Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Please Help virtumonde Kobcka.rootkit also HUER rootkit

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Please Help virtumonde Kobcka.rootkit also HUER rootkit

Unread postby paulis » August 18th, 2009, 5:05 am

Hi my name is Paul i'm having a little bother with my PC. I belive its virtumonde i think Super anti spyware pulled this up but i dont think it got rid of it all. plus BitDefender keeps popping up about Kobcka rootkit as well as HUER rootkit as well.

Please help thank you paul.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:52:02 PM, on 18/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Memeo\AutoBackup\MemeoService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\VIRGIN BROADBAND\VIRGIN BROADBAND.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\User\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigpond.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] "RTHDCPL.EXE"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [yejuporaje] Rundll32.exe "C:\WINDOWS\system32\zayuvosu.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {F1D54B0B-B6EA-43B5-BD26-A79D3DBF47E3} (Multidownx Control) - http://bigpondmusic.com/activex/multidownx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A6AAB28E-500B-45F6-908F-3D9384E61BB4}: NameServer = 123.200.191.17 123.200.191.18
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: AutoBackup (BMUService) - Memeo - C:\Program Files\Memeo\AutoBackup\MemeoService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (http://www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe

--
End of file - 8447 bytes
paulis
Active Member
 
Posts: 6
Joined: August 18th, 2009, 3:30 am
Advertisement
Register to Remove

Re: Please Help virtumonde Kobcka.rootkit also HUER rootkit

Unread postby Cypher » August 21st, 2009, 11:29 am

Hi, Welcome to the Malware Removal forum.
My name is Cypher, and I'll be helping you with your malware problems.
Before we begin...please note the following important guidelines.
  • The instructions being given are for YOUR computer and system only!.
    Using these instructions on a different computer, can damage that computer and possibly make it inoperable!
  • If you have questions about something...ASK, don't guess or assume.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
  • DO NOT run any other fix/removal tools unless instructed to do so!
  • DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  • Print each set of instructions... if possible...your Internet connection might not be available during some fix processes.
  • The logs from the tools we use can take some time to research so please be patient.

    If you follow these guidelines, things should proceed smoothly. :)
    I am currently reviewing your log, and will return as soon as possible with your instructions.



    Please post an Uninstall list.

    1. Open HijackThis.
    2. Click on the Open the Misc Tools section button.
    3. Look under System tools.
    4. Click on the Open Uninstall Manager... button.
    5. Click on the Save list... button.
    6. It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
    7. Notepad will open. Please post this log in your next reply.


In your next reply.

1. Uninstall list
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Please Help virtumonde Kobcka.rootkit also HUER rootkit

Unread postby paulis » August 22nd, 2009, 4:06 am

Hi Thanks for looking into this for me.
Here is the UnInstall list you asked for.


Acrobat.com
Acrobat.com
Acronis Disk Director Suite
Adobe AIR
Adobe AIR
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Photoshop Elements 6.0
Adobe Reader 9.1
Adobe Shockwave Player
Adobe Stock Photos 1.0
Apple Mobile Device Support
Apple Software Update
AusLogics Disk Defrag
BitDefender Internet Security 2009
Bonjour
Canon PhotoRecord
Canon PIXMA iP1000
Canon Utilities Easy-PhotoPrint
Canon Utilities Easy-PrintToolBox
CCleaner (remove only)
Codec Pack - All In 1 6.0.3.0
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVD Suite
Easy-WebPrint
EVEREST Ultimate Edition v4.00
FreeAgent Pro Tools
Google Earth
GpsGate
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
ImTOO MPEG Encoder Platinum
iTunes
Java(TM) 6 Update 3
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mozilla Firefox (3.0.13)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
Nero Suite
NVIDIA Drivers
PowerDVD
PSPWare
QuickTime
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
RollerCoaster Tycoon 3 Platinum
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB973540)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Sonic UDF Reader
Sony Picture Utility
Sony USB Driver
Spy Sweeper
Spy Sweeper Core
SpywareBlaster 4.2
SpywareGuard v2.2
SUPERAntiSpyware Free Edition
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows XP (KB973815)
USB Drum V1.03
VIRGIN BROADBAND
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Mobile® Device Handbook
Windows XP Service Pack 3
WinFast PVR2
WinFast PxDVR3200 H Driver
WinRAR archiver
[Activation] v0.3 Beta 3
paulis
Active Member
 
Posts: 6
Joined: August 18th, 2009, 3:30 am

Re: Please Help virtumonde Kobcka.rootkit also HUER rootkit

Unread postby Cypher » August 22nd, 2009, 8:03 am

Hi Paul.
Thank you, i will get back to you with your next set of instructions as soon as possible :)
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Please Help virtumonde Kobcka.rootkit also HUER rootkit

Unread postby Cypher » August 22nd, 2009, 10:59 am

Hi Paul.

Rooter

Please download Rooter.exe... Copyrighted © by... Eric_71. Save it to your desktop.

  • Double-click on Rooter.exe icon on your desktop, to execute.
    If you recieve the "Open File" security warning, press Run. The Rooter interface will appear, with a variety of options displayed.
  • To run the Scan... press the Scan...button.
  • Notepad will open with a file created called "Rooter#.txt" ... located at %systemdrive%\Rooter$\Rooter#.txt. (# is the number assigned to the report)
    The location of the report file is shown in the bottom display window.
  • Press the Close button, to close the Rooter window.
Please copy and paste the contents of Rooter#.txt in you next reply.

Next.

RSIT

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<< will be maximized) and info.txt (<< will be minimized)

In your next reply.

1. Rooter.txt log.
2. RSIT log.txt file contents and info.txt file contents.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Please Help virtumonde Kobcka.rootkit also HUER rootkit

Unread postby paulis » August 22nd, 2009, 11:02 pm

Here are the reports you asked for

Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP Home Edition (5.1.2600) Service

Pack 3
[32_bits] - x86 Family 6 Model 15 Stepping 11,

GenuineIntel
.
[wscsvc] (Security Center) RUNNING (state:4)
[SharedAccess] RUNNING (state:4)
Windows Firewall -> Disabled !
.
Internet Explorer 8.0.6001.18702
Mozilla Firefox 3.0.13 (en-US)
.
A:\ [Removable]
C:\ [Fixed-NTFS] .. ( Total:465 Go - Free:122

Go )
D:\ [Fixed-FAT32] .. ( Total:465 Go -

Free:316 Go )
E:\ [CD_Rom]
F:\ [CD_Rom]
G:\ [Removable]
H:\ [Removable]
I:\ [Removable]
J:\ [Fixed-NTFS] .. ( Total:698 Go - Free:22

Go )
K:\ [Removable]
L:\ [Removable]
.
Scan : 12:58.13
Path : C:\Documents and

Settings\User\Desktop\Rooter.exe
User : User ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (936)
______ \??\C:\WINDOWS\system32\csrss.exe

(1156)
______ \??\C:\WINDOWS\system32\winlogon.exe

(1180)
______ C:\WINDOWS\system32\services.exe (1228)
______ C:\WINDOWS\system32\lsass.exe (1240)
______ C:\Program Files\Webroot\Spy

Sweeper\WRConsumerService.exe (1424)
______ C:\WINDOWS\system32\svchost.exe (1444)
______ C:\WINDOWS\system32\svchost.exe (1512)
______ C:\WINDOWS\System32\svchost.exe (1688)
______ C:\WINDOWS\system32\svchost.exe (1724)
______ C:\WINDOWS\system32\svchost.exe (1968)
______ C:\WINDOWS\system32\svchost.exe (2000)
______ C:\WINDOWS\system32\spoolsv.exe (220)
______ C:\WINDOWS\system32\svchost.exe (308)
______ C:\Program Files\Adobe\Photoshop

Elements 6.0\PhotoshopElementsFileAgent.exe

(352)
______ C:\Program Files\Common

Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe (396)
______ C:\Program

Files\Memeo\AutoBackup\MemeoService.exe (472)
______ C:\Program

Files\Bonjour\mDNSResponder.exe (520)
______ C:\WINDOWS\system32\svchost.exe (556)
______ C:\WINDOWS\system32\nvsvc32.exe (676)
______ C:\Program Files\CyberLink\Shared

