 07:05:32 ----A---- C:\Windows\system32\NlsData0039.dll
2008-07-21 07:05:32 ----A---- C:\Windows\system32\NlsData0020.dll
2008-07-21 07:05:32 ----A---- C:\Windows\system32\NlsData0013.dll
2008-07-21 07:05:31 ----A---- C:\Windows\system32\NlsData0416.dll
2008-07-21 07:05:30 ----A---- C:\Windows\system32\NlsData0414.dll
2008-07-21 07:05:28 ----A---- C:\Windows\system32\NlsData004c.dll
2008-07-21 07:05:28 ----A---- C:\Windows\system32\NlsData004a.dll
2008-07-21 07:05:28 ----A---- C:\Windows\system32\NlsData0047.dll
2008-07-21 07:05:27 ----A---- C:\Windows\system32\NlsData081a.dll
2008-07-21 07:05:26 ----A---- C:\Windows\system32\NlsData0c1a.dll
2008-07-21 07:05:26 ----A---- C:\Windows\system32\NlsData0046.dll
2008-07-21 07:05:26 ----A---- C:\Windows\system32\NlsData0045.dll
2008-07-21 07:05:26 ----A---- C:\Windows\system32\NlsData001b.dll
2008-07-21 07:05:26 ----A---- C:\Windows\system32\NlsData0000.dll
2008-07-21 07:05:25 ----A---- C:\Windows\system32\NlsData004e.dll
2008-07-21 07:05:25 ----A---- C:\Windows\system32\NlsData004b.dll
2008-07-21 07:05:25 ----A---- C:\Windows\system32\NlsData0026.dll
2008-07-21 07:05:25 ----A---- C:\Windows\system32\NlsData0003.dll
2008-07-21 07:05:11 ----A---- C:\Windows\system32\NlsModels0011.dll
2008-07-21 07:05:10 ----A---- C:\Windows\system32\NlsLexicons0c1a.dll
2008-07-21 07:05:08 ----A---- C:\Windows\system32\NlsLexicons081a.dll
2008-07-21 07:05:07 ----A---- C:\Windows\system32\NlsLexicons0816.dll
2008-07-21 07:05:07 ----A---- C:\Windows\system32\NlsLexicons0416.dll
2008-07-21 07:05:07 ----A---- C:\Windows\system32\NlsLexicons0414.dll
2008-07-21 07:05:06 ----A---- C:\Windows\system32\NlsLexicons004c.dll
2008-07-21 07:05:06 ----A---- C:\Windows\system32\NlsLexicons004a.dll
2008-07-21 07:05:06 ----A---- C:\Windows\system32\NlsLexicons003e.dll
2008-07-21 07:05:06 ----A---- C:\Windows\system32\NlsLexicons0027.dll
2008-07-21 07:05:06 ----A---- C:\Windows\system32\NlsLexicons0026.dll
2008-07-21 07:05:05 ----A---- C:\Windows\system32\NlsLexicons0024.dll
2008-07-21 07:05:05 ----A---- C:\Windows\system32\NlsLexicons0022.dll
2008-07-21 07:05:05 ----A---- C:\Windows\system32\NlsLexicons0021.dll
2008-07-21 07:05:05 ----A---- C:\Windows\system32\NlsLexicons001d.dll
2008-07-21 07:05:05 ----A---- C:\Windows\system32\NlsLexicons001b.dll
2008-07-21 07:05:04 ----A---- C:\Windows\system32\NlsLexicons001a.dll
2008-07-21 07:05:04 ----A---- C:\Windows\system32\NlsLexicons0019.dll
2008-07-21 07:05:04 ----A---- C:\Windows\system32\NlsLexicons0018.dll
2008-07-21 07:05:04 ----A---- C:\Windows\system32\NlsLexicons0013.dll
2008-07-21 07:05:04 ----A---- C:\Windows\system32\NlsLexicons0011.dll
2008-07-21 07:05:03 ----A---- C:\Windows\system32\NlsLexicons0010.dll
2008-07-21 07:05:03 ----A---- C:\Windows\system32\NlsLexicons000f.dll
2008-07-21 07:05:03 ----A---- C:\Windows\system32\NlsLexicons000c.dll
2008-07-21 07:05:03 ----A---- C:\Windows\system32\NlsLexicons000a.dll
2008-07-21 07:05:02 ----A---- C:\Windows\system32\NlsLexicons004e.dll
2008-07-21 07:05:02 ----A---- C:\Windows\system32\NlsLexicons004b.dll
2008-07-21 07:05:02 ----A---- C:\Windows\system32\NlsLexicons0049.dll
2008-07-21 07:05:02 ----A---- C:\Windows\system32\NlsLexicons0047.dll
2008-07-21 07:05:02 ----A---- C:\Windows\system32\NlsLexicons0002.dll
2008-07-21 07:05:02 ----A---- C:\Windows\system32\NlsLexicons0001.dll
2008-07-21 07:05:01 ----A---- C:\Windows\system32\NlsLexicons0046.dll
2008-07-21 07:05:01 ----A---- C:\Windows\system32\NlsLexicons0045.dll
2008-07-21 07:05:01 ----A---- C:\Windows\system32\NlsLexicons0039.dll
2008-07-21 07:05:01 ----A---- C:\Windows\system32\NlsLexicons002a.dll
2008-07-21 07:05:01 ----A---- C:\Windows\system32\NlsLexicons0020.dll
2008-07-21 07:05:01 ----A---- C:\Windows\system32\NlsLexicons000d.dll
2008-07-21 07:05:01 ----A---- C:\Windows\system32\NlsLexicons0003.dll
2008-07-16 18:49:25 ----D---- C:\Users\Random\AppData\Roaming\LimeWire
2008-07-14 14:44:29 ----D---- C:\Users\Random\AppData\Roaming\WinRAR
2008-07-14 02:13:48 ----D---- C:\Users\Random\AppData\Roaming\Ventrilo
2008-07-11 22:20:51 ----D---- C:\Users\Random\AppData\Roaming\acccore
2008-07-09 03:58:23 ----A---- C:\Windows\system32\shell32.dll
2008-07-08 20:15:29 ----D---- C:\Users\Random\AppData\Roaming\Apple Computer
2008-07-08 10:47:25 ----D---- C:\Users\Random\AppData\Roaming\Microsoft Games
2008-07-07 13:26:06 ----D---- C:\Program Files\Mixxx
2008-07-07 10:38:43 ----D---- C:\Program Files\UltraMixer
2008-07-07 09:16:10 ----D---- C:\Program Files\att-aace
2008-07-07 09:16:00 ----D---- C:\ProgramData\Motive
2008-07-07 09:15:53 ----D---- C:\Program Files\Common Files\Motive
2008-07-07 09:15:47 ----D---- C:\Program Files\ATT
2008-07-03 10:52:42 ----D---- C:\Users\Random\AppData\Roaming\Macromedia
2008-07-03 10:52:42 ----D---- C:\Users\Random\AppData\Roaming\Adobe
2008-07-03 10:40:37 ----D---- C:\Users\Random\AppData\Roaming\Hewlett-Packard
2008-07-03 02:33:57 ----D---- C:\Users\Random\AppData\Roaming\Mozilla
2008-07-03 02:15:24 ----D---- C:\Users\Random\AppData\Roaming\Snapfish
2008-07-03 02:15:22 ----D---- C:\Users\Random\AppData\Roaming\Real
2008-07-03 02:14:59 ----D---- C:\Users\Random\AppData\Roaming\Identities
2008-07-03 02:14:32 ----SD---- C:\Users\Random\AppData\Roaming\Microsoft
2008-07-03 02:14:32 ----D---- C:\Users\Random\AppData\Roaming\Media Center Programs
2008-07-02 21:16:51 ----D---- C:\Program Files\PokerStars
2008-06-20 12:34:31 ----D---- C:\Shared
2008-06-19 11:54:56 ----D---- C:\ProgramData\Spybot - Search & Destroy
2008-06-19 11:54:56 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-06-16 10:25:09 ----D---- C:\Program Files\NCSoft
2008-06-15 16:21:31 ----A---- C:\Windows\system32\7100.bat
2008-06-15 15:48:48 ----A---- C:\Windows\system32\8225.bat
2008-06-14 03:31:20 ----A---- C:\Windows\system32\EncDec.dll
2008-06-14 03:31:18 ----A---- C:\Windows\system32\psisdecd.dll
2008-06-14 03:31:17 ----A---- C:\Windows\system32\mcmde.dll
2008-06-13 23:32:49 ----D---- C:\Program Files\Mozilla ActiveX Control v1.7.12
2008-06-13 23:32:33 ----D---- C:\Program Files\VideoLAN
2008-06-13 23:32:31 ----D---- C:\Program Files\Graboid
2008-06-11 04:13:43 ----A---- C:\Windows\system32\quartz.dll
2008-06-11 04:13:40 ----A---- C:\Windows\system32\wshrm.dll

List of drivers

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2007-08-14 395312]
R1 IDSvix86;Symantec Intrusion Prevention Driver; \??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20070813.001\IDSvix86.sys [2007-06-07 212280]
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [2007-01-03 417592]
R1 SRTSPX;SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [2007-01-11 25400]
R1 SYMTDI;SYMTDI; C:\Windows\system32\System32\Drivers\SYMTDI.SYS []
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 npkcrypt;npkcrypt; \??\C:\Nexon\MapleStory\npkcrypt.sys [2007-07-25 23217]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 8704]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2007-08-14 112688]
R3 GEARAspiWDM;GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HSF_DP;HSF_DP; C:\Windows\system32\DRIVERS\HSX_DP.sys [2008-05-08 980992]
R3 HSXHWBS2;HSXHWBS2; C:\Windows\system32\DRIVERS\HSXHWBS2.sys [2008-05-08 266752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-03-01 1744928]
R3 NAVENG;NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20070815.008\NAVENG.SYS [2007-07-23 81232]
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20070815.008\NAVEX15.SYS [2007-07-23 865904]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-05-04 1065384]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-07-06 7568832]
R3 Ps2;PS2; C:\Windows\system32\DRIVERS\PS2.sys [2005-12-12 19072]
R3 SRTSP;SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [2007-01-11 247608]
R3 SYMDNS;SYMDNS; C:\Windows\system32\System32\Drivers\SYMDNS.SYS []
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2007-04-25 115000]
R3 SYMFW;SYMFW; C:\Windows\system32\System32\Drivers\SYMFW.SYS []
R3 SYMIDS;SYMIDS; C:\Windows\system32\System32\Drivers\SYMIDS.SYS []
R3 SYMNDISV;SYMNDISV; C:\Windows\system32\System32\Drivers\SYMNDISV.SYS []
R3 SYMREDRV;SYMREDRV; C:\Windows\system32\System32\Drivers\SYMREDRV.SYS []
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-05-08 661504]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]
S3 cdrmkaun;cdrmkaun; \??\C:\Users\Ian\AppData\Local\Temp\cdrmkaun.sys [2006-09-01 15872]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2007-11-28 19712]
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2007-11-28 18304]
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 SRTSPL;SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [2007-01-11 276792]
S3 UMPass;Microsoft UMPass Driver; C:\Windows\system32\DRIVERS\umpass.sys [2006-11-02 7168]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2007-10-31 30464]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\system32\drivers\wmiacpi.sys []

List of services

R2 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2008-07-31 380536]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-01-05 554616]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 ccEvtMgr;Symantec Event Manager; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-09 108648]
R2 ccSetMgr;Symantec Settings Manager; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-09 108648]
R2 CLTNetCnService;Symantec Lic NetConnect service; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-09 108648]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-09 108648]
R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2007-11-28 303104]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 810320]
R2 SymAppCore;Symantec AppCore Service; c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe [2007-01-04 47712]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-18 386560]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264]
R3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-01-05 2918008]
S2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2007-11-28 583048]
S3 comHost;COM Host; c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [2007-01-12 49248]
S3 IDriverT;InstallDriver Table Manager; c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 ISPwdSvc;Symantec IS Password Validation; c:\Program Files\Norton Internet Security\isPwdSvc.exe [2007-01-13 80504]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 RoxMediaDB9;RoxMediaDB9; c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-03-26 887544]
S3 stllssvr;stllssvr; c:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-03-08 74656]
S3 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2007-11-05 1252232]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2006-11-02 22016]

-----------------EOF-----------------

info.txt logfile of random's system information tool 2008-09-05 07:18:00

Uninstall list

-->"C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Blackhawk Striker 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Blasterball 3\Uninstall.exe"
-->"C:\Program Files\HP Games\Bookworm Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Bounce Symphony\Uninstall.exe"
-->"C:\Program Files\HP Games\Cake Mania\Uninstall.exe"
-->"C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Crystal Maze\Uninstall.exe"
-->"C:\Program Files\HP Games\Cue Master\Uninstall.exe"
-->"C:\Program Files\HP Games\Diner Dash\Uninstall.exe"
-->"C:\Program Files\HP Games\Family Feud\Uninstall.exe"
-->"C:\Program Files\HP Games\FATE\Uninstall.exe"
-->"C:\Program Files\HP Games\Final Drive Nitro\Uninstall.exe"
-->"C:\Program Files\HP Games\Flip Words\Uninstall.exe"
-->"C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\JEOPARDY\Uninstall.exe"
-->"C:\Program Files\HP Games\Jewel Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\My HP Game Console\Uninstall.exe"
-->"C:\Program Files\HP Games\Otto\Uninstall.exe"
-->"C:\Program Files\HP Games\Overball\Uninstall.exe"
-->"C:\Program Files\HP Games\Penguins!\Uninstall.exe"
-->"C:\Program Files\HP Games\Phoenix Assault\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Tubing\Uninstall.exe"
-->"C:\Program Files\HP Games\Ricochet Lost Worlds\Uninstall.exe"
-->"C:\Program Files\HP Games\SCRABBLE\Uninstall.exe"
-->"C:\Program Files\HP Games\Super Granny\Uninstall.exe"
-->"C:\Program Files\HP Games\Tradewinds\Uninstall.exe"
-->"C:\Program Files\HP Games\Wheel of Fortune\Uninstall.exe"
-->"C:\Program Files\HP Games\Zuma Deluxe\Uninstall.exe"
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 9 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
AIM 6-->C:\Program Files\AIM6\uninst.exe
AnswerWorks 4.0 Runtime - English-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9 -removeonly
AppCore-->MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Mobile Device Support-->MsiExec.exe /I{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ASIO4ALL-->C:\Program Files\ASIO4ALL v2\uninstall.exe
a-squared Free 3.5-->"C:\Program Files\a-squared Free\unins000.exe"
AT&T Yahoo! Internet Mail-->C:\Windows\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\Ymmapi.dll
ATT-AACE-->C:\PROGRA~1\ATT\UNWISE.EXE C:\PROGRA~1\ATT\INSTALL.LOG
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
AV-->MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
Azureus Vuze-->C:\Program Files\Azureus\uninstall.exe
BitTorrent 5.0.8-->"C:\Program Files\BitTorrent\uninstall.exe"
Bodog Poker Version 2.15.9.3-->"C:\Program Files\Bodog Poker\unins000.exe"
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
BSR Screen Recorder 4-->C:\Program Files\BSR Screen Recorder 4\Uninstall Screen Recorder 4.exe
ccCommon-->MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
Collab-->C:\Program Files\Image-Line\Collab\uninstall.exe
Diablo II-->C:\Windows\DIIUnin.exe C:\Windows\DIIUnin.dat
Doyles Room Poker-->C:\MICROG~1\Poker\DOYLES~1\DOYLES~1\UNWISE.EXE C:\MICROG~1\Poker\DOYLES~1\DOYLES~1\INSTALL.LOG
Enhanced Multimedia Keyboard Solution-->C:\HP\KBD\Install.exe /u
FL Studio 8-->C:\Program Files\Image-Line\FL Studio 8\uninstall.exe
FoxyTunes for Firefox-->"C:\Program Files\Mozilla Firefox\firefox.exe" -chrome chrome://foxytunes/content/extras/uninstallExtension.xul
Free Music Zilla-->"C:\Program Files\Free Music Zilla\unins000.exe"
Garena-->C:\Program Files\InstallShield Installation Information\{89C89156-A70F-4C6D-9CAE-2EA71F1396FE}\setup.exe -runfromtemp -l0x0009 -removeonly
Graboid Video 1.2-->C:\Program Files\Graboid\uninst.exe
Guild Wars-->"C:\Program Files\Guild Wars\Gw.exe" -uninstall
Hardware Diagnostic Tools-->C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}\setup.exe" -l0x9 -removeonly
HP Customer Feedback-->MsiExec.exe /I{9DBA770F-BF73-4D39-B1DF-6035D95268FC}
HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40F7AED3-0C7D-4582-99F6-484A515C73F2}\setup.exe" -l0x9 -removeonly
HP On-Screen Cap/Num/Scroll Lock Indicator-->C:\Windows\system32\OsdRemove.exe
HP Photosmart Essential 2.0-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Picasso Media Center Add-In-->MsiExec.exe /I{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}
HP Total Care Advisor-->MsiExec.exe /X{2990BC81-3B19-4E53-A53E-30DE3F1BFFA8}
HP Update-->MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
IL Download Manager-->C:\Program Files\Image-Line\Downloader\uninstall.exe
iTunes-->MsiExec.exe /I{3DE0053C-FD9A-483E-B7C9-B06E4392206E}
J2SE Runtime Environment 5.0 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
Japanese Fonts Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5760-0000-800000000003}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
LimeWire 4.18.3-->"C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate 3.2 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation)-->MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MapleStory-->MsiExec.exe /I{F99C5427-4D78-43E2-B97E-F4C4E622D612}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Rise Of Nations-->"C:\Program Files\Microsoft Games\Rise of Nations\UNINSTAL.EXE" /runtemp /addremove
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Mozilla ActiveX Control v1.7.12-->C:\Program Files\Mozilla ActiveX Control v1.7.12\uninst.exe
Mozilla Firefox (3.0.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSRedist-->MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
muvee autoProducer 6.0-->C:\Program Files\InstallShield Installation Information\{6AF49698-949A-4C89-9B31-041D2CCB5FBD}\setup.exe -runfromtemp -l0x0009 -removeonly
My HP Games-->"C:\Program Files\HP Games\Uninstall.exe"
Norton AntiVirus-->MsiExec.exe /X{830D8CBD-C668-49e2-A969-C2C2106332E0}
Norton Confidential Browser Component-->MsiExec.exe /I{4843B611-8FCB-4428-8C23-31D0A5EAE164}
Norton Confidential Web Protection Component-->MsiExec.exe /I{D353CC51-430D-4C6F-9B7E-52003DA1E05A}
Norton Internet Security (Symantec Corporation)-->"C:\Program Files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_2_0_30\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}.exe" /X
Norton Internet Security-->MsiExec.exe /I{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}
Norton Internet Security-->MsiExec.exe /I{48185814-A224-447A-81DA-71BD20580E1B}
Norton Internet Security-->MsiExec.exe /I{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}
Norton Internet Security-->MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Internet Security-->MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Protection Center-->MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}
NSIS Mixxx-->"C:\Program Files\Mixxx\uninstall.exe"
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PlayersOnly Poker-->C:\Program Files\PlayersOnly Poker\uninstall.exe
PlayNC Launcher-->"C:\Program Files\InstallShield Installation Information\{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}\setup.exe" -runfromtemp -l0x0009 -removeonly
Pocket Tanks v1.3-->"C:\Program Files\Pocket Tanks\unins000.exe"
PoiZone-->C:\Program Files\Image-Line\PoiZone\uninstall.exe
PokerStars-->"C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:PokerStars
Python 2.4.3-->MsiExec.exe /I{75E71ADD-042C-4F30-BFAC-A9EC42351313}
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Replay Media Catcher-->"C:\Windows\Replay Media Catcher\uninstall.exe" "/U:C:\Program Files\Replay Media Catcher\Uninstall\uninstall.xml"
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Rhapsody-->C:\PROGRA~1\Rhapsody\Unwise32.exe /A C:\PROGRA~1\Rhapsody\install.log
Roxio Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Roxio Creator Audio-->MsiExec.exe /X{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator Basic v9-->MsiExec.exe /X{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Copy-->MsiExec.exe /X{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data-->MsiExec.exe /X{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator EasyArchive-->MsiExec.exe /X{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
Roxio Creator Tools-->MsiExec.exe /X{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler 3-->MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD Basic v9-->MsiExec.exe /X{938B1CD7-7C60-491E-AA90-1F1888168240}
Snapfish Media Detector-->MsiExec.exe /X{4EF6FDB0-3B11-4820-9860-8E08E9965195}
Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\UIU32m.exe -U -ITrx200Cz.INF
Soldat 1.4.1-->"C:\Soldat\unins000.exe"
Soldat 1.4.2-->"C:\Soldat\unins001.exe"
SoulSeek Client 156c-->"C:\Program Files\Soulseek\uninstall.exe"
SPBBC 32bit-->MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster 4.1-->"C:\Program Files\SpywareBlaster\unins000.exe"
Star Wars®: Knights of the Old Republic (TM)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}\setup.exe" -l0x9
Symantec Real Time Storage Protection Component-->MsiExec.exe /I{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}
SymNet-->MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
The Sims 2-->C:\Program Files\EA GAMES\The Sims 2\EAUninstall.exe
Total Video Converter 3.11-->"C:\Program Files\Total Video Converter\unins000.exe"
Toxic Biohazard-->C:\Program Files\Image-Line\Toxic Biohazard\uninstall.exe
TurboTax Deluxe 2007-->C:\Program Files\TurboTax\Deluxe 2007\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2007\Uninstall.log" -NoGui
UltraMixer 2.3.3-->"C:\Program Files\UltraMixer\unins000.exe"
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Ventrilo Server-->MsiExec.exe /I{1D46A3A0-B37D-423A-91C2-101A49E2FF80}
VideoLAN VLC media player 0.8.6d-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Warcraft III-->C:\Windows\War3Unin.exe C:\Windows\War3Unin.dat
Warkeys 1.7.0.0b-->C:\Users\boyers\Desktop\Warkeys\uninst.exe
WavePad Uninstall-->C:\Program Files\NCH Swift Sound\WavePad\uninst.exe
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe"
Yahoo! Install Manager-->C:\Windows\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Toolbar for Internet Explorer-->C:\PROGRA~1\Yahoo!\Common\unyt.exe

Hosts File

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

Security center information

AS: Spybot - Search and Destroy (disabled) (outdated)

Environment variables

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\hp\bin\Python;c:\Program Files\Common Files\Roxio Shared\DLLShared\;c:\Program Files\Common Files\Roxio Shared\DLLShared\;c:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 107 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=6b01
"NUMBER_OF_PROCESSORS"=2
"RoxioCentral"=c:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"PLATFORM"=HPD
"PCBRAND"=Pavilion
"OnlineServices"=Online Services
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip

-----------------EOF-----------------
madness
Regular Member
 
Posts: 16
Joined: September 1st, 2008, 7:53 pm

Re: trojan.vundo!gen P

Unread postby Shaba » September 5th, 2008, 11:53 am

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

Azureus Vuze
BitTorrent 5.0.8
LimeWire 4.18.3
SoulSeek Client 156c


I'd like you to read the MRU policy for P2P Programs.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Delete info.txt in C:\RSIT folder

Please run a new RSIT scan when finished and post logs back here.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: trojan.vundo!gen P

Unread postby madness » September 5th, 2008, 5:19 pm

Logfile of random's system information tool (written by random/random)
Run by Random at 2008-09-05 14:18:17
Microsoft® Windows Vista™ Home Premium
System drive C: has 298 GB (80%) free of 373 GB
Total RAM: 2942 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:18:21 PM, on 9/5/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wuauclt.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Random\Downloads\RSIT(2).exe
C:\Program Files\Trend Micro\HijackThis\Random.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SnapfishMediaDetector] C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Random\AppData\Local\Temp\opnmJCrO.dll,c
O4 - HKCU\..\Run: [BM1d8b4aa6] Rundll32.exe "C:\Users\Random\AppData\Local\Temp\qlxfdvof.dll",s
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Random\AppData\Local\Temp\ssqOfEtR.dll,#1
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Snapfish Media Detector.lnk = C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Doyles Room Poker - {725E77D3-B919-4eef-8EEE-D09DE618B6C1} - C:\Microgaming\Poker\DoylesRoomMPP\MPPoker.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{4129B5DC-99F9-495A-8760-E0646DEAD679}: NameServer = 192.168.1.1
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11669 bytes