Files\RichVideo.exe (736)
______ C:\Program Files\Common Files\Ulead

Systems\DVD\ULCDRSvr.exe (780)
______ C:\Program Files\Webroot\Spy

Sweeper\SpySweeper.exe (812)
______ C:\WINDOWS\Explorer.EXE (1948)
______ C:\WINDOWS\System32\alg.exe (2740)
______ C:\WINDOWS\RTHDCPL.EXE (3260)
______ C:\WINDOWS\system32\RUNDLL32.EXE (3276)
Locked bdagent.exe (3288)
______ C:\WINDOWS\system32\rundll32.exe (3304)
______ C:\Program Files\Webroot\Spy

Sweeper\SpySweeperUI.exe (3312)
______ C:\WINDOWS\system32\ctfmon.exe (3348)
______ C:\Program

Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

(3368)
______ C:\Program

Files\BitDefender\BitDefender

2009\seccenter.exe (3408)
______ C:\Program Files\Microsoft

ActiveSync\wcescomm.exe (3404)
______ C:\Program

Files\SpywareGuard\sgmain.exe (3508)
______ C:\PROGRA~1\MI3AA1~1\rapimgr.exe (3564)
______ C:\Program Files\SpywareGuard\sgbhp.exe

(3600)
______ C:\Program Files\Webroot\Spy

Sweeper\SSU.EXE (800)
______ C:\Program Files\VIRGIN

BROADBAND\VIRGIN BROADBAND.exe (1536)
______ C:\Program Files\Microsoft

Office\Office12\WINWORD.EXE (1620)
Locked vsserv.exe (1716)
Locked livesrv.exe (1816)
______ C:\Documents and

Settings\User\Desktop\Rooter.exe (928)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]--

(Start_Offset:32256 | Length:500096991744)
.
----------------------\\ Scheduled Tasks
.
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\SA.DAT
C:\WINDOWS\Tasks\wrSpySweeper_LB564713FDF47452

68460C83B25B8BC4B.job
C:\WINDOWS\Tasks\wrSpySweeper_LE04E83C34647476

2855CCEBEEDDABDB1.job
C:\WINDOWS\Tasks\wrSpySweeper_LF80B1552B813499

48EB3AF9F8C6F0EDD.job
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
C:\DOCUME~1\User\Desktop\Programs\Garmin

Mobile XT for Windows Mobile v.5.00.20w\Garmin

Mobile XT for Windows Mobile v.5.00.20w +

Basemap + Support Files + City Navigator

Europe 2009 NT (No setup, just copy to

card)\garmin_keygen_v1.5.exe
C:\DOCUME~1\User\Desktop\Programs\Nero

9.2.5.0+Keygen[h33t]MasterUploader\Keygen\nero

9 keygen STR!D3R.exe
C:\DOCUME~1\User\Desktop\Programs\Tomtom

navigator V_7 Western Europe by

hackwarez-crew.com\Tomtom navigator V_7

Western Europe\activation\tt7_keygen.exe
C:\DOCUME~1\User\My Documents\Old PC\To Be

Moved\downloads\3Gp Video Converter\keygen.exe
==> Cracks & Keygens <==
.
----------------------\\ Scan completed at

12:58.43
.
C:\Rooter$\Rooter_1.txt - (23/08/2009 |

12:58.43).c


Log.txt
Logfile of random's system information tool 1.06 (written by random/random)
Run by User at 2009-08-23 12:59:14
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 126 GB (26%) free of 477 GB
Total RAM: 2046 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:59:21 PM, on 23/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Memeo\AutoBackup\MemeoService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\VIRGIN BROADBAND\VIRGIN BROADBAND.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\User\Desktop\RSIT.exe
C:\Documents and Settings\User\Desktop\User.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigpond.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] "RTHDCPL.EXE"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] "C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe" -p
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [yejuporaje] Rundll32.exe "C:\WINDOWS\system32\zayuvosu.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {F1D54B0B-B6EA-43B5-BD26-A79D3DBF47E3} (Multidownx Control) - http://bigpondmusic.com/activex/multidownx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A6AAB28E-500B-45F6-908F-3D9384E61BB4}: NameServer = 123.200.191.17 123.200.191.18
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements

6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender

Arrakis Server\bin\Arrakis3.exe
O23 - Service: AutoBackup (BMUService) - Memeo - C:\Program Files\Memeo\AutoBackup\MemeoService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet

Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update

Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy

Sweeper\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe

--
End of file - 8639 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\wrSpySweeper_LB564713FDF4745268460C83B25B8BC4B.job
C:\WINDOWS\tasks\wrSpySweeper_LE04E83C346474762855CCEBEEDDABDB1.job
C:\WINDOWS\tasks\wrSpySweeper_LF80B1552B81349948EB3AF9F8C6F0EDD.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A368E80-174F-4872-96B5-0B27DDD11DB2}]
SpywareGuardDLBLOCK.CBrowserHelper - C:\Program Files\SpywareGuard\dlprotect.dll [2003-08-02 192512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2006-06-13 110652]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2004-08-26 405504]
{381FFDE8-2394-4f90-B10D-FC6124A40F8C} - BitDefender Toolbar - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll [2009-04-02 95536]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-04-12 16132608]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-12-05 8523776]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-12-05 81920]
"BDAgent"=C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe [2009-04-28 778240]
"BitDefender Antiphishing Helper"=C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe [2009-04-02 69632]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"SpySweeper"=C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe [2009-04-06 6345840]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-07-30 1830128]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe [2009-02-03 240544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe [2007-09-10 67488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [2004-01-14 409600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-01-15 267048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2006-12-05 54832]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSSelectorReinstall]
C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe [2005-11-14 1544099]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-01-10 385024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2006-11-23 56928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StxTrayMenu]
C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe [2007-01-18 190008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [2007-09-25 132496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
C:\Program Files\TomTom HOME 2\HOMERunner.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^Adobe Gamma.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2005-03-16 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^AutoBackup

Launcher.lnk]
C:\PROGRA~1\Memeo\AUTOBA~1\MEMEOL~1.EXE [2007-02-08 211992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^Picture Motion Browser

Media Check Tool.lnk]
C:\PROGRA~1\Sony\SONYPI~1\VOLUME~1\SPUVOL~1.EXE [2007-04-17 368640]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^RollerCoaster Tycoon 3

Registration.lnk]
C:\Documents and Settings\User\Local Settings\Temp\{DFF19BC6-182E-45AB-A030-EE0C242D8483}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe /remind

/language=ENA /PRNM=RollerCoaster Tycoon 3/PRMP=RCT3/SKUN=PCXX/GTYP=STRY []

C:\Documents and Settings\User\Start Menu\Programs\Startup
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=C:\Program Files\SpywareGuard\spywareguard.dll [2003-08-02 126976]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
scecli
scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WRConsumerService]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Telstra\Cable Login\bpcable.exe"="C:\Program Files\Telstra\Cable Login\bpcable.exe:*:Enabled:BigPond Cable Client"
"C:\Program Files\Telstra\Cable Login\bpcService.exe"="C:\Program Files\Telstra\Cable Login\bpcService.exe:*:Enabled:BigPond Cable Client (running as a

service)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI

Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync

Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync

Application"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui"
"C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe"="C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe:*:Enabled:SpySweeper"
"C:\Program Files\Memeo\AutoBackup\MemeoService.exe"="C:\Program Files\Memeo\AutoBackup\MemeoService.exe:*:Enabled:MemeoService"
"C:\WINDOWS\system32\spoolsv.exe"="C:\WINDOWS\system32\spoolsv.exe:*:Enabled:spoolsv"
"C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe"="C:\Program Files\Adobe\Photoshop Elements

6.0\PhotoshopElementsFileAgent.exe:*:Enabled:PhotoshopElementsFileAgent"
"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"="C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe:*:Enabled:AppleMobileDeviceService"
"C:\Program Files\WinFast\WFDTV\DVBTAP.exe"="C:\Program Files\WinFast\WFDTV\DVBTAP.exe:*:Enabled:WinFast DTV Application"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI

Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync

Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync

Application"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{044710b9-2ae6-11dd-9f50-001a4d9b4919}]
shell\AutoRun\command - F:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e1f279c-8344-11de-b7b4-001a4d9b4919}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{42898330-7779-11de-b79f-001a4d9b4919}]
shell\AutoRun\command - M:\WDSetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{42898331-7779-11de-b79f-001a4d9b4919}]
shell\AutoRun\command - L:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{42898334-7779-11de-b79f-001a4d9b4919}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{69c2bc33-1798-11de-b727-001a4d9b4919}]
shell\Auto\command - recycled\SVCH0ST.EXE
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL recycled\SVCH0ST.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7b46e0a7-8088-11de-b7b2-001a4d9b4919}]
shell\AutoRun\command - L:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7b46e0a8-8088-11de-b7b2-001a4d9b4919}]
shell\AutoRun\command - L:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9ca926cf-06ce-11dd-9f27-001a4d9b4919}]
shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9ca926d1-06ce-11dd-9f27-001a4d9b4919}]
shell\AutoRun\command - F:\.pspware\PSPWareLauncher.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c850aa98-8d6d-11de-b7c7-001a4d9b4919}]
shell\AutoRun\command - F:\AutoRun.exe


======List of files/folders created in the last 1 months======

2009-08-23 12:59:14 ----D---- C:\rsit
2009-08-23 12:58:40 ----D---- C:\Rooter$
2009-08-22 15:44:43 ----D---- C:\WINDOWS\LastGood
2009-08-20 19:42:38 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem #3.txt
2009-08-18 17:41:05 ----D---- C:\WINDOWS\ie8updates
2009-08-18 17:40:43 ----A---- C:\WINDOWS\imsins.BAK
2009-08-18 17:38:27 ----HDC---- C:\WINDOWS\ie8
2009-08-16 03:00:43 ----SHD---- C:\Config.Msi
2009-08-16 03:00:43 ----D---- C:\Program Files\MSXML 4.0
2009-08-15 17:07:57 ----D---- C:\Program Files\MSSOAP
2009-08-14 07:35:21 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-08-14 03:02:57 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-08-14 03:02:48 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-08-14 03:02:39 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-08-14 03:02:30 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-08-14 03:02:21 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-08-14 03:02:13 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-08-14 03:02:05 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-08-14 03:00:18 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-08-12 22:56:24 ----D---- C:\WINDOWS\Minidump
2009-08-04 20:26:22 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem #2.txt
2009-08-03 18:03:42 ----A---- C:\WINDOWS\system32\wshirda.dll
2009-08-03 18:03:42 ----A---- C:\WINDOWS\system32\irmon.dll
2009-08-03 18:03:42 ----A---- C:\WINDOWS\system32\irftp.exe

======List of files/folders modified in the last 1 months======

2009-08-23 12:59:21 ----D---- C:\WINDOWS\Prefetch
2009-08-23 12:52:23 ----D---- C:\Program Files\Mozilla Firefox
2009-08-23 12:52:19 ----D---- C:\WINDOWS\Temp
2009-08-23 12:47:22 ----D---- C:\WINDOWS\system32
2009-08-23 12:47:16 ----A---- C:\WINDOWS\bdagent.INI
2009-08-23 01:35:22 ----A---- C:\WINDOWS\NeroDigital.ini
2009-08-22 18:37:39 ----D---- C:\WINDOWS\system32\drivers
2009-08-22 15:44:47 ----HD---- C:\WINDOWS\inf
2009-08-22 15:44:43 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-22 15:44:43 ----D---- C:\WINDOWS
2009-08-20 06:00:46 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem.txt
2009-08-19 18:00:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-18 18:37:59 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-08-18 18:37:59 ----D---- C:\WINDOWS\system32\en-US
2009-08-18 18:37:59 ----D---- C:\WINDOWS\Media
2009-08-18 18:37:59 ----D---- C:\WINDOWS\Help
2009-08-18 18:37:59 ----D---- C:\Program Files\Internet Explorer
2009-08-18 17:41:17 ----HD---- C:\WINDOWS\$hf_mig$
2009-08-18 17:36:22 ----D---- C:\WINDOWS\Debug
2009-08-17 22:12:48 ----RD---- C:\Program Files
2009-08-16 21:59:28 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-08-16 21:58:48 ----D---- C:\Program Files\SpywareBlaster
2009-08-16 03:00:56 ----SHD---- C:\WINDOWS\Installer
2009-08-16 03:00:55 ----D---- C:\WINDOWS\WinSxS
2009-08-15 18:27:38 ----D---- C:\Program Files\LimeWire
2009-08-15 17:15:38 ----SD---- C:\WINDOWS\Tasks
2009-08-15 17:14:44 ----D---- C:\Documents and Settings\All Users\Application Data\Webroot
2009-08-14 18:13:33 ----D---- C:\Program Files\SpywareGuard
2009-08-14 03:02:07 ----D---- C:\Program Files\Outlook Express
2009-08-13 22:18:52 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-08-13 18:58:24 ----SHD---- C:\System Volume Information
2009-08-13 18:58:24 ----D---- C:\WINDOWS\system32\Restore
2009-08-06 21:29:18 ----D---- C:\WinFast WorkArea
2009-08-05 19:01:48 ----A---- C:\WINDOWS\system32\mswebdvd.dll
2009-08-03 18:04:58 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-08-03 18:03:37 ----D---- C:\WINDOWS\security
2009-07-31 22:59:19 ----A---- C:\WINDOWS\system32\Dvbpws.dll
2009-07-30 10:49:14 ----A---- C:\WINDOWS\system32\MRT.exe
2009-07-30 06:02:15 ----D---- C:\Program Files\SUPERAntiSpyware
2009-07-30 03:00:51 ----D---- C:\WINDOWS\ie7updates

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 bdftdif;bdftdif; \??\C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys []
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2006-03-17 5660]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2006-03-17 22684]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R2 BDVEDISK;BDVEDISK; \??\C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys []
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2006-06-13 25724]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2006-06-13 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2006-06-13 86844]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2006-06-13 14716]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2006-06-13 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2006-06-13 88476]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2006-06-13 94460]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2006-03-17 40544]
R3 bdfm;BDFM; C:\WINDOWS\system32\drivers\bdfm.sys [2008-09-18 111112]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service; C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2009-08-22 104456]
R3 bdfsfltr;bdfsfltr; C:\WINDOWS\system32\drivers\bdfsfltr.sys [2009-01-16 242184]
R3 BDSelfPr;BDSelfPr; \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys []
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2008-03-17 101376]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-04-23 4402176]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-12-05 7435392]
R3 Profos;Profos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys []
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-03-01 90496]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 Trufos;Trufos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys []
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 WFSONORA;WinFast PxDVR3200 H; C:\WINDOWS\system32\drivers\wfsonora.sys [2007-07-31 313472]
S1 soqwx32;soqwx32; \??\C:\WINDOWS\system32\drivers\soqwx32.sys []
S3 BthEnum;Bluetooth Request Block Driver; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-14 17024]
S3 BTHMODEM;Bluetooth Serial Communications Driver; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-14 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-14 101120]
S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-13 272128]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-14 18944]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 EverestDriver;Lavalys EVEREST Kernel Driver; \??\C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt []
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-14 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-14 59136]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 SSKBFD;Webroot Spy Sweeper Keylogger Shield Keyboard Filter; C:\WINDOWS\System32\Drivers\sskbfd.sys [2008-01-04 23920]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-14 12800]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-01-15 30464]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
S3 WFIOCTL;WFIOCTL; \??\C:\Program Files\WinFast\WFDTV\WFIOCTL.SYS []
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6; C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-10 124832]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-01-15 110592]
R2 BMUService;AutoBackup; C:\Program Files\Memeo\AutoBackup\MemeoService.exe [2007-02-08 56344]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe [2009-04-02 415024]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-12-05 155716]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2005-08-07 167936]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2004-12-13 49152]
R2 VSSERV;BitDefender Virus Shield; C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe [2009-04-02 1626112]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine; C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe [2009-04-02 4048240]
R2 WRConsumerService;Webroot Client Service; C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe [2009-08-15 1181040]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-08-01 72704]
S3 Arrakis3;BitDefender Arrakis Server; C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25