Scheduled tasks folder

C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Ian.job
C:\Windows\tasks\User_Feed_Synchronization-{A5E1E1A6-CF71-43E7-B1C3-7F98D3DD1B94}.job

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-11-29 436288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}]
c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll [2007-01-11 96936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2008-08-14 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll [2007-07-12 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-11-29 436288]
{90222687-F593-4738-B738-FBEE9C7B26DF} - Show Norton Toolbar - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll [2007-01-11 607888]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2007-06-09 1006264]
"hpsysdrv"=c:\hp\support\hpsysdrv.exe [2006-09-28 65536]
"KBD"=C:\HP\KBD\KbdStub.EXE [2006-12-08 65536]
"OsdMaestro"=C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [2007-02-15 118784]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-03-01 4390912]
""= []
"SnapfishMediaDetector"=C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe [2007-03-02 1441792]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-02-16 49152]
"ccApp"=c:\Program Files\Common Files\Symantec Shared\ccApp.exe [2007-01-09 115816]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2007-04-25 185896]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2007-07-06 86016]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-07-06 8466432]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-07-06 81920]
"Symantec PIF AlertEng"=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2007-11-28 583048]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe [2007-07-12 132496]
"MSConfig"=C:\Windows\System32\msconfig.exe [2006-11-02 222208]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"WPCUMI"=C:\Windows\system32\WpcUmi.exe [2006-11-02 176128]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-22 116040]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2008-09-02 1244848]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"=C:\Windows\SMINST\launcher.exe [2007-03-07 44168]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-09 1232896]
"WindowsWelcomeCenter"=C:\Windows\system32\oobefldr.dll [2006-11-02 2159104]
"HPADVISOR"=C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [2007-03-12 1773568]
"Aim6"=C:\Program Files\AIM6\aim6.exe [2007-04-27 50736]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2006-11-02 125440]
"MsnMsgr"=C:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]
"cmds"=C:\Users\Random\AppData\Local\Temp\opnmJCrO.dll []
"BM1d8b4aa6"=C:\Users\Random\AppData\Local\Temp\qlxfdvof.dll []
"MSServer"=C:\Users\Random\AppData\Local\Temp\ssqOfEtR.dll []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\AIM6\aim6.exe [2007-04-27 50736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recordpad]
C:\Program Files\NCH Swift Sound\Recordpad\recordpad.exe -logon []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VRSRun]
C:\Program Files\NCH Swift Sound\VRS\vrs.exe -logon []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^boyers^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Warkeys Update.lnk]
C:\Program Files\Warkeys\update\Warkeys Update.exe []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Snapfish Media Detector.lnk - C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe

C:\Users\Random\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1bb0612b-fa1e-11db-84bd-806e6f6e6963}]
shell\AutoRun\command - E:\Installer.exe


File associations

.reg - open - regedit.exe "%1" %*
.scr - open - "%1" %*

List of files/folders created in the last three months

2008-09-05 07:16:43 ----D---- C:\rsit
2008-09-05 07:05:53 ----D---- C:\Avenger
2008-09-05 07:05:53 ----A---- C:\avenger.txt
2008-09-04 20:41:22 ----D---- C:\Users\Random\AppData\Roaming\Malwarebytes
2008-09-04 20:41:16 ----D---- C:\ProgramData\Malwarebytes
2008-09-04 20:41:16 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-03 19:12:48 ----D---- C:\ie-spyad_zo
2008-09-03 18:34:58 ----D---- C:\Program Files\SpywareBlaster
2008-09-02 20:06:26 ----D---- C:\Program Files\Panda Security
2008-09-02 19:57:04 ----D---- C:\Users\Random\AppData\Roaming\NCH Swift Sound
2008-09-01 18:28:28 ----D---- C:\Program Files\a-squared Free
2008-09-01 13:48:17 ----D---- C:\Program Files\Trend Micro
2008-08-31 20:51:18 ----D---- C:\Program Files\MSN Messenger
2008-08-27 22:25:16----A----C:\ProgramData\pskt.ini
2008-08-27 22:25:16----A----C:\ProgramData\BM1d8b4aa6.txt
2008-08-27 19:18:56 ----D---- C:\Windows\system32\eMaxt02
2008-08-27 19:18:56 ----D---- C:\Temp
2008-08-23 18:35:15 ----D---- C:\Users\Random\AppData\Roaming\WildTangent
2008-08-22 18:23:00 ----D---- C:\Program Files\Apple Software Update
2008-08-22 18:21:47 ----D---- C:\Program Files\iPod
2008-08-22 18:21:42 ----D---- C:\Program Files\iTunes
2008-08-22 18:20:19 ----D---- C:\Program Files\Bonjour
2008-08-22 18:18:38 ----D---- C:\Program Files\QuickTime
2008-08-22 09:40:09 ----A---- C:\Windows\system32\wups2.dll
2008-08-22 09:40:09 ----A---- C:\Windows\system32\wucltux.dll
2008-08-22 09:40:09 ----A---- C:\Windows\system32\wuaueng.dll
2008-08-22 09:40:09 ----A---- C:\Windows\system32\wuauclt.exe
2008-08-22 09:39:29 ----A---- C:\Windows\system32\wups.dll
2008-08-22 09:39:29 ----A---- C:\Windows\system32\wudriver.dll
2008-08-22 09:39:29 ----A---- C:\Windows\system32\wuapi.dll
2008-08-22 09:39:17 ----A---- C:\Windows\system32\wuwebv.dll
2008-08-22 09:39:17 ----A---- C:\Windows\system32\wuapp.exe
2008-08-13 03:03:27 ----A---- C:\Windows\system32\tzres.dll
2008-08-12 23:44:06 ----A---- C:\Windows\system32\winipsec.dll
2008-08-12 23:44:06 ----A---- C:\Windows\system32\polstore.dll
2008-08-12 23:44:06 ----A---- C:\Windows\system32\IPSECSVC.DLL
2008-08-12 23:44:06 ----A---- C:\Windows\system32\FwRemoteSvr.dll
2008-08-12 23:44:02 ----A---- C:\Windows\system32\es.dll
2008-08-12 23:43:53 ----A---- C:\Windows\system32\mshtml.dll
2008-08-12 23:43:52 ----A---- C:\Windows\system32\wininet.dll
2008-08-12 23:43:52 ----A---- C:\Windows\system32\urlmon.dll
2008-08-12 23:43:52 ----A---- C:\Windows\system32\mshtmled.dll
2008-08-12 23:43:52 ----A---- C:\Windows\system32\ieframe.dll
2008-08-12 23:43:51 ----A---- C:\Windows\system32\mstime.dll
2008-08-12 23:43:51 ----A---- C:\Windows\system32\ieui.dll
2008-08-12 23:43:51 ----A---- C:\Windows\system32\iesetup.dll
2008-08-12 23:43:51 ----A---- C:\Windows\system32\iernonce.dll
2008-08-12 23:43:51 ----A---- C:\Windows\system32\ieapfltr.dll
2008-08-12 23:43:51 ----A---- C:\Windows\system32\ie4uinit.exe
2008-08-12 23:43:51 ----A---- C:\Windows\system32\dxtrans.dll
2008-08-12 23:43:51 ----A---- C:\Windows\system32\advpack.dll
2008-08-12 23:43:50 ----A---- C:\Windows\system32\jsproxy.dll
2008-08-12 23:43:50 ----A---- C:\Windows\system32\ieUnatt.exe
2008-08-12 23:43:50 ----A---- C:\Windows\system32\icardie.dll
2008-08-12 23:43:50 ----A---- C:\Windows\system32\dxtmsft.dll
2008-08-12 23:43:49 ----A---- C:\Windows\system32\pngfilt.dll
2008-08-12 23:43:33 ----A---- C:\Windows\system32\INETRES.dll
2008-08-12 23:43:33 ----A---- C:\Windows\system32\inetcomm.dll
2008-08-11 13:54:12 ----D---- C:\Program Files\Bodog Poker
2008-08-10 17:55:12 ----D---- C:\Program Files\Microsoft Silverlight
2008-08-09 12:31:02 ----D---- C:\ProgramData\PlayersOnly Poker
2008-08-07 20:04:31 ----D---- C:\Users\Random\AppData\Roaming\InstallShield Installation Information
2008-08-07 19:51:00 ----D---- C:\Users\Random\AppData\Roaming\Full Tilt Poker
2008-08-07 19:31:10 ----AD---- C:\Program Files\PlayersOnly Poker
2008-08-07 19:18:09 ----D---- C:\Users\Random\AppData\Roaming\Microgaming
2008-07-29 13:30:04 ----D---- C:\Users\Random\AppData\Roaming\Template
2008-07-24 17:08:49 ----D---- C:\downloads
2008-07-24 17:08:37 ----D---- C:\Program Files\Free Music Zilla
2008-07-23 20:36:55 ----D---- C:\Users\Random\AppData\Roaming\vlc
2008-07-21 07:05:50 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2008-07-21 07:05:48 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2008-07-21 07:05:39 ----A---- C:\Windows\system32\NlsData0009.dll
2008-07-21 07:05:38 ----A---- C:\Windows\system32\NlsData000c.dll
2008-07-21 07:05:38 ----A---- C:\Windows\system32\NlsData000a.dll
2008-07-21 07:05:38 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2008-07-21 07:05:36 ----A---- C:\Windows\system32\NlsData0027.dll
2008-07-21 07:05:36 ----A---- C:\Windows\system32\NlsData000d.dll
2008-07-21 07:05:36 ----A---- C:\Windows\system32\NlsData0001.dll
2008-07-21 07:05:35 ----A---- C:\Windows\system32\NlsData0011.dll
2008-07-21 07:05:35 ----A---- C:\Windows\system32\NlsData0007.dll
2008-07-21 07:05:34 ----A---- C:\Windows\system32\NlsData003e.dll
2008-07-21 07:05:34 ----A---- C:\Windows\system32\NlsData002a.dll
2008-07-21 07:05:34 ----A---- C:\Windows\system32\NlsData0024.dll
2008-07-21 07:05:34 ----A---- C:\Windows\system32\NlsData0022.dll
2008-07-21 07:05:34 ----A---- C:\Windows\system32\NlsData0021.dll
2008-07-21 07:05:34 ----A---- C:\Windows\system32\NlsData001a.dll
2008-07-21 07:05:34 ----A---- C:\Windows\system32\NlsData0018.dll
2008-07-21 07:05:34 ----A---- C:\Windows\system32\NlsData000f.dll
2008-07-21 07:05:34 ----A---- C:\Windows\system32\NlsData0002.dll
2008-07-21 07:05:33 ----A---- C:\Windows\system32\NlsData0816.dll
2008-07-21 07:05:33 ----A---- C:\Windows\system32\NlsData001d.dll
2008-07-21 07:05:33 ----A---- C:\Windows\system32\NlsData0019.dll
2008-07-21 07:05:33 ----A---- C:\Windows\system32\NlsData0010.dll
2008-07-21 07:05:32 ----A---- C:\Windows\system32\NlsData0049.dll
2008-07-21 07:05:32 ----A---- C:\Windows\system32\NlsData0039.dll
2008-07-21 07:05:32 ----A---- C:\Windows\system32\NlsData0020.dll
2008-07-21 07:05:32 ----A---- C:\Windows\system32\NlsData0013.dll
2008-07-21 07:05:31 ----A---- C:\Windows\system32\NlsData0416.dll
2008-07-21 07:05:30 ----A---- C:\Windows\system32\NlsData0414.dll
2008-07-21 07:05:28 ----A---- C:\Windows\system32\NlsData004c.dll
2008-07-21 07:05:28 ----A---- C:\Windows\system32\NlsData004a.dll
2008-07-21 07:05:28 ----A---- C:\Windows\system32\NlsData0047.dll
2008-07-21 07:05:27 ----A---- C:\Windows\system32\NlsData081a.dll
2008-07-21 07:05:26 ----A---- C:\Windows\system32\NlsData0c1a.dll
2008-07-21 07:05:26 ----A---- C:\Windows\system32\NlsData0046.dll
2008-07-21 07:05:26 ----A---- C:\Windows\system32\NlsData0045.dll
2008-07-21 07:05:26 ----A---- C:\Windows\system32\NlsData001b.dll
2008-07-21 07:05:26 ----A---- C:\Windows\system32\NlsData0000.dll
2008-07-21 07:05:25 ----A---- C:\Windows\system32\NlsData004e.dll
2008-07-21 07:05:25 ----A---- C:\Windows\system32\NlsData004b.dll
2008-07-21 07:05:25 ----A---- C:\Windows\system32\NlsData0026.dll
2008-07-21 07:05:25 ----A---- C:\Windows\system32\NlsData0003.dll
2008-07-21 07:05:11 ----A---- C:\Windows\system32\NlsModels0011.dll
2008-07-21 07:05:10 ----A---- C:\Windows\system32\NlsLexicons0c1a.dll
2008-07-21 07:05:08 ----A---- C:\Windows\system32\NlsLexicons081a.dll
2008-07-21 07:05:07 ----A---- C:\Windows\system32\NlsLexicons0816.dll
2008-07-21 07:05:07 ----A---- C:\Windows\system32\NlsLexicons0416.dll
2008-07-21 07:05:07 ----A---- C:\Windows\system32\NlsLexicons0414.dll
2008-07-21 07:05:06 ----A---- C:\Windows\system32\NlsLexicons004c.dll
2008-07-21 07:05:06 ----A---- C:\Windows\system32\NlsLexicons004a.dll
2008-07-21 07:05:06 ----A---- C:\Windows\system32\NlsLexicons003e.dll
2008-07-21 07:05:06 ----A---- C:\Windows\system32\NlsLexicons0027.dll
2008-07-21 07:05:06 ----A---- C:\Windows\system32\NlsLexicons0026.dll
2008-07-21 07:05:05 ----A---- C:\Windows\system32\NlsLexicons0024.dll
2008-07-21 07:05:05 ----A---- C:\Windows\system32\NlsLexicons0022.dll
2008-07-21 07:05:05 ----A---- C:\Windows\system32\NlsLexicons0021.dll
2008-07-21 07:05:05 ----A---- C:\Windows\system32\NlsLexicons001d.dll
2008-07-21 07:05:05 ----A---- C:\Windows\system32\NlsLexicons001b.dll
2008-07-21 07:05:04 ----A---- C:\Windows\system32\NlsLexicons001a.dll
2008-07-21 07:05:04 ----A---- C:\Windows\system32\NlsLexicons0019.dll
2008-07-21 07:05:04 ----A---- C:\Windows\system32\NlsLexicons0018.dll
2008-07-21 07:05:04 ----A---- C:\Windows\system32\NlsLexicons0013.dll
2008-07-21 07:05:04 ----A---- C:\Windows\system32\NlsLexicons0011.dll
2008-07-21 07:05:03 ----A---- C:\Windows\system32\NlsLexicons0010.dll
2008-07-21 07:05:03 ----A---- C:\Windows\system32\NlsLexicons000f.dll
2008-07-21 07:05:03 ----A---- C:\Windows\system32\NlsLexicons000c.dll
2008-07-21 07:05:03 ----A---- C:\Windows\system32\NlsLexicons000a.dll
2008-07-21 07:05:02 ----A---- C:\Windows\system32\NlsLexicons004e.dll
2008-07-21 07:05:02 ----A---- C:\Windows\system32\NlsLexicons004b.dll
2008-07-21 07:05:02 ----A---- C:\Windows\system32\NlsLexicons0049.dll
2008-07-21 07:05:02 ----A---- C:\Windows\system32\NlsLexicons0047.dll
2008-07-21 07:05:02 ----A---- C:\Windows\system32\NlsLexicons0002.dll
2008-07-21 07:05:02 ----A---- C:\Windows\system32\NlsLexicons0001.dll
2008-07-21 07:05:01 ----A---- C:\Windows\system32\NlsLexicons0046.dll
2008-07-21 07:05:01 ----A---- C:\Windows\system32\NlsLexicons0045.dll
2008-07-21 07:05:01 ----A---- C:\Windows\system32\NlsLexicons0039.dll
2008-07-21 07:05:01 ----A---- C:\Windows\system32\NlsLexicons002a.dll
2008-07-21 07:05:01 ----A---- C:\Windows\system32\NlsLexicons0020.dll
2008-07-21 07:05:01 ----A---- C:\Windows\system32\NlsLexicons000d.dll
2008-07-21 07:05:01 ----A---- C:\Windows\system32\NlsLexicons0003.dll
2008-07-16 18:49:25 ----D---- C:\Users\Random\AppData\Roaming\LimeWire
2008-07-14 14:44:29 ----D---- C:\Users\Random\AppData\Roaming\WinRAR
2008-07-14 02:13:48 ----D---- C:\Users\Random\AppData\Roaming\Ventrilo
2008-07-11 22:20:51 ----D---- C:\Users\Random\AppData\Roaming\acccore
2008-07-09 03:58:23 ----A---- C:\Windows\system32\shell32.dll
2008-07-08 20:15:29 ----D---- C:\Users\Random\AppData\Roaming\Apple Computer
2008-07-08 10:47:25 ----D---- C:\Users\Random\AppData\Roaming\Microsoft Games
2008-07-07 13:26:06 ----D---- C:\Program Files\Mixxx
2008-07-07 10:38:43 ----D---- C:\Program Files\UltraMixer
2008-07-07 09:16:10 ----D---- C:\Program Files\att-aace
2008-07-07 09:16:00 ----D---- C:\ProgramData\Motive
2008-07-07 09:15:53 ----D---- C:\Program Files\Common Files\Motive
2008-07-07 09:15:47 ----D---- C:\Program Files\ATT
2008-07-03 10:52:42 ----D---- C:\Users\Random\AppData\Roaming\Macromedia
2008-07-03 10:52:42 ----D---- C:\Users\Random\AppData\Roaming\Adobe
2008-07-03 10:40:37 ----D---- C:\Users\Random\AppData\Roaming\Hewlett-Packard
2008-07-03 02:33:57 ----D---- C:\Users\Random\AppData\Roaming\Mozilla
2008-07-03 02:15:24 ----D---- C:\Users\Random\AppData\Roaming\Snapfish
2008-07-03 02:15:22 ----D---- C:\Users\Random\AppData\Roaming\Real
2008-07-03 02:14:59 ----D---- C:\Users\Random\AppData\Roaming\Identities
2008-07-03 02:14:32 ----SD---- C:\Users\Random\AppData\Roaming\Microsoft
2008-07-03 02:14:32 ----D---- C:\Users\Random\AppData\Roaming\Media Center Programs
2008-07-02 21:16:51 ----D---- C:\Program Files\PokerStars
2008-06-20 12:34:31 ----D---- C:\Shared
2008-06-19 11:54:56 ----D---- C:\ProgramData\Spybot - Search & Destroy
2008-06-19 11:54:56 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-06-16 10:25:09 ----D---- C:\Program Files\NCSoft
2008-06-15 16:21:31 ----A---- C:\Windows\system32\7100.bat
2008-06-15 15:48:48 ----A---- C:\Windows\system32\8225.bat
2008-06-14 03:31:20 ----A---- C:\Windows\system32\EncDec.dll
2008-06-14 03:31:18 ----A---- C:\Windows\system32\psisdecd.dll
2008-06-14 03:31:17 ----A---- C:\Windows\system32\mcmde.dll
2008-06-13 23:32:49 ----D---- C:\Program Files\Mozilla ActiveX Control v1.7.12
2008-06-13 23:32:33 ----D---- C:\Program Files\VideoLAN
2008-06-13 23:32:31 ----D---- C:\Program Files\Graboid
2008-06-11 04:13:43 ----A---- C:\Windows\system32\quartz.dll
2008-06-11 04:13:40 ----A---- C:\Windows\system32\wshrm.dll