69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

[2008-11-03 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29

46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-01-15 504104]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 scan;BitDefender Threat Scanner; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe []

-----------------EOF-----------------

INFO.txt
info.txt logfile of random's system

information tool 1.06 2009-08-23 12:59:25

======Uninstall list======

[Activation] v0.3 Beta 3-->"C:\Program

Files\TomTomActivation\Uninstall.exe"
-->C:\Program

Files\Ahead\nero\uninstall\UNNERO.exe

/UNINSTALL
-->C:\Program Files\InstallShield Installation

Information\{02FB2C63-5763-4CDD-99E6-566C57189

742}\setup.exe -runfromtemp -l0x0009

-removeonly
-->C:\Program Files\InstallShield Installation

Information\{1CA432A0-DBC7-4C5D-A6B6-5DF0E2E44

BB0}\setup.exe -runfromtemp -l0x0009

-removeonly
-->C:\Program Files\InstallShield Installation

Information\{28B97CAB-828F-49D8-A30A-675476F9B

A92}\setup.exe -runfromtemp -l0x0009/cont

-removeonly
-->C:\Program Files\InstallShield Installation

Information\{3475FBEC-E0F5-4A3F-823E-6C1DEA10F

1AF}\setup.exe -runfromtemp -l0x0009

-removeonly
-->C:\Program Files\InstallShield Installation

Information\{3881DD58-780F-4FCF-8A16-6E6800C2F

EE0}\setup.exe -runfromtemp -l0x0009

-removeonly
-->C:\Program Files\InstallShield Installation

Information\{4067A0B5-FB0B-479C-8735-6F48F8E21

872}\setup.exe -runfromtemp -l0x0009

-removeonly
-->C:\Program Files\InstallShield Installation

Information\{4E7DC12A-3597-4A94-9429-F6C698736

1B1}\setup.exe -runfromtemp -l0x0009

-removeonly
-->C:\Program Files\InstallShield Installation

Information\{6813C983-427E-4511-8456-E98FCAA1A

125}\setup.exe -runfromtemp -l0x0009

-removeonly
-->C:\Program Files\InstallShield Installation

Information\{7DADB304-AF20-48C3-A780-4B4133A08

817}\setup.exe -runfromtemp -l0x0009

-removeonly
-->C:\Program Files\InstallShield Installation

Information\{9225EABF-4457-403B-A82B-91614C9DD

DF7}\setup.exe -runfromtemp -l0x0009

-removeonly
-->C:\Program Files\InstallShield Installation

Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7D

B13}\setup.exe -runfromtemp -l0x0009

-removeonly
-->C:\Program Files\InstallShield Installation

Information\{ACE66099-E18E-4037-83C8-9D182E5B9

FA8}\setup.exe -runfromtemp -l0x0009

-removeonly
-->C:\Program Files\InstallShield Installation

Information\{B34B6E67-FCDD-4E03-8742-B5701427F

AFB}\setup.exe -runfromtemp -l0x0009

-removeonly
-->C:\Program Files\InstallShield Installation

Information\{C9EFF51A-C925-4F1A-9DEB-DB5F970DE

983}\setup.exe -runfromtemp -l0x0009

-removeonly
-->C:\Program Files\InstallShield Installation

Information\{E8581ECC-8BEA-4E91-AB5E-587654EBB

2A7}\setup.exe -runfromtemp -l0x0009

-removeonly
-->C:\Program Files\InstallShield Installation

Information\{E9CCEA28-3608-4078-8A07-997646E1A

357}\setup.exe -runfromtemp -l0x0009

-removeonly
-->C:\Program Files\InstallShield Installation

Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB98

69B}\setup.exe -runfromtemp -l0x0009

-removeonly
-->C:\Program Files\InstallShield Installation

Information\{FD7FF74D-0AB5-48D6-929C-7E93A5162

521}\setup.exe -runfromtemp -l0x0009

-removeonly
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x

{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNNMP.exe /UNINSTALL
-->rundll32.exe

setupapi.dll,InstallHinfSection

DefaultUninstall 132

C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->C:\Program Files\Common

Files\Adobe AIR\Versions\1.0\Adobe AIR

Application Installer.exe -uninstall

com.adobe.mauby

4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe

/I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Acronis Disk Director Suite-->MsiExec.exe

/X{2300EE96-0A41-4FAB-BD03-989EC44577A0}
Adobe AIR-->C:\Program Files\Common

Files\Adobe AIR\Versions\1.0\Adobe AIR

Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe

/I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Bridge 1.0-->MsiExec.exe

/I{B74D4E10-6884-0000-0000-000000000103}
Adobe Common File Installer-->MsiExec.exe

/I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 10

Plugin-->C:\WINDOWS\system32\Macromed\Flash\un

install_plugin.exe
Adobe Flash Player

ActiveX-->C:\WINDOWS\system32\Macromed\Flash\u

ninstall_activeX.exe
Adobe Help Center 1.0-->MsiExec.exe

/I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2-->msiexec /I

{236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Photoshop Elements 6.0-->msiexec /I

{F54AC413-D2C6-4A24-B324-370C223C6250}
Adobe Reader 9.1-->MsiExec.exe

/I{AC76BA86-7AD7-1033-7B44-A91000000001}
Adobe Shockwave

Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UN

WISE.EXE

C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe Stock Photos 1.0-->MsiExec.exe

/I{786C5747-1033-0000-B58E-000000000001}
Apple Mobile Device Support-->MsiExec.exe

/I{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}
Apple Software Update-->MsiExec.exe

/I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AusLogics Disk Defrag-->"C:\Program

Files\Auslogics\AusLogics Disk

Defrag\unins000.exe"
BitDefender Internet Security

2009-->MsiExec.exe

/X{961CE74B-30C0-47D6-ACD9-0C887A5E23F5}
Bonjour-->MsiExec.exe

/I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Canon PhotoRecord-->MsiExec.exe

/X{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE}
Canon PIXMA

iP1000-->C:\WINDOWS\system32\CNMCP6e.exe

"-PRINTERNAMECanon PIXMA iP1000"

"-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA

iP1000 Installer\Inst2\cnmis.dll"

"-RCDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA

iP1000 Installer\Inst2\cnmi0409.dll"
Canon Utilities Easy-PhotoPrint-->C:\Program

Files\Canon\Easy-PhotoPrint\uninst.exe

C:\Program

Files\Canon\Easy-PhotoPrint\uninst.ini
Canon Utilities

Easy-PrintToolBox-->C:\WINDOWS\BJPSUNST.EXE
CCleaner (remove only)-->"C:\Program

Files\CCleaner\uninst.exe"
Codec Pack - All In 1

6.0.3.0-->C:\WINDOWS\iun6002.exe "C:\Program

Files\Codec Pack - All In 1\irunin.ini"
DVD Decrypter (Remove Only)-->"C:\Program

Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2-->"C:\Program Files\DVD

Shrink\unins000.exe"
DVD Suite-->RunDll32

C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~

1\Ctor.dll,LaunchSetup "C:\Program

Files\InstallShield Installation

Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8

E79}\setup.exe" -uninstall
Easy-WebPrint-->C:\WINDOWS\IsUninst.exe

-f"C:\Program

Files\Canon\Easy-WebPrint\Uninst.isu"
EVEREST Ultimate Edition v4.00-->"C:\Program

Files\Lavalys\EVEREST Ultimate

Edition\unins000.exe"
FreeAgent Pro Tools-->C:\Program

Files\InstallShield Installation

Information\{F5A83924-6A0A-40A2-9A9C-00D876B62

E7F}\setup.exe -runfromtemp -l0x0409
Google Earth-->MsiExec.exe

/I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
GpsGate-->C:\Program Files\Microsoft

ActiveSync\GpsGate\Uninstall.exe GpsGate
HijackThis 2.0.2-->"C:\Documents and

Settings\User\Desktop\HijackThis.exe"

/uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1

(KB953595)-->C:\WINDOWS\system32\msiexec.exe

/package

{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

/uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1

(KB958484)-->C:\WINDOWS\system32\msiexec.exe

/package

{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

/uninstall

{A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+

REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7

(KB947864)-->"C:\WINDOWS\ie7updates\KB947864-I

E7\spuninst\spuninst.exe"
ImTOO MPEG Encoder Platinum-->C:\Program

Files\ImTOO\MPEG Encoder

Platinum\Uninstall.exe
iTunes-->MsiExec.exe

/I{B85C4D19-6CEB-48CF-BD98-C887AC8C6F94}
Java(TM) 6 Update 3-->MsiExec.exe

/I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Malwarebytes' Anti-Malware-->"C:\Program

Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix

(KB928366)-->"C:\WINDOWS\Microsoft.NET\Framewo

rk\v1.1.4322\Updates\hotfix.exe"

"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\

Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X

{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe

/X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack

2-->MsiExec.exe

/I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack

2-->MsiExec.exe

/I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5

SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\

Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe

/I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft ActiveSync-->MsiExec.exe

/I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Compression Client Pack 1.0 for

Windows

XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spu

ninst\spuninst.exe"
Microsoft Internationalized Domain Names

Mitigation

APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNM

itigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel

APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSD

ownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English)

2007-->MsiExec.exe

/X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI

(English) 2007-->MsiExec.exe

/X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English)

2007-->MsiExec.exe

/X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English)

2007-->MsiExec.exe

/X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English)

2007-->MsiExec.exe

/X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English)

2007-->MsiExec.exe

/X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Plus

2007-->"C:\Program Files\Common

Files\Microsoft Shared\OFFICE12\Office Setup

Controller\setup.exe" /uninstall PROPLUS /dll

OSETUP.DLL
Microsoft Office Professional Plus

2007-->MsiExec.exe

/X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (English)

2007-->MsiExec.exe

/X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French)

2007-->MsiExec.exe

/X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish)

2007-->MsiExec.exe

/X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English)

2007-->MsiExec.exe

/X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English)

2007-->MsiExec.exe

/X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English)

2007-->MsiExec.exe

/X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI

(English) 2007-->MsiExec.exe

/X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English)

2007-->MsiExec.exe

/X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature

Pack

1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuni

nst\spuninst.exe"
Mozilla Firefox (3.0.13)-->C:\Program

Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe

/I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 and SOAP Toolkit

3.0-->MsiExec.exe

/I{32343DB6-9A52-40C9-87E4-5E7C79791C87}
Nero Suite-->C:\Program Files\Common

Files\Ahead\Uninstall\Setup.exe /uninstall
NVIDIA

Drivers-->C:\WINDOWS\system32\nvuninst.exe

UninstallGUI
PowerDVD-->RunDll32

C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~

1\Ctor.dll,LaunchSetup "C:\Program

Files\InstallShield Installation

Information\{6811CAA0-BF12-11D4-9EA1-0050BAE31

7E1}\setup.exe" -uninstall
PSPWare-->"C:\Program

Files\PSPWare\uninstall.exe"
QuickTime-->MsiExec.exe

/I{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}
REALTEK GbE & FE Ethernet PCI-E NIC

Driver-->C:\Program Files\InstallShield

Installation

Information\{C9BED750-1211-4480-B1A5-718A3BE15

525}\SETUP.EXE -runfromtemp -l0x0009

-removeonly
Realtek High Definition Audio

Driver-->RunDll32

C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime

\11\50\Intel32\Ctor.dll,LaunchSetup

"C:\Program Files\InstallShield Installation

Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7

DBC}\SETUP.EXE" -l0x9 -removeonly
RollerCoaster Tycoon 3 Platinum-->RunDll32

C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime

\11\00\Intel32\Ctor.dll,LaunchSetup

"C:\Program Files\InstallShield Installation

Information\{907B4640-266B-4A21-92FB-CD1A86CD0

F63}\SETUP.EXE" -l0x9 -removeonly
Security Update for Windows Internet Explorer

7

(KB929969)-->"C:\WINDOWS\ie7updates\KB929969\s

puninst\spuninst.exe"
Security Update for Windows Internet Explorer

7

(KB938127)-->"C:\WINDOWS\ie7updates\KB938127-I

E7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer

7

(KB942615)-->"C:\WINDOWS\ie7updates\KB942615-I

E7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer

7

(KB944533)-->"C:\WINDOWS\ie7updates\KB944533-I

E7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer

7

(KB950759)-->"C:\WINDOWS\ie7updates\KB950759-I

E7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer

7

(KB953838)-->"C:\WINDOWS\ie7updates\KB953838-I

E7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer

7

(KB956390)-->"C:\WINDOWS\ie7updates\KB956390-I

E7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer

7

(KB958215)-->"C:\WINDOWS\ie7updates\KB958215-I

E7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer

7

(KB961260)-->"C:\WINDOWS\ie7updates\KB961260-I

E7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer

7

(KB963027)-->"C:\WINDOWS\ie7updates\KB963027-I

E7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer

7

(KB969897)-->"C:\WINDOWS\ie7updates\KB969897-I

E7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer

7

(KB972260)-->"C:\WINDOWS\ie7updates\KB972260-I

E7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer

8

(KB972260)-->"C:\WINDOWS\ie8updates\KB972260-I

E8\spuninst\spuninst.exe"
Security Update for Windows Media Player

(KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_

WM9$\spuninst\spuninst.exe"
Security Update for Windows XP

(KB923789)-->C:\WINDOWS\system32\MacroMed\Flas

h\genuinst.exe

C:\WINDOWS\system32\MacroMed\Flash\KB923789.in

f
Security Update for Windows XP

(KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$

\spuninst\spuninst.exe"
Security Update for Windows XP

(KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$

\spuninst\spuninst.exe"
Security Update for Windows XP

(KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$

\spuninst\spuninst.exe"
Security Update for Windows XP

(KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$

\spuninst\spuninst.exe"
Security Update for Windows XP

(KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$

\spuninst\spuninst.exe"
Security Update for Windows XP

(KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$

\spuninst\spuninst.exe"
Security Update for Windows XP

(KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$

\spuninst\spuninst.exe"
Security Update for Windows XP

(KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$

\spuninst\spuninst.exe"
Security Update for Windows XP

(KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$

\spuninst\spuninst.exe"
Security Update for Windows XP

(KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$

\spuninst\spuninst.exe"
Security Update for Windows XP

(KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$

\spuninst\spuninst.exe"
Security Update for Windows XP

(KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$

\spuninst\spuninst.exe"
Security Update for Windows XP

(KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$

\spuninst\spuninst.exe"
Security Update for Windows XP

(KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$

\spuninst\spuninst.exe"
Sonic UDF Reader-->MsiExec.exe

/I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sony Picture Utility-->C:\Program

Files\InstallShield Installation

Information\{D5068583-D569-468B-9755-5FBF5848F

46F}\setup.exe -runfromtemp -l0x0009

/removeonly uninstall -removeonly
Sony USB Driver-->RunDll32

C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime

\10\01\Intel32\Ctor.dll,LaunchSetup

"C:\Program Files\InstallShield Installation

Information\{5C29CB8B-AC1E-4114-8D68-9CD080140

D4A}\setup.exe" -l0x9 UNINSTALL -removeonly
Spy Sweeper Core-->MsiExec.exe

/I{3F5B6210-0903-4DC6-8034-8F488AA3A782}
Spy Sweeper-->"C:\Program Files\Webroot\Spy

Sweeper\unins000.exe"

/Log="C:\DOCUME~1\User\LOCALS~1\Temp\Uninstall

.txt"
SpywareBlaster 4.2-->"C:\Program

Files\SpywareBlaster\unins000.exe"
SpywareGuard v2.2-->"C:\Program

Files\SpywareGuard\unins000.exe"
SUPERAntiSpyware Free Edition-->MsiExec.exe

/X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Update for Microsoft .NET Framework 3.5 SP1