List of drivers

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2007-08-14 395312]
R1 IDSvix86;Symantec Intrusion Prevention Driver; \??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20070813.001\IDSvix86.sys [2007-06-07 212280]
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [2007-01-03 417592]
R1 SRTSPX;SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [2007-01-11 25400]
R1 SYMTDI;SYMTDI; C:\Windows\system32\System32\Drivers\SYMTDI.SYS []
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 npkcrypt;npkcrypt; \??\C:\Nexon\MapleStory\npkcrypt.sys [2007-07-25 23217]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 8704]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2007-08-14 112688]
R3 GEARAspiWDM;GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HSF_DP;HSF_DP; C:\Windows\system32\DRIVERS\HSX_DP.sys [2008-05-08 980992]
R3 HSXHWBS2;HSXHWBS2; C:\Windows\system32\DRIVERS\HSXHWBS2.sys [2008-05-08 266752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-03-01 1744928]
R3 NAVENG;NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20070815.008\NAVENG.SYS [2007-07-23 81232]
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20070815.008\NAVEX15.SYS [2007-07-23 865904]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-05-04 1065384]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-07-06 7568832]
R3 Ps2;PS2; C:\Windows\system32\DRIVERS\PS2.sys [2005-12-12 19072]
R3 SRTSP;SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [2007-01-11 247608]
R3 SYMDNS;SYMDNS; C:\Windows\system32\System32\Drivers\SYMDNS.SYS []
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2007-04-25 115000]
R3 SYMFW;SYMFW; C:\Windows\system32\System32\Drivers\SYMFW.SYS []
R3 SYMIDS;SYMIDS; C:\Windows\system32\System32\Drivers\SYMIDS.SYS []
R3 SYMNDISV;SYMNDISV; C:\Windows\system32\System32\Drivers\SYMNDISV.SYS []
R3 SYMREDRV;SYMREDRV; C:\Windows\system32\System32\Drivers\SYMREDRV.SYS []
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-05-08 661504]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]
S3 cdrmkaun;cdrmkaun; \??\C:\Users\Ian\AppData\Local\Temp\cdrmkaun.sys [2006-09-01 15872]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2007-11-28 19712]
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2007-11-28 18304]
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 SRTSPL;SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [2007-01-11 276792]
S3 UMPass;Microsoft UMPass Driver; C:\Windows\system32\DRIVERS\umpass.sys [2006-11-02 7168]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2007-10-31 30464]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\system32\drivers\wmiacpi.sys []

List of services

R2 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2008-07-31 380536]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-01-05 554616]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 ccEvtMgr;Symantec Event Manager; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-09 108648]
R2 ccSetMgr;Symantec Settings Manager; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-09 108648]
R2 CLTNetCnService;Symantec Lic NetConnect service; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-09 108648]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-09 108648]
R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2007-11-28 303104]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 810320]
R2 SymAppCore;Symantec AppCore Service; c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe [2007-01-04 47712]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-18 386560]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264]
R3 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2007-11-05 1252232]
S2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2007-11-28 583048]
S3 comHost;COM Host; c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [2007-01-12 49248]
S3 IDriverT;InstallDriver Table Manager; c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 ISPwdSvc;Symantec IS Password Validation; c:\Program Files\Norton Internet Security\isPwdSvc.exe [2007-01-13 80504]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-01-05 2918008]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 RoxMediaDB9;RoxMediaDB9; c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-03-26 887544]
S3 stllssvr;stllssvr; c:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-03-08 74656]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2006-11-02 22016]

-----------------EOF-----------------
madness
Regular Member
 
Posts: 16
Joined: September 1st, 2008, 7:53 pm

Re: trojan.vundo!gen P

Unread postby Shaba » September 6th, 2008, 4:44 am

Please post also a fresh info.txt from C:\RSIT folder
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: trojan.vundo!gen P

Unread postby madness » September 6th, 2008, 1:54 pm

when i run rsit it only gives me a log.txt no info
madness
Regular Member
 
Posts: 16
Joined: September 1st, 2008, 7:53 pm

Re: trojan.vundo!gen P

Unread postby madness » September 6th, 2008, 1:56 pm

ok i figured it out never mind.