(KB963707)-->C:\WINDOWS\system32\msiexec.exe

/package

{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

/uninstall

{B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+

REBOOTPROMPT=""
Update for Windows Internet Explorer 8

(KB972636)-->"C:\WINDOWS\ie8updates\KB972636-I

E8\spuninst\spuninst.exe"
Update for Windows XP

(KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$

\spuninst\spuninst.exe"
USB Drum V1.03-->"C:\Program Files\USB

Drum\unins000.exe"
VIRGIN BROADBAND-->C:\Program Files\VIRGIN

BROADBAND\uninst.exe
Windows Internet Explorer

8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program

Files\Windows Media Player\wmsetsdk.exe"

/UninstallAll
Windows Media Format 11

runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\s

puninst\spuninst.exe"
Windows Media Player 11-->"C:\Program

Files\Windows Media Player\Setup_wm.exe"

/Uninstall
Windows Media Player

11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\s

puninst.exe"
Windows Mobile® Device Handbook-->C:\Program

Files\Windows Mobile Device Handbook\Windows

Mobile Device Handbook\Bin\DHUninstall.exe
Windows XP Service Pack

3-->"C:\WINDOWS\$NtServicePackUninstall$\spuni

nst\spuninst.exe"
WinFast PVR2-->RunDll32

C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime

\10\00\Intel32\Ctor.dll,LaunchSetup

"C:\Program Files\InstallShield Installation

Information\{C92C584E-C781-475E-A8E2-C67D993A6

B95}\Setup.exe" -l0x9 -removeonly
WinFast PxDVR3200 H Driver -->RunDll32

C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime

\10\00\Intel32\Ctor.dll,LaunchSetup

"C:\Program Files\InstallShield Installation

Information\{ADB1EEBA-43DD-40C5-B753-F476158EA

85E}\setup.exe" -l0x9 -removeonly
WinRAR archiver-->C:\Program

Files\WinRAR\uninstall.exe

=====HijackThis Backups=====

O2 - BHO: (no name) -

{46bb9dcf-c819-4ae7-bac8-38a6acbdeb6b} -

C:\WINDOWS\system32\kijafise.dll [2008-12-17]
O2 - BHO: (no name) -

{46bb9dcf-c819-4ae7-bac8-38a6acbdeb6b} -

C:\WINDOWS\system32\kijafise.dll [2008-12-17]
O2 - BHO: (no name) -

{46bb9dcf-c819-4ae7-bac8-38a6acbdeb6b} - (no

file) [2008-12-17]
O2 - BHO: (no name) -

{46bb9dcf-c819-4ae7-bac8-38a6acbdeb6b} -

C:\WINDOWS\system32\kijafise.dll [2008-12-17]

======Security center information======

AV: BitDefender Antivirus
FW: BitDefender Firewall

======System event log======

Computer Name: PAULLOLO-PC
Event Code: 7011
Message: Timeout (30000 milliseconds) waiting

for a transaction response from the NVSvc

service.

Record Number: 26501
Source Name: Service Control Manager
Time Written: 20090625095922.000000+600
Event Type: error
User:

Computer Name: PAULLOLO-PC
Event Code: 7000
Message: The SASDIFSV service failed to start

due to the following error:
Cannot create a file when that file already

exists.


Record Number: 26490
Source Name: Service Control Manager
Time Written: 20090624194652.000000+600
Event Type: error
User:

Computer Name: PAULLOLO-PC
Event Code: 1002
Message: The IP address lease 192.168.1.3 for

the Network Card with network address

001A4D9B4919 has been
denied by the DHCP server 0.0.0.0 (The DHCP

Server sent a DHCPNACK message).

Record Number: 26400
Source Name: Dhcp
Time Written: 20090621174100.000000+600
Event Type: error
User:

Computer Name: PAULLOLO-PC
Event Code: 1003
Message: Your computer was not able to renew

its address from the network (from the
DHCP Server) for the Network Card with network

address 001A4D9B4919. The following
error occurred:
The semaphore timeout period has expired.
.
Your computer will continue to try and obtain

an address on its own from
the network address (DHCP) server.

Record Number: 26396
Source Name: Dhcp
Time Written: 20090621001011.000000+600
Event Type: warning
User:

Computer Name: PAULLOLO-PC
Event Code: 8021
Message: The browser was unable to retrieve a

list of servers from the browser master

\\DARYL-9BBC7AD79 on the network

\Device\NetBT_Tcpip_{618F225C-A125-47A6-BB72-F

C0B13736369}.
The data is the error code.

Record Number: 26392
Source Name: BROWSER
Time Written: 20090620225916.000000+600
Event Type: warning
User:

=====Application event log=====

Computer Name: PAULLOLO-PC
Event Code: 2570
Message: Adobe Active File Monitor Service has

Started.

Record Number: 22
Source Name: Adobe Active File Monitor 6.0
Time Written: 20090702115613.000000+600
Event Type:
User:

Computer Name: PAULLOLO-PC
Event Code: 2570
Message: Adobe Active File Monitor Service has

Started.

Record Number: 17
Source Name: Adobe Active File Monitor 6.0
Time Written: 20090701214338.000000+600
Event Type:
User:

Computer Name: PAULLOLO-PC
Event Code: 2570
Message: Adobe Active File Monitor Service has

Started.

Record Number: 12
Source Name: Adobe Active File Monitor 6.0
Time Written: 20090701130402.000000+600
Event Type:
User:

Computer Name: PAULLOLO-PC
Event Code: 2570
Message: Adobe Active File Monitor Service has

Started.

Record Number: 6
Source Name: Adobe Active File Monitor 6.0
Time Written: 20090630212441.000000+600
Event Type:
User:

Computer Name: PAULLOLO-PC
Event Code: 2570
Message: Adobe Active File Monitor Service has

Started.

Record Number: 1
Source Name: Adobe Active File Monitor 6.0
Time Written: 20090629223236.000000+600
Event Type:
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%sys

temroot%\system32\wbem;C:\Program

Files\QuickTime\QTSystem;C:\Program

Files\Common Files\Adobe\AGL
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15

Stepping 11, GenuineIntel
"PROCESSOR_REVISION"=0f0b
"NUMBER_OF_PROCESSORS"=4
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.J

SE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program

Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
"QTJAVA"=C:\Program

Files\Java\jre1.6.0_03\lib\ext\QTJava.zip

-----------------EOF-----------------
paulis
Active Member
 
Posts: 6
Joined: August 18th, 2009, 3:30 am

Re: Please Help virtumonde Kobcka.rootkit also HUER rootkit

Unread postby Cypher » August 24th, 2009, 11:01 am

Hi paul.

Illegal Software Detected

While going through your log it has come to my attention that your version of Nero is cracked and that it appears you are actively using it.
There is also clear evidence that you are using keygens.
This forum's policy says we will not help people who use cracked or pirated software.

More information:
Illegal Copies of Software

If you still want me to help you I suggest you purchase a legal copy of the software or remove the cracked software from your computer.
NOTE: If you give me advice that the software has been removed & I find it has not (the tools we use can & will detect it) then I will have no choice but to have this thread closed.
Please decide what you are gonig to do & let me know.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Please Help virtumonde Kobcka.rootkit also HUER rootkit

Unread postby paulis » August 27th, 2009, 5:07 am

Hi i was not aware that the Nero that was installed was not a legitimate copy as it came installed on my PC when i brought it.
If you are still willing to help me i would greatly appreciate it. I have uninstalled this copy and once we have finished this process i will sort out my burning program.

Thanks Paul.
paulis
Active Member
 
Posts: 6
Joined: August 18th, 2009, 3:30 am

Re: Please Help virtumonde Kobcka.rootkit also HUER rootkit

Unread postby Cypher » August 27th, 2009, 11:53 am

Hi paul.
Thank you for your cooperation.

First thing I would like you to do is to turn Word Wrap off in Notepad:
  • Open Notepad then on the Toolbar click Format
  • Make sure Word Wrap is unticked then close Notepad

Next

Right click on the Start...button.
Select Explore...from the menu.
Navigate to and find the following files and/or folders: if found, delete them.

C:\RSIT\info.txt

Next

Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<< will be maximized) and info.txt (<< will be minimized)


In your next reply.