info.txt logfile of random's system information tool 2008-09-06 10:55:41

Uninstall list

-->"C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Blackhawk Striker 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Blasterball 3\Uninstall.exe"
-->"C:\Program Files\HP Games\Bookworm Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Bounce Symphony\Uninstall.exe"
-->"C:\Program Files\HP Games\Cake Mania\Uninstall.exe"
-->"C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Crystal Maze\Uninstall.exe"
-->"C:\Program Files\HP Games\Cue Master\Uninstall.exe"
-->"C:\Program Files\HP Games\Diner Dash\Uninstall.exe"
-->"C:\Program Files\HP Games\Family Feud\Uninstall.exe"
-->"C:\Program Files\HP Games\FATE\Uninstall.exe"
-->"C:\Program Files\HP Games\Final Drive Nitro\Uninstall.exe"
-->"C:\Program Files\HP Games\Flip Words\Uninstall.exe"
-->"C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\JEOPARDY\Uninstall.exe"
-->"C:\Program Files\HP Games\Jewel Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\My HP Game Console\Uninstall.exe"
-->"C:\Program Files\HP Games\Otto\Uninstall.exe"
-->"C:\Program Files\HP Games\Overball\Uninstall.exe"
-->"C:\Program Files\HP Games\Penguins!\Uninstall.exe"
-->"C:\Program Files\HP Games\Phoenix Assault\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Tubing\Uninstall.exe"
-->"C:\Program Files\HP Games\Ricochet Lost Worlds\Uninstall.exe"
-->"C:\Program Files\HP Games\SCRABBLE\Uninstall.exe"
-->"C:\Program Files\HP Games\Super Granny\Uninstall.exe"
-->"C:\Program Files\HP Games\Tradewinds\Uninstall.exe"
-->"C:\Program Files\HP Games\Wheel of Fortune\Uninstall.exe"
-->"C:\Program Files\HP Games\Zuma Deluxe\Uninstall.exe"
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 9 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
AIM 6-->C:\Program Files\AIM6\uninst.exe
AnswerWorks 4.0 Runtime - English-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9 -removeonly
AppCore-->MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Mobile Device Support-->MsiExec.exe /I{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ASIO4ALL-->C:\Program Files\ASIO4ALL v2\uninstall.exe
a-squared Free 3.5-->"C:\Program Files\a-squared Free\unins000.exe"
AT&T Yahoo! Internet Mail-->C:\Windows\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\Ymmapi.dll
ATT-AACE-->C:\PROGRA~1\ATT\UNWISE.EXE C:\PROGRA~1\ATT\INSTALL.LOG
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
AV-->MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
Bodog Poker Version 2.15.9.3-->"C:\Program Files\Bodog Poker\unins000.exe"
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
BSR Screen Recorder 4-->C:\Program Files\BSR Screen Recorder 4\Uninstall Screen Recorder 4.exe
ccCommon-->MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
Collab-->C:\Program Files\Image-Line\Collab\uninstall.exe
Diablo II-->C:\Windows\DIIUnin.exe C:\Windows\DIIUnin.dat
Doyles Room Poker-->C:\MICROG~1\Poker\DOYLES~1\DOYLES~1\UNWISE.EXE C:\MICROG~1\Poker\DOYLES~1\DOYLES~1\INSTALL.LOG
Enhanced Multimedia Keyboard Solution-->C:\HP\KBD\Install.exe /u
FL Studio 8-->C:\Program Files\Image-Line\FL Studio 8\uninstall.exe
FoxyTunes for Firefox-->"C:\Program Files\Mozilla Firefox\firefox.exe" -chrome chrome://foxytunes/content/extras/uninstallExtension.xul
Free Music Zilla-->"C:\Program Files\Free Music Zilla\unins000.exe"
Garena-->C:\Program Files\InstallShield Installation Information\{89C89156-A70F-4C6D-9CAE-2EA71F1396FE}\setup.exe -runfromtemp -l0x0009 -removeonly
Graboid Video 1.2-->C:\Program Files\Graboid\uninst.exe
Guild Wars-->"C:\Program Files\Guild Wars\Gw.exe" -uninstall
Hardware Diagnostic Tools-->C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}\setup.exe" -l0x9 -removeonly
HP Customer Feedback-->MsiExec.exe /I{9DBA770F-BF73-4D39-B1DF-6035D95268FC}
HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40F7AED3-0C7D-4582-99F6-484A515C73F2}\setup.exe" -l0x9 -removeonly
HP On-Screen Cap/Num/Scroll Lock Indicator-->C:\Windows\system32\OsdRemove.exe
HP Photosmart Essential 2.0-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Picasso Media Center Add-In-->MsiExec.exe /I{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}
HP Total Care Advisor-->MsiExec.exe /X{2990BC81-3B19-4E53-A53E-30DE3F1BFFA8}
HP Update-->MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
IL Download Manager-->C:\Program Files\Image-Line\Downloader\uninstall.exe
iTunes-->MsiExec.exe /I{3DE0053C-FD9A-483E-B7C9-B06E4392206E}
J2SE Runtime Environment 5.0 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
Japanese Fonts Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5760-0000-800000000003}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
LiveUpdate 3.2 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation)-->MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MapleStory-->MsiExec.exe /I{F99C5427-4D78-43E2-B97E-F4C4E622D612}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Rise Of Nations-->"C:\Program Files\Microsoft Games\Rise of Nations\UNINSTAL.EXE" /runtemp /addremove
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Mozilla ActiveX Control v1.7.12-->C:\Program Files\Mozilla ActiveX Control v1.7.12\uninst.exe
Mozilla Firefox (3.0.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSRedist-->MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
muvee autoProducer 6.0-->C:\Program Files\InstallShield Installation Information\{6AF49698-949A-4C89-9B31-041D2CCB5FBD}\setup.exe -runfromtemp -l0x0009 -removeonly
My HP Games-->"C:\Program Files\HP Games\Uninstall.exe"
Norton AntiVirus-->MsiExec.exe /X{830D8CBD-C668-49e2-A969-C2C2106332E0}
Norton Confidential Browser Component-->MsiExec.exe /I{4843B611-8FCB-4428-8C23-31D0A5EAE164}
Norton Confidential Web Protection Component-->MsiExec.exe /I{D353CC51-430D-4C6F-9B7E-52003DA1E05A}
Norton Internet Security (Symantec Corporation)-->"C:\Program Files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_2_0_30\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}.exe" /X
Norton Internet Security-->MsiExec.exe /I{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}
Norton Internet Security-->MsiExec.exe /I{48185814-A224-447A-81DA-71BD20580E1B}
Norton Internet Security-->MsiExec.exe /I{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}
Norton Internet Security-->MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Internet Security-->MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Protection Center-->MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}
NSIS Mixxx-->"C:\Program Files\Mixxx\uninstall.exe"
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PlayersOnly Poker-->C:\Program Files\PlayersOnly Poker\uninstall.exe
PlayNC Launcher-->"C:\Program Files\InstallShield Installation Information\{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}\setup.exe" -runfromtemp -l0x0009 -removeonly
Pocket Tanks v1.3-->"C:\Program Files\Pocket Tanks\unins000.exe"
PoiZone-->C:\Program Files\Image-Line\PoiZone\uninstall.exe
PokerStars-->"C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:PokerStars
Python 2.4.3-->MsiExec.exe /I{75E71ADD-042C-4F30-BFAC-A9EC42351313}
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Replay Media Catcher-->"C:\Windows\Replay Media Catcher\uninstall.exe" "/U:C:\Program Files\Replay Media Catcher\Uninstall\uninstall.xml"
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Rhapsody-->C:\PROGRA~1\Rhapsody\Unwise32.exe /A C:\PROGRA~1\Rhapsody\install.log
Roxio Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Roxio Creator Audio-->MsiExec.exe /X{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator Basic v9-->MsiExec.exe /X{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Copy-->MsiExec.exe /X{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data-->MsiExec.exe /X{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator EasyArchive-->MsiExec.exe /X{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
Roxio Creator Tools-->MsiExec.exe /X{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler 3-->MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD Basic v9-->MsiExec.exe /X{938B1CD7-7C60-491E-AA90-1F1888168240}
Snapfish Media Detector-->MsiExec.exe /X{4EF6FDB0-3B11-4820-9860-8E08E9965195}
Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\UIU32m.exe -U -ITrx200Cz.INF
Soldat 1.4.2-->"C:\Soldat\unins000.exe"
Soldat 1.4.2-->"C:\Soldat\unins001.exe"
SPBBC 32bit-->MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster 4.1-->"C:\Program Files\SpywareBlaster\unins000.exe"
Star Wars®: Knights of the Old Republic (TM)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}\setup.exe" -l0x9
Symantec Real Time Storage Protection Component-->MsiExec.exe /I{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}
SymNet-->MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
The Sims 2-->C:\Program Files\EA GAMES\The Sims 2\EAUninstall.exe
Total Video Converter 3.11-->"C:\Program Files\Total Video Converter\unins000.exe"
Toxic Biohazard-->C:\Program Files\Image-Line\Toxic Biohazard\uninstall.exe
TurboTax Deluxe 2007-->C:\Program Files\TurboTax\Deluxe 2007\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2007\Uninstall.log" -NoGui
UltraMixer 2.3.3-->"C:\Program Files\UltraMixer\unins000.exe"
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Ventrilo Server-->MsiExec.exe /I{1D46A3A0-B37D-423A-91C2-101A49E2FF80}
VideoLAN VLC media player 0.8.6d-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Warcraft III-->C:\Windows\War3Unin.exe C:\Windows\War3Unin.dat
Warkeys 1.7.0.0b-->C:\Users\boyers\Desktop\Warkeys\uninst.exe
WavePad Uninstall-->C:\Program Files\NCH Swift Sound\WavePad\uninst.exe
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe"
Yahoo! Install Manager-->C:\Windows\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Toolbar for Internet Explorer-->C:\PROGRA~1\Yahoo!\Common\unyt.exe

Hosts File

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

Security center information

AS: Spybot - Search and Destroy (disabled) (outdated)

Environment variables

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\hp\bin\Python;c:\Program Files\Common Files\Roxio Shared\DLLShared\;c:\Program Files\Common Files\Roxio Shared\DLLShared\;c:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 107 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=6b01
"NUMBER_OF_PROCESSORS"=2
"RoxioCentral"=c:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"PLATFORM"=HPD
"PCBRAND"=Pavilion
"OnlineServices"=Online Services
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip

-----------------EOF-----------------
madness
Regular Member
 
Posts: 16
Joined: September 1st, 2008, 7:53 pm

Re: trojan.vundo!gen P

Unread postby Shaba » September 6th, 2008, 2:17 pm

Open HijackThis, click do a system scan only and checkmark these:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Random\AppData\Local\Temp\opnmJCrO.dll,c
O4 - HKCU\..\Run: [BM1d8b4aa6] Rundll32.exe "C:\Users\Random\AppData\Local\Temp\qlxfdvof.dll",s
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Random\AppData\Local\Temp\ssqOfEtR.dll,#1


Close all windows including browser and press fix checked.

Reboot.

Delete these:

C:\ProgramData\pskt.ini
C:\ProgramData\BM1d8b4aa6.txt
C:\Windows\system32\eMaxt02

Empty Recycle Bin.

Re-run rsit.

Post rsit.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: trojan.vundo!gen P

Unread postby madness » September 6th, 2008, 2:36 pm

C:\Windows\system32\eMaxt02 was not to be found. i may have been look in the wrong place but i don't think so.