1. RSIT log.txt file contents and info.txt file contents.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Please Help virtumonde Kobcka.rootkit also HUER rootkit

Unread postby paulis » August 28th, 2009, 4:36 am

Thanks here is the Log.txt

Logfile of random's system information tool 1.06 (written by random/random)
Run by User at 2009-08-28 18:33:06
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 137 GB (29%) free of 477 GB
Total RAM: 2046 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:33:11 PM, on 28/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Memeo\AutoBackup\MemeoService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\VIRGIN BROADBAND\VIRGIN BROADBAND.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\User\Desktop\RSIT.exe
C:\Documents and Settings\User\Desktop\User.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigpond.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] "RTHDCPL.EXE"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [yejuporaje] Rundll32.exe "C:\WINDOWS\system32\zayuvosu.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {F1D54B0B-B6EA-43B5-BD26-A79D3DBF47E3} (Multidownx Control) - http://bigpondmusic.com/activex/multidownx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A6AAB28E-500B-45F6-908F-3D9384E61BB4}: NameServer = 123.200.191.17 123.200.191.18
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: AutoBackup (BMUService) - Memeo - C:\Program Files\Memeo\AutoBackup\MemeoService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe

--
End of file - 8509 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\wrSpySweeper_LB564713FDF4745268460C83B25B8BC4B.job
C:\WINDOWS\tasks\wrSpySweeper_LE04E83C346474762855CCEBEEDDABDB1.job
C:\WINDOWS\tasks\wrSpySweeper_LF80B1552B81349948EB3AF9F8C6F0EDD.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A368E80-174F-4872-96B5-0B27DDD11DB2}]
SpywareGuardDLBLOCK.CBrowserHelper - C:\Program Files\SpywareGuard\dlprotect.dll [2003-08-02 192512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2006-06-13 110652]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2004-08-26 405504]
{381FFDE8-2394-4f90-B10D-FC6124A40F8C} - BitDefender Toolbar - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll [2009-04-02 95536]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-04-12 16132608]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-12-05 8523776]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-12-05 81920]
"BDAgent"=C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe [2009-08-22 782336]
"BitDefender Antiphishing Helper"=C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe [2009-04-02 69632]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"SpySweeper"=C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe [2009-04-06 6345840]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-07-30 1830128]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe [2007-09-10 67488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [2004-01-14 409600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-01-15 267048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2006-12-05 54832]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSSelectorReinstall]
C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe [2005-11-14 1544099]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-01-10 385024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2006-11-23 56928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StxTrayMenu]
C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe [2007-01-18 190008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [2007-09-25 132496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
C:\Program Files\TomTom HOME 2\HOMERunner.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^Adobe Gamma.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2005-03-16 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^AutoBackup Launcher.lnk]
C:\PROGRA~1\Memeo\AUTOBA~1\MEMEOL~1.EXE [2007-02-08 211992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]
C:\PROGRA~1\Sony\SONYPI~1\VOLUME~1\SPUVOL~1.EXE [2007-04-17 368640]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk]
C:\Documents and Settings\User\Local Settings\Temp\{DFF19BC6-182E-45AB-A030-EE0C242D8483}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe /remind /language=ENA /PRNM=RollerCoaster Tycoon 3/PRMP=RCT3/SKUN=PCXX/GTYP=STRY []

C:\Documents and Settings\User\Start Menu\Programs\Startup
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=C:\Program Files\SpywareGuard\spywareguard.dll [2003-08-02 126976]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
scecli
scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WRConsumerService]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Telstra\Cable Login\bpcable.exe"="C:\Program Files\Telstra\Cable Login\bpcable.exe:*:Enabled:BigPond Cable Client"
"C:\Program Files\Telstra\Cable Login\bpcService.exe"="C:\Program Files\Telstra\Cable Login\bpcService.exe:*:Enabled:BigPond Cable Client (running as a service)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui"
"C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe"="C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe:*:Enabled:SpySweeper"
"C:\Program Files\Memeo\AutoBackup\MemeoService.exe"="C:\Program Files\Memeo\AutoBackup\MemeoService.exe:*:Enabled:MemeoService"
"C:\WINDOWS\system32\spoolsv.exe"="C:\WINDOWS\system32\spoolsv.exe:*:Enabled:spoolsv"
"C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe"="C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe:*:Enabled:PhotoshopElementsFileAgent"
"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe:*:Enabled:AppleMobileDeviceService"
"C:\Program Files\WinFast\WFDTV\DVBTAP.exe"="C:\Program Files\WinFast\WFDTV\DVBTAP.exe:*:Enabled:WinFast DTV Application"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{044710b9-2ae6-11dd-9f50-001a4d9b4919}]
shell\AutoRun\command - F:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e1f279c-8344-11de-b7b4-001a4d9b4919}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{42898330-7779-11de-b79f-001a4d9b4919}]
shell\AutoRun\command - M:\WDSetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{42898331-7779-11de-b79f-001a4d9b4919}]
shell\AutoRun\command - L:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{42898334-7779-11de-b79f-001a4d9b4919}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{69c2bc33-1798-11de-b727-001a4d9b4919}]
shell\Auto\command - recycled\SVCH0ST.EXE
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL recycled\SVCH0ST.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7b46e0a7-8088-11de-b7b2-001a4d9b4919}]
shell\AutoRun\command - L:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7b46e0a8-8088-11de-b7b2-001a4d9b4919}]
shell\AutoRun\command - L:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9ca926cf-06ce-11dd-9f27-001a4d9b4919}]
shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9ca926d1-06ce-11dd-9f27-001a4d9b4919}]
shell\AutoRun\command - F:\.pspware\PSPWareLauncher.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c850aa98-8d6d-11de-b7c7-001a4d9b4919}]
shell\AutoRun\command - F:\AutoRun.exe


======List of files/folders created in the last 1 months======

2009-08-27 22:18:18 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-08-26 20:36:58 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
2009-08-23 12:59:14 ----D---- C:\rsit
2009-08-23 12:58:40 ----D---- C:\Rooter$
2009-08-20 19:42:38 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem #3.txt
2009-08-18 17:41:05 ----D---- C:\WINDOWS\ie8updates
2009-08-18 17:38:27 ----HDC---- C:\WINDOWS\ie8
2009-08-16 03:00:43 ----SHD---- C:\Config.Msi
2009-08-16 03:00:43 ----D---- C:\Program Files\MSXML 4.0
2009-08-15 17:07:57 ----D---- C:\Program Files\MSSOAP
2009-08-14 07:35:21 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-08-14 03:02:57 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-08-14 03:02:48 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-08-14 03:02:39 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-08-14 03:02:30 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-08-14 03:02:21 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-08-14 03:02:13 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-08-14 03:02:05 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-08-14 03:00:18 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-08-12 22:56:24 ----D---- C:\WINDOWS\Minidump
2009-08-04 20:26:22 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem #2.txt
2009-08-03 18:03:42 ----A---- C:\WINDOWS\system32\wshirda.dll
2009-08-03 18:03:42 ----A---- C:\WINDOWS\system32\irmon.dll
2009-08-03 18:03:42 ----A---- C:\WINDOWS\system32\irftp.exe