Logfile of random's system information tool (written by random/random)
Run by Random at 2008-09-06 11:52:04
Microsoft® Windows Vista™ Home Premium
System drive C: has 296 GB (79%) free of 373 GB
Total RAM: 2942 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:52:07 AM, on 9/6/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\rundll32.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Random\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Random.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SnapfishMediaDetector] C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Snapfish Media Detector.lnk = C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Doyles Room Poker - {725E77D3-B919-4eef-8EEE-D09DE618B6C1} - C:\Microgaming\Poker\DoylesRoomMPP\MPPoker.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{4129B5DC-99F9-495A-8760-E0646DEAD679}: NameServer = 192.168.1.1
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11271 bytes

Scheduled tasks folder

C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Ian.job
C:\Windows\tasks\User_Feed_Synchronization-{A5E1E1A6-CF71-43E7-B1C3-7F98D3DD1B94}.job

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-11-29 436288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}]
c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll [2007-01-11 96936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2008-08-14 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll [2007-07-12 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-11-29 436288]
{90222687-F593-4738-B738-FBEE9C7B26DF} - Show Norton Toolbar - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll [2007-01-11 607888]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2007-06-09 1006264]
"hpsysdrv"=c:\hp\support\hpsysdrv.exe [2006-09-28 65536]
"KBD"=C:\HP\KBD\KbdStub.EXE [2006-12-08 65536]
"OsdMaestro"=C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [2007-02-15 118784]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-03-01 4390912]
""= []
"SnapfishMediaDetector"=C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe [2007-03-02 1441792]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-02-16 49152]
"ccApp"=c:\Program Files\Common Files\Symantec Shared\ccApp.exe [2007-01-09 115816]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2007-04-25 185896]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2007-07-06 86016]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-07-06 8466432]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-07-06 81920]
"Symantec PIF AlertEng"=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2007-11-28 583048]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe [2007-07-12 132496]
"MSConfig"=C:\Windows\System32\msconfig.exe [2006-11-02 222208]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"WPCUMI"=C:\Windows\system32\WpcUmi.exe [2006-11-02 176128]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-22 116040]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2008-09-02 1244848]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"=C:\Windows\SMINST\launcher.exe [2007-03-07 44168]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-09 1232896]
"WindowsWelcomeCenter"=C:\Windows\system32\oobefldr.dll [2006-11-02 2159104]
"HPADVISOR"=C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [2007-03-12 1773568]
"Aim6"=C:\Program Files\AIM6\aim6.exe [2007-04-27 50736]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2006-11-02 125440]
"MsnMsgr"=C:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\AIM6\aim6.exe [2007-04-27 50736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recordpad]
C:\Program Files\NCH Swift Sound\Recordpad\recordpad.exe -logon []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VRSRun]
C:\Program Files\NCH Swift Sound\VRS\vrs.exe -logon []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^boyers^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Warkeys Update.lnk]
C:\Program Files\Warkeys\update\Warkeys Update.exe []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Snapfish Media Detector.lnk - C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe

C:\Users\Random\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1bb0612b-fa1e-11db-84bd-806e6f6e6963}]
shell\AutoRun\command - E:\Installer.exe


File associations

.reg - open - regedit.exe "%1" %*
.scr - open - "%1" %*

List of files/folders created in the last three months

2008-09-06 09:33:03 ----D---- C:\Users\Random\AppData\Roaming\Soldat
2008-09-05 07:16:43 ----D---- C:\rsit
2008-09-05 07:05:53 ----D---- C:\Avenger
2008-09-05 07:05:53 ----A---- C:\avenger.txt
2008-09-04 20:41:22 ----D---- C:\Users\Random\AppData\Roaming\Malwarebytes
2008-09-04 20:41:16 ----D---- C:\ProgramData\Malwarebytes
2008-09-04 20:41:16 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-03 19:12:48 ----D---- C:\ie-spyad_zo
2008-09-03 18:34:58 ----D---- C:\Program Files\SpywareBlaster
2008-09-02 20:06:26 ----D---- C:\Program Files\Panda Security
2008-09-02 19:57:04 ----D---- C:\Users\Random\AppData\Roaming\NCH Swift Sound
2008-09-01 18:28:28 ----D---- C:\Program Files\a-squared Free
2008-09-01 13:48:17 ----D---- C:\Program Files\Trend Micro
2008-08-31 20:51:18 ----D---- C:\Program Files\MSN Messenger
2008-08-27 19:18:56 ----D---- C:\Windows\system32\eMaxt02
2008-08-27 19:18:56 ----D---- C:\Temp
2008-08-23 18:35:15 ----D---- C:\Users\Random\AppData\Roaming\WildTangent
2008-08-22 18:23:00 ----D---- C:\Program Files\Apple Software Update
2008-08-22 18:21:47 ----D---- C:\Program Files\iPod
2008-08-22 18:21:42 ----D---- C:\Program Files\iTunes
2008-08-22 18:20:19 ----D---- C:\Program Files\Bonjour
2008-08-22 18:18:38 ----D---- C:\Program Files\QuickTime
2008-08-22 09:40:09 ----A---- C:\Windows\system32\wups2.dll
2008-08-22 09:40:09 ----A---- C:\Windows\system32\wucltux.dll
2008-08-22 09:40:09 ----A---- C:\Windows\system32\wuaueng.dll
2008-08-22 09:40:09 ----A---- C:\Windows\system32\wuauclt.exe
2008-08-22 09:39:29 ----A---- C:\Windows\system32\wups.dll
2008-08-22 09:39:29 ----A---- C:\Windows\system32\wudriver.dll
2008-08-22 09:39:29 ----A---- C:\Windows\system32\wuapi.dll
2008-08-22 09:39:17 ----A---- C:\Windows\system32\wuwebv.dll
2008-08-22 09:39:17 ----A---- C:\Windows\system32\wuapp.exe
2008-08-13 03:03:27 ----A---- C:\Windows\system32\tzres.dll
2008-08-12 23:44:06 ----A---- C:\Windows\system32\winipsec.dll
2008-08-12 23:44:06 ----A---- C:\Windows\system32\polstore.dll
2008-08-12 23:44:06 ----A---- C:\Windows\system32\IPSECSVC.DLL
2008-08-12 23:44:06 ----A---- C:\Windows\system32\FwRemoteSvr.dll
2008-08-12 23:44:02 ----A---- C:\Windows\system32\es.dll
2008-08-12 23:43:53 ----A---- C:\Windows\system32\mshtml.dll
2008-08-12 23:43:52 ----A---- C:\Windows\system32\wininet.dll
2008-08-12 23:43:52 ----A---- C:\Windows\system32\urlmon.dll
2008-08-12 23:43:52 ----A---- C:\Windows\system32\mshtmled.dll
2008-08-12 23:43:52 ----A---- C:\Windows\system32\ieframe.dll
2008-08-12 23:43:51 ----A---- C:\Windows\system32\mstime.dll
2008-08-12 23:43:51 ----A---- C:\Windows\system32\ieui.dll
2008-08-12 23:43:51 ----A---- C:\Windows\system32\iesetup.dll
2008-08-12 23:43:51 ----A---- C:\Windows\system32\iernonce.dll
2008-08-12 23:43:51 ----A---- C:\Windows\system32\ieapfltr.dll
2008-08-12 23:43:51 ----A---- C:\Windows\system32\ie4uinit.exe
2008-08-12 23:43:51 ----A---- C:\Windows\system32\dxtrans.dll
2008-08-12 23:43:51 ----A---- C:\Windows\system32\advpack.dll
2008-08-12 23:43:50 ----A---- C:\Windows\system32\jsproxy.dll
2008-08-12 23:43:50 ----A---- C:\Windows\system32\ieUnatt.exe
2008-08-12 23:43:50 ----A---- C:\Windows\system32\icardie.dll
2008-08-12 23:43:50 ----A---- C:\Windows\system32\dxtmsft.dll
2008-08-12 23:43:49 ----A---- C:\Windows\system32\pngfilt.dll
2008-08-12 23:43:33 ----A---- C:\Windows\system32\INETRES.dll
2008-08-12 23:43:33 ----A---- C:\Windows\system32\inetcomm.dll
2008-08-11 13:54:12 ----D---- C:\Program Files\Bodog Poker
2008-08-10 17:55:12 ----D---- C:\Program Files\Microsoft Silverlight
2008-08-09 12:31:02 ----D---- C:\ProgramData\PlayersOnly Poker
2008-08-07 20:04:31 ----D---- C:\Users\Random\AppData\Roaming\InstallShield Installation Information
2008-08-07 19:51:00 ----D---- C:\Users\Random\AppData\Roaming\Full Tilt Poker
2008-08-07 19:31:10 ----AD---- C:\Program Files\PlayersOnly Poker
2008-08-07 19:18:09 ----D---- C:\Users\Random\AppData\Roaming\Microgaming
2008-07-29 13:30:04 ----D---- C:\Users\Random\AppData\Roaming\Template
2008-07-24 17:08:49 ----D---- C:\downloads
2008-07-24 17:08:37 ----D---- C:\Program Files\Free Music Zilla
2008-07-23 20:36:55 ----D---- C:\Users\Random\AppData\Roaming\vlc
2008-07-21 07:05:50 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2008-07-21 07:05:48 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2008-07-21 07:05:39 ----A---- C:\Windows\system32\NlsData0009.dll
2008-07-21 07:05:38 ----A---- C:\Windows\system32\NlsData000c.dll
2008-07-21 07:05:38 ----A---- C:\Windows\system32\NlsData000a.dll
2008-07-21 07:05:38 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2008-07-21 07:05:36 ----A---- C:\Windows\system32\NlsData0027.dll
2008-07-21 07:05:36 ----A---- C:\Windows\system32\NlsData000d.dll
2008-07-21 07:05:36 ----A---- C:\Windows\system32\NlsData0001.dll
2008-07-21 07:05:35 ----A---- C:\Windows\system32\NlsData0011.dll
2008-07-21 07:05:35 ----A---- C:\Windows\system32\NlsData0007.dll
2008-07-21 07:05:34 ----A---- C:\Windows\system32\NlsData003e.dll
2008-07-21 07:05:34 ----A---- C:\Windows\system32\NlsData002a.dll
2008-07-21 07:05:34 ----A---- C:\Windows\system32\NlsData0024.dll
2008-07-21 07:05:34 ----A---- C:\Windows\system32\NlsData0022.dll
2008-07-21 07:05:34 ----A---- C:\Windows\system32\NlsData0021.dll
2008-07-21 07:05:34 ----A---- C:\Windows\system32\NlsData001a.dll
2008-07-21 07:05:34 ----A---- C:\Windows\system32\NlsData0018.dll
2008-07-21 07:05:34 ----A---- C:\Windows\system32\NlsData000f.dll
2008-07-21 07:05:34 ----A---- C:\Windows\system32\NlsData0002.dll
2008-07-21 07:05:33 ----A---- C:\Windows\system32\NlsData0816.dll
2008-07-21 07:05:33 ----A---- C:\Windows\system32\NlsData001d.dll
2008-07-21 07:05:33 ----A---- C:\Windows\system32\NlsData0019.dll
2008-07-21 07:05:33 ----A---- C:\Windows\system32\NlsData0010.dll
2008-07-21 07:05:32 ----A---- C:\Windows\system32\NlsData0049.dll
2008-07-21 07:05:32 ----A---- C:\Windows\system32\NlsData0039.dll
2008-07-21 07:05:32 ----A---- C:\Windows\system32\NlsData0020.dll
2008-07-21 07:05:32 ----A---- C:\Windows\system32\NlsData0013.dll
2008-07-21 07:05:31 ----A---- C:\Windows\system32\NlsData0416.dll
2008-07-21 07:05:30 ----A---- C:\Windows\system32\NlsData0414.dll
2008-07-21 07:05:28 ----A---- C:\Windows\system32\NlsData004c.dll
2008-07-21 07:05:28 ----A---- C:\Windows\system32\NlsData004a.dll
2008-07-21 07:05:28 ----A---- C:\Windows\system32\NlsData0047.dll
2008-07-21 07:05:27 ----A---- C:\Windows\system32\NlsData081a.dll
2008-07-21 07:05:26 ----A---- C:\Windows\system32\NlsData0c1a.dll
2008-07-21 07:05:26 ----A---- C:\Windows\system32\NlsData0046.dll
2008-07-21 07:05:26 ----A---- C:\Windows\system32\NlsData0045.dll
2008-07-21 07:05:26 ----A---- C:\Windows\system32\NlsData001b.dll
2008-07-21 07:05:26 ----A---- C:\Windows\system32\NlsData0000.dll
2008-07-21 07:05:25 ----A---- C:\Windows\system32\NlsData004e.dll
2008-07-21 07:05:25 ----A---- C:\Windows\system32\NlsData004b.dll
2008-07-21 07:05:25 ----A---- C:\Windows\system32\NlsData0026.dll
2008-07-21 07:05:25 ----A---- C:\Windows\system32\NlsData0003.dll
2008-07-21 07:05:11 ----A---- C:\Windows\system32\NlsModels0011.dll
2008-07-21 07:05:10 ----A---- C:\Windows\system32\NlsLexicons0c1a.dll
2008-07-21 07:05:08 ----A---- C:\Windows\system32\NlsLexicons081a.dll
2008-07-21 07:05:07 ----A---- C:\Windows\system32\NlsLexicons0816.dll
2008-07-21 07:05:07 ----A---- C:\Windows\system32\NlsLexicons0416.dll
2008-07-21 07:05:07 ----A---- C:\Windows\system32\NlsLexicons0414.dll
2008-07-21 07:05:06 ----A---- C:\Windows\system32\NlsLexicons004c.dll
2008-07-21 07:05:06 ----A---- C:\Windows\system32\NlsLexicons004a.dll
2008-07-21 07:05:06 ----A---- C:\Windows\system32\NlsLexicons003e.dll
2008-07-21 07:05:06 ----A---- C:\Windows\system32\NlsLexicons0027.dll
2008-07-21 07:05:06 ----A---- C:\Windows\system32\NlsLexicons0026.dll
2008-07-21 07:05:05 ----A---- C:\Windows\system32\NlsLexicons0024.dll
2008-07-21 07:05:05 ----A---- C:\Windows\system32\NlsLexicons0022.dll
2008-07-21 07:05:05 ----A---- C:\Windows\system32\NlsLexicons0021.dll
2008-07-21 07:05:05 ----A---- C:\Windows\system32\NlsLexicons001d.dll
2008-07-21 07:05:05 ----A---- C:\Windows\system32\NlsLexicons001b.dll
2008-07-21 07:05:04 ----A---- C:\Windows\system32\NlsLexicons001a.dll
2008-07-21 07:05:04 ----A---- C:\Windows\system32\NlsLexicons0019.dll
2008-07-21 07:05:04 ----A---- C:\Windows\system32\NlsLexicons0018.dll
2008-07-21 07:05:04 ----A---- C:\Windows\system32\NlsLexicons0013.dll
2008-07-21 07:05:04 ----A---- C:\Windows\system32\NlsLexicons0011.dll
2008-07-21 07:05:03 ----A---- C:\Windows\system32\NlsLexicons0010.dll
2008-07-21 07:05:03 ----A---- C:\Windows\system32\NlsLexicons000f.dll
2008-07-21 07:05:03 ----A---- C:\Windows\system32\NlsLexicons000c.dll
2008-07-21 07:05:03 ----A---- C:\Windows\system32\NlsLexicons000a.dll
2008-07-21 07:05:02 ----A---- C:\Windows\system32\NlsLexicons004e.dll
2008-07-21 07:05:02 ----A---- C:\Windows\system32\NlsLexicons004b.dll
2008-07-21 07:05:02 ----A---- C:\Windows\system32\NlsLexicons0049.dll
2008-07-21 07:05:02 ----A---- C:\Windows\system32\NlsLexicons0047.dll
2008-07-21 07:05:02 ----A---- C:\Windows\system32\NlsLexicons0002.dll
2008-07-21 07:05:02 ----A---- C:\Windows\system32\NlsLexicons0001.dll
2008-07-21 07:05:01 ----A---- C:\Windows\system32\NlsLexicons0046.dll
2008-07-21 07:05:01 ----A---- C:\Windows\system32\NlsLexicons0045.dll
2008-07-21 07:05:01 ----A---- C:\Windows\system32\NlsLexicons0039.dll
2008-07-21 07:05:01 ----A---- C:\Windows\system32\NlsLexicons002a.dll
2008-07-21 07:05:01 ----A---- C:\Windows\system32\NlsLexicons0020.dll
2008-07-21 07:05:01 ----A---- C:\Windows\system32\NlsLexicons000d.dll
2008-07-21 07:05:01 ----A---- C:\Windows\system32\NlsLexicons0003.dll
2008-07-16 18:49:25 ----D---- C:\Users\Random\AppData\Roaming\LimeWire
2008-07-14 14:44:29 ----D---- C:\Users\Random\AppData\Roaming\WinRAR
2008-07-14 02:13:48 ----D---- C:\Users\Random\AppData\Roaming\Ventrilo
2008-07-11 22:20:51 ----D---- C:\Users\Random\AppData\Roaming\acccore
2008-07-09 03:58:23 ----A---- C:\Windows\system32\shell32.dll
2008-07-08 20:15:29 ----D---- C:\Users\Random\AppData\Roaming\Apple Computer
2008-07-08 10:47:25 ----D---- C:\Users\Random\AppData\Roaming\Microsoft Games
2008-07-07 13:26:06 ----D---- C:\Program Files\Mixxx
2008-07-07 10:38:43 ----D---- C:\Program Files\UltraMixer
2008-07-07 09:16:10 ----D---- C:\Program Files\att-aace
2008-07-07 09:16:00 ----D---- C:\ProgramData\Motive
2008-07-07 09:15:53 ----D---- C:\Program Files\Common Files\Motive
2008-07-07 09:15:47 ----D---- C:\Program Files\ATT
2008-07-03 10:52:42 ----D---- C:\Users\Random\AppData\Roaming\Macromedia
2008-07-03 10:52:42 ----D---- C:\Users\Random\AppData\Roaming\Adobe
2008-07-03 10:40:37 ----D---- C:\Users\Random\AppData\Roaming\Hewlett-Packard
2008-07-03 02:33:57 ----D---- C:\Users\Random\AppData\Roaming\Mozilla
2008-07-03 02:15:24 ----D---- C:\Users\Random\AppData\Roaming\Snapfish
2008-07-03 02:15:22 ----D---- C:\Users\Random\AppData\Roaming\Real
2008-07-03 02:14:59 ----D---- C:\Users\Random\AppData\Roaming\Identities
2008-07-03 02:14:32 ----SD---- C:\Users\Random\AppData\Roaming\Microsoft
2008-07-03 02:14:32 ----D---- C:\Users\Random\AppData\Roaming\Media Center Programs
2008-07-02 21:16:51 ----D---- C:\Program Files\PokerStars
2008-06-20 12:34:31 ----D---- C:\Shared
2008-06-19 11:54:56 ----D---- C:\ProgramData\Spybot - Search & Destroy
2008-06-19 11:54:56 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-06-16 10:25:09 ----D---- C:\Program Files\NCSoft
2008-06-15 16:21:31 ----A---- C:\Windows\system32\7100.bat
2008-06-15 15:48:48 ----A---- C:\Windows\system32\8225.bat
2008-06-14 03:31:20 ----A---- C:\Windows\system32\EncDec.dll
2008-06-14 03:31:18 ----A---- C:\Windows\system32\psisdecd.dll
2008-06-14 03:31:17 ----A---- C:\Windows\system32\mcmde.dll
2008-06-13 23:32:49 ----D---- C:\Program Files\Mozilla ActiveX Control v1.7.12
2008-06-13 23:32:33 ----D---- C:\Program Files\VideoLAN
2008-06-13 23:32:31 ----D---- C:\Program Files\Graboid
2008-06-11 04:13:43 ----A---- C:\Windows\system32\quartz.dll
2008-06-11 04:13:40 ----A---- C:\Windows\system32\wshrm.dll