======List of files/folders modified in the last 1 months======

2009-08-28 18:31:45 ----D---- C:\WINDOWS\Prefetch
2009-08-28 18:31:32 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem.txt
2009-08-28 18:27:11 ----D---- C:\Program Files\Mozilla Firefox
2009-08-28 18:05:54 ----D---- C:\WINDOWS\Temp
2009-08-28 18:00:18 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-28 15:08:10 ----D---- C:\WINDOWS\system32
2009-08-28 15:07:37 ----A---- C:\WINDOWS\bdagent.INI
2009-08-28 15:05:58 ----D---- C:\WINDOWS
2009-08-27 22:18:34 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-27 22:18:28 ----HD---- C:\WINDOWS\inf
2009-08-27 22:18:21 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-08-27 22:18:20 ----D---- C:\WINDOWS\system32\drivers
2009-08-27 19:09:59 ----D---- C:\WINDOWS\Debug
2009-08-25 20:31:02 ----D---- C:\Program Files\Ahead
2009-08-25 20:30:51 ----D---- C:\Program Files\Common Files\Ahead
2009-08-24 23:00:26 ----D---- C:\WinFast WorkArea
2009-08-24 00:17:23 ----A---- C:\WINDOWS\system32\Dvbpws.dll
2009-08-18 18:37:59 ----D---- C:\WINDOWS\system32\en-US
2009-08-18 18:37:59 ----D---- C:\WINDOWS\Media
2009-08-18 18:37:59 ----D---- C:\WINDOWS\Help
2009-08-18 18:37:59 ----D---- C:\Program Files\Internet Explorer
2009-08-18 17:41:17 ----HD---- C:\WINDOWS\$hf_mig$
2009-08-17 22:12:48 ----RD---- C:\Program Files
2009-08-16 21:59:28 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-08-16 21:58:48 ----D---- C:\Program Files\SpywareBlaster
2009-08-16 03:00:56 ----SHD---- C:\WINDOWS\Installer
2009-08-16 03:00:55 ----D---- C:\WINDOWS\WinSxS
2009-08-15 18:27:38 ----D---- C:\Program Files\LimeWire
2009-08-15 17:15:38 ----SD---- C:\WINDOWS\Tasks
2009-08-15 17:14:44 ----D---- C:\Documents and Settings\All Users\Application Data\Webroot
2009-08-14 18:13:33 ----D---- C:\Program Files\SpywareGuard
2009-08-14 03:02:07 ----D---- C:\Program Files\Outlook Express
2009-08-13 22:18:52 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-08-13 18:58:24 ----SHD---- C:\System Volume Information
2009-08-13 18:58:24 ----D---- C:\WINDOWS\system32\Restore
2009-08-05 19:01:48 ----A---- C:\WINDOWS\system32\mswebdvd.dll
2009-08-03 18:04:58 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-08-03 18:03:37 ----D---- C:\WINDOWS\security
2009-07-30 10:49:14 ----A---- C:\WINDOWS\system32\MRT.exe
2009-07-30 06:02:15 ----D---- C:\Program Files\SUPERAntiSpyware
2009-07-30 03:00:51 ----D---- C:\WINDOWS\ie7updates

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 bdftdif;bdftdif; \??\C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys []
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2006-03-17 5660]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2006-03-17 22684]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R2 BDVEDISK;BDVEDISK; \??\C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys []
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2006-06-13 25724]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2006-06-13 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2006-06-13 86844]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2006-06-13 14716]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2006-06-13 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2006-06-13 88476]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2006-06-13 94460]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2006-03-17 40544]
R3 bdfm;BDFM; C:\WINDOWS\system32\drivers\bdfm.sys [2008-09-18 111112]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service; C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2009-08-22 104456]
R3 bdfsfltr;bdfsfltr; C:\WINDOWS\system32\drivers\bdfsfltr.sys [2009-01-16 242184]
R3 BDSelfPr;BDSelfPr; \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys []
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2008-03-17 101376]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-04-23 4402176]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-12-05 7435392]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-03-01 90496]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 WFSONORA;WinFast PxDVR3200 H; C:\WINDOWS\system32\drivers\wfsonora.sys [2007-07-31 313472]
S1 soqwx32;soqwx32; \??\C:\WINDOWS\system32\drivers\soqwx32.sys []
S3 BthEnum;Bluetooth Request Block Driver; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-14 17024]
S3 BTHMODEM;Bluetooth Serial Communications Driver; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-14 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-14 101120]
S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-13 272128]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-14 18944]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 EverestDriver;Lavalys EVEREST Kernel Driver; \??\C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt []
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-14 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 Profos;Profos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys []
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-14 59136]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 SSKBFD;Webroot Spy Sweeper Keylogger Shield Keyboard Filter; C:\WINDOWS\System32\Drivers\sskbfd.sys [2008-01-04 23920]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 Trufos;Trufos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys []
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-14 12800]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-01-15 30464]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
S3 WFIOCTL;WFIOCTL; \??\C:\Program Files\WinFast\WFDTV\WFIOCTL.SYS []
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6; C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-10 124832]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-01-15 110592]
R2 BMUService;AutoBackup; C:\Program Files\Memeo\AutoBackup\MemeoService.exe [2007-02-08 56344]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe [2009-04-02 415024]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-12-05 155716]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2005-08-07 167936]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2004-12-13 49152]
R2 VSSERV;BitDefender Virus Shield; C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe [2009-08-22 1642360]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine; C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe [2009-04-02 4048240]
R2 WRConsumerService;Webroot Client Service; C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe [2009-08-15 1181040]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-08-01 72704]
S3 Arrakis3;BitDefender Arrakis Server; C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-11-03 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-01-15 504104]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 scan;BitDefender Threat Scanner; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe []

-----------------EOF-----------------

and the info.txt

info.txt logfile of random's system information tool 1.06 2009-08-28 18:33:14

======Uninstall list======

[Activation] v0.3 Beta 3-->"C:\Program Files\TomTomActivation\Uninstall.exe"
-->C:\Program Files\InstallShield Installation Information\{02FB2C63-5763-4CDD-99E6-566C57189742}\setup.exe -runfromtemp -l0x0009 -removeonly
-->C:\Program Files\InstallShield Installation Information\{1CA432A0-DBC7-4C5D-A6B6-5DF0E2E44BB0}\setup.exe -runfromtemp -l0x0009 -removeonly
-->C:\Program Files\InstallShield Installation Information\{28B97CAB-828F-49D8-A30A-675476F9BA92}\setup.exe -runfromtemp -l0x0009/cont -removeonly
-->C:\Program Files\InstallShield Installation Information\{3475FBEC-E0F5-4A3F-823E-6C1DEA10F1AF}\setup.exe -runfromtemp -l0x0009 -removeonly
-->C:\Program Files\InstallShield Installation Information\{3881DD58-780F-4FCF-8A16-6E6800C2FEE0}\setup.exe -runfromtemp -l0x0009 -removeonly
-->C:\Program Files\InstallShield Installation Information\{4067A0B5-FB0B-479C-8735-6F48F8E21872}\setup.exe -runfromtemp -l0x0009 -removeonly
-->C:\Program Files\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe -runfromtemp -l0x0009 -removeonly
-->C:\Program Files\InstallShield Installation Information\{6813C983-427E-4511-8456-E98FCAA1A125}\setup.exe -runfromtemp -l0x0009 -removeonly
-->C:\Program Files\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe -runfromtemp -l0x0009 -removeonly
-->C:\Program Files\InstallShield Installation Information\{9225EABF-4457-403B-A82B-91614C9DDDF7}\setup.exe -runfromtemp -l0x0009 -removeonly
-->C:\Program Files\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe -runfromtemp -l0x0009 -removeonly
-->C:\Program Files\InstallShield Installation Information\{ACE66099-E18E-4037-83C8-9D182E5B9FA8}\setup.exe -runfromtemp -l0x0009 -removeonly
-->C:\Program Files\InstallShield Installation Information\{B34B6E67-FCDD-4E03-8742-B5701427FAFB}\setup.exe -runfromtemp -l0x0009 -removeonly
-->C:\Program Files\InstallShield Installation Information\{C9EFF51A-C925-4F1A-9DEB-DB5F970DE983}\setup.exe -runfromtemp -l0x0009 -removeonly
-->C:\Program Files\InstallShield Installation Information\{E8581ECC-8BEA-4E91-AB5E-587654EBB2A7}\setup.exe -runfromtemp -l0x0009 -removeonly
-->C:\Program Files\InstallShield Installation Information\{E9CCEA28-3608-4078-8A07-997646E1A357}\setup.exe -runfromtemp -l0x0009 -removeonly
-->C:\Program Files\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe -runfromtemp -l0x0009 -removeonly
-->C:\Program Files\InstallShield Installation Information\{FD7FF74D-0AB5-48D6-929C-7E93A5162521}\setup.exe -runfromtemp -l0x0009 -removeonly
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Acronis Disk Director Suite-->MsiExec.exe /X{2300EE96-0A41-4FAB-BD03-989EC44577A0}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Photoshop Elements 6.0-->msiexec /