List of drivers

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2007-08-14 395312]
R1 IDSvix86;Symantec Intrusion Prevention Driver; \??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20070813.001\IDSvix86.sys [2007-06-07 212280]
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [2007-01-03 417592]
R1 SRTSPX;SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [2007-01-11 25400]
R1 SYMTDI;SYMTDI; C:\Windows\system32\System32\Drivers\SYMTDI.SYS []
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 npkcrypt;npkcrypt; \??\C:\Nexon\MapleStory\npkcrypt.sys [2007-07-25 23217]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 8704]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2007-08-14 112688]
R3 GEARAspiWDM;GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HSF_DP;HSF_DP; C:\Windows\system32\DRIVERS\HSX_DP.sys [2008-05-08 980992]
R3 HSXHWBS2;HSXHWBS2; C:\Windows\system32\DRIVERS\HSXHWBS2.sys [2008-05-08 266752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-03-01 1744928]
R3 NAVENG;NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20070815.008\NAVENG.SYS [2007-07-23 81232]
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20070815.008\NAVEX15.SYS [2007-07-23 865904]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-05-04 1065384]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-07-06 7568832]
R3 Ps2;PS2; C:\Windows\system32\DRIVERS\PS2.sys [2005-12-12 19072]
R3 SRTSP;SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [2007-01-11 247608]
R3 SYMDNS;SYMDNS; C:\Windows\system32\System32\Drivers\SYMDNS.SYS []
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2007-04-25 115000]
R3 SYMFW;SYMFW; C:\Windows\system32\System32\Drivers\SYMFW.SYS []
R3 SYMIDS;SYMIDS; C:\Windows\system32\System32\Drivers\SYMIDS.SYS []
R3 SYMNDISV;SYMNDISV; C:\Windows\system32\System32\Drivers\SYMNDISV.SYS []
R3 SYMREDRV;SYMREDRV; C:\Windows\system32\System32\Drivers\SYMREDRV.SYS []
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-05-08 661504]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]
S3 cdrmkaun;cdrmkaun; \??\C:\Users\Ian\AppData\Local\Temp\cdrmkaun.sys [2006-09-01 15872]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2007-11-28 19712]
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2007-11-28 18304]
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 SRTSPL;SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [2007-01-11 276792]
S3 UMPass;Microsoft UMPass Driver; C:\Windows\system32\DRIVERS\umpass.sys [2006-11-02 7168]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2007-10-31 30464]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\system32\drivers\wmiacpi.sys []

List of services

R2 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2008-07-31 380536]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-01-05 554616]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 ccEvtMgr;Symantec Event Manager; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-09 108648]
R2 ccSetMgr;Symantec Settings Manager; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-09 108648]
R2 CLTNetCnService;Symantec Lic NetConnect service; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-09 108648]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-09 108648]
R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2007-11-28 303104]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 810320]
R2 SymAppCore;Symantec AppCore Service; c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe [2007-01-04 47712]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-18 386560]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264]
S2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2007-11-28 583048]
S3 comHost;COM Host; c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [2007-01-12 49248]
S3 IDriverT;InstallDriver Table Manager; c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 ISPwdSvc;Symantec IS Password Validation; c:\Program Files\Norton Internet Security\isPwdSvc.exe [2007-01-13 80504]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-01-05 2918008]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 RoxMediaDB9;RoxMediaDB9; c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-03-26 887544]
S3 stllssvr;stllssvr; c:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-03-08 74656]
S3 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2007-11-05 1252232]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2006-11-02 22016]

-----------------EOF-----------------


info.txt logfile of random's system information tool 2008-09-06 11:52:08

Uninstall list

-->"C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Blackhawk Striker 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Blasterball 3\Uninstall.exe"
-->"C:\Program Files\HP Games\Bookworm Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Bounce Symphony\Uninstall.exe"
-->"C:\Program Files\HP Games\Cake Mania\Uninstall.exe"
-->"C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Crystal Maze\Uninstall.exe"
-->"C:\Program Files\HP Games\Cue Master\Uninstall.exe"
-->"C:\Program Files\HP Games\Diner Dash\Uninstall.exe"
-->"C:\Program Files\HP Games\Family Feud\Uninstall.exe"
-->"C:\Program Files\HP Games\FATE\Uninstall.exe"
-->"C:\Program Files\HP Games\Final Drive Nitro\Uninstall.exe"
-->"C:\Program Files\HP Games\Flip Words\Uninstall.exe"
-->"C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\JEOPARDY\Uninstall.exe"
-->"C:\Program Files\HP Games\Jewel Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\My HP Game Console\Uninstall.exe"
-->"C:\Program Files\HP Games\Otto\Uninstall.exe"
-->"C:\Program Files\HP Games\Overball\Uninstall.exe"
-->"C:\Program Files\HP Games\Penguins!\Uninstall.exe"
-->"C:\Program Files\HP Games\Phoenix Assault\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Tubing\Uninstall.exe"
-->"C:\Program Files\HP Games\Ricochet Lost Worlds\Uninstall.exe"
-->"C:\Program Files\HP Games\SCRABBLE\Uninstall.exe"
-->"C:\Program Files\HP Games\Super Granny\Uninstall.exe"
-->"C:\Program Files\HP Games\Tradewinds\Uninstall.exe"
-->"C:\Program Files\HP Games\Wheel of Fortune\Uninstall.exe"
-->"C:\Program Files\HP Games\Zuma Deluxe\Uninstall.exe"
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 9 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
AIM 6-->C:\Program Files\AIM6\uninst.exe
AnswerWorks 4.0 Runtime - English-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9 -removeonly
AppCore-->MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Mobile Device Support-->MsiExec.exe /I{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ASIO4ALL-->C:\Program Files\ASIO4ALL v2\uninstall.exe
a-squared Free 3.5-->"C:\Program Files\a-squared Free\unins000.exe"
AT&T Yahoo! Internet Mail-->C:\Windows\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\Ymmapi.dll
ATT-AACE-->C:\PROGRA~1\ATT\UNWISE.EXE C:\PROGRA~1\ATT\INSTALL.LOG
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
AV-->MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
Bodog Poker Version 2.15.9.3-->"C:\Program Files\Bodog Poker\unins000.exe"
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
BSR Screen Recorder 4-->C:\Program Files\BSR Screen Recorder 4\Uninstall Screen Recorder 4.exe
ccCommon-->MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
Collab-->C:\Program Files\Image-Line\Collab\uninstall.exe
Diablo II-->C:\Windows\DIIUnin.exe C:\Windows\DIIUnin.dat
Doyles Room Poker-->C:\MICROG~1\Poker\DOYLES~1\DOYLES~1\UNWISE.EXE C:\MICROG~1\Poker\DOYLES~1\DOYLES~1\INSTALL.LOG
Enhanced Multimedia Keyboard Solution-->C:\HP\KBD\Install.exe /u
FL Studio 8-->C:\Program Files\Image-Line\FL Studio 8\uninstall.exe
FoxyTunes for Firefox-->"C:\Program Files\Mozilla Firefox\firefox.exe" -chrome chrome://foxytunes/content/extras/uninstallExtension.xul
Free Music Zilla-->"C:\Program Files\Free Music Zilla\unins000.exe"
Garena-->C:\Program Files\InstallShield Installation Information\{89C89156-A70F-4C6D-9CAE-2EA71F1396FE}\setup.exe -runfromtemp -l0x0009 -removeonly
Graboid Video 1.2-->C:\Program Files\Graboid\uninst.exe
Guild Wars-->"C:\Program Files\Guild Wars\Gw.exe" -uninstall
Hardware Diagnostic Tools-->C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}\setup.exe" -l0x9 -removeonly
HP Customer Feedback-->MsiExec.exe /I{9DBA770F-BF73-4D39-B1DF-6035D95268FC}
HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40F7AED3-0C7D-4582-99F6-484A515C73F2}\setup.exe" -l0x9 -removeonly
HP On-Screen Cap/Num/Scroll Lock Indicator-->C:\Windows\system32\OsdRemove.exe
HP Photosmart Essential 2.0-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Picasso Media Center Add-In-->MsiExec.exe /I{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}
HP Total Care Advisor-->MsiExec.exe /X{2990BC81-3B19-4E53-A53E-30DE3F1BFFA8}
HP Update-->MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
IL Download Manager-->C:\Program Files\Image-Line\Downloader\uninstall.exe
iTunes-->MsiExec.exe /I{3DE0053C-FD9A-483E-B7C9-B06E4392206E}
J2SE Runtime Environment 5.0 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
Japanese Fonts Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5760-0000-800000000003}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
LiveUpdate 3.2 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation)-->MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MapleStory-->MsiExec.exe /I{F99C5427-4D78-43E2-B97E-F4C4E622D612}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Rise Of Nations-->"C:\Program Files\Microsoft Games\Rise of Nations\UNINSTAL.EXE" /runtemp /addremove
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Mozilla ActiveX Control v1.7.12-->C:\Program Files\Mozilla ActiveX Control v1.7.12\uninst.exe
Mozilla Firefox (3.0.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSRedist-->MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
muvee autoProducer 6.0-->C:\Program Files\InstallShield Installation Information\{6AF49698-949A-4C89-9B31-041D2CCB5FBD}\setup.exe -runfromtemp -l0x0009 -removeonly
My HP Games-->"C:\Program Files\HP Games\Uninstall.exe"
Norton AntiVirus-->MsiExec.exe /X{830D8CBD-C668-49e2-A969-C2C2106332E0}
Norton Confidential Browser Component-->MsiExec.exe /I{4843B611-8FCB-4428-8C23-31D0A5EAE164}
Norton Confidential Web Protection Component-->MsiExec.exe /I{D353CC51-430D-4C6F-9B7E-52003DA1E05A}
Norton Internet Security (Symantec Corporation)-->"C:\Program Files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_2_0_30\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}.exe" /X
Norton Internet Security-->MsiExec.exe /I{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}
Norton Internet Security-->MsiExec.exe /I{48185814-A224-447A-81DA-71BD20580E1B}
Norton Internet Security-->MsiExec.exe /I{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}
Norton Internet Security-->MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Internet Security-->MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Protection Center-->MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}
NSIS Mixxx-->"C:\Program Files\Mixxx\uninstall.exe"
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PlayersOnly Poker-->C:\Program Files\PlayersOnly Poker\uninstall.exe
PlayNC Launcher-->"C:\Program Files\InstallShield Installation Information\{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}\setup.exe" -runfromtemp -l0x0009 -removeonly
Pocket Tanks v1.3-->"C:\Program Files\Pocket Tanks\unins000.exe"
PoiZone-->C:\Program Files\Image-Line\PoiZone\uninstall.exe
PokerStars-->"C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:PokerStars
Python 2.4.3-->MsiExec.exe /I{75E71ADD-042C-4F30-BFAC-A9EC42351313}
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Replay Media Catcher-->"C:\Windows\Replay Media Catcher\uninstall.exe" "/U:C:\Program Files\Replay Media Catcher\Uninstall\uninstall.xml"
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Rhapsody-->C:\PROGRA~1\Rhapsody\Unwise32.exe /A C:\PROGRA~1\Rhapsody\install.log
Roxio Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Roxio Creator Audio-->MsiExec.exe /X{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator Basic v9-->MsiExec.exe /X{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Copy-->MsiExec.exe /X{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data-->MsiExec.exe /X{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator EasyArchive-->MsiExec.exe /X{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
Roxio Creator Tools-->MsiExec.exe /X{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler 3-->MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD Basic v9-->MsiExec.exe /X{938B1CD7-7C60-491E-AA90-1F1888168240}
Snapfish Media Detector-->MsiExec.exe /X{4EF6FDB0-3B11-4820-9860-8E08E9965195}
Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\UIU32m.exe -U -ITrx200Cz.INF
Soldat 1.4.2-->"C:\Soldat\unins000.exe"
Soldat 1.4.2-->"C:\Soldat\unins001.exe"
SPBBC 32bit-->MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster 4.1-->"C:\Program Files\SpywareBlaster\unins000.exe"
Star Wars®: Knights of the Old Republic (TM)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}\setup.exe" -l0x9
Symantec Real Time Storage Protection Component-->MsiExec.exe /I{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}
SymNet-->MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
The Sims 2-->C:\Program Files\EA GAMES\The Sims 2\EAUninstall.exe
Total Video Converter 3.11-->"C:\Program Files\Total Video Converter\unins000.exe"
Toxic Biohazard-->C:\Program Files\Image-Line\Toxic Biohazard\uninstall.exe
TurboTax Deluxe 2007-->C:\Program Files\TurboTax\Deluxe 2007\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2007\Uninstall.log" -NoGui
UltraMixer 2.3.3-->"C:\Program Files\UltraMixer\unins000.exe"
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Ventrilo Server-->MsiExec.exe /I{1D46A3A0-B37D-423A-91C2-101A49E2FF80}
VideoLAN VLC media player 0.8.6d-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Warcraft III-->C:\Windows\War3Unin.exe C:\Windows\War3Unin.dat
Warkeys 1.7.0.0b-->C:\Users\boyers\Desktop\Warkeys\uninst.exe
WavePad Uninstall-->C:\Program Files\NCH Swift Sound\WavePad\uninst.exe
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe"
Yahoo! Install Manager-->C:\Windows\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Toolbar for Internet Explorer-->C:\PROGRA~1\Yahoo!\Common\unyt.exe

Hosts File

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

Security center information

AS: Spybot - Search and Destroy (disabled) (outdated)

Environment variables

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\hp\bin\Python;c:\Program Files\Common Files\Roxio Shared\DLLShared\;c:\Program Files\Common Files\Roxio Shared\DLLShared\;c:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 107 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=6b01
"NUMBER_OF_PROCESSORS"=2
"RoxioCentral"=c:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"PLATFORM"=HPD
"PCBRAND"=Pavilion
"OnlineServices"=Online Services
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip

-----------------EOF-----------------
Last edited by madness on September 6th, 2008, 2:52 pm, edited 1 time in total.
madness
Regular Member
 
Posts: 16
Joined: September 1st, 2008, 7:53 pm

Re: trojan.vundo!gen P

Unread postby Shaba » September 6th, 2008, 2:46 pm

It is there, just might be hidden.

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Code: Select all
    C:\Windows\system32\eMaxt02
    

  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: trojan.vundo!gen P

Unread postby madness » September 6th, 2008, 2:55 pm

C:\Windows\system32\eMaxt02 moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09062008_115459
madness
Regular Member
 
Posts: 16
Joined: September 1st, 2008, 7:53 pm

Re: trojan.vundo!gen P

Unread postby Shaba » September 6th, 2008, 3:09 pm

Please go to Eset website to perform an online scan. Please use Internet Explorer as it uses ActiveX.

  1. Check (tick) this box: YES, I accept the Terms of Use.
  2. Click on the Start button next to it.
  3. When prompted to run ActiveX. click Yes.
  4. You will be asked to install an ActiveX. Click Install.
  5. Once installed, the scanner will be initialized.
  6. After the scanner is initialized, click Start.
  7. Uncheck (untick) Remove found threats box.
  8. Check (tick) Scan unwanted applications.
  9. Click on Scan.
  10. It will start scanning. Please be patient.
  11. Once the scan is done, you will find a log in C:\Program Files\esetonlinescanner\log.txt. Please post this log in your next reply.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: trojan.vundo!gen P

Unread postby madness » September 6th, 2008, 11:36 pm

That scan was not working for me i tried it twice the first time the page stopped responding and the second time the page expired. any ideas?
madness
Regular Member
 
Posts: 16
Joined: September 1st, 2008, 7:53 pm

Re: trojan.vundo!gen P

Unread postby Shaba » September 7th, 2008, 5:03 am

Then try this instead, please.

Please make sure that all programs are closed when installing Java.

  1. Click here to visit Java's website.
  2. Scroll down to Java Runtime Environment (JRE) 6 Update 7. Click on Download.
  3. Select Windows from the drop-down list for Platform.
  4. Select Multi-language from the drop-down list for Language.
  5. Check (tick) I agree to the Java SE Runtime Environment 6 License Agreement box and click on Continue.
  6. Click on jre-6u7-windows-i586-p.exe link to download it and save this to a convenient location.
  7. Double click on jre-6u7-windows-i586-p.exe to install Java.
  8. After the Java installation has finished, right-click your favorite web browser and choose run as admin. Please go to Kaspersky website and perform an online antivirus scan.
  9. Read through the requirements and privacy statement and click on Accept button.
  10. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  11. When the downloads have finished, click on Settings.
  12. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
  13. Click on My Computer under Scan.
  14. Once the scan is complete, it will display the results. Click on View Scan Report.
  15. You will see a list of infected items there. Click on Save Report As....
  16. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  17. Please post this log in your next reply along with a fresh HijackThis log.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 59 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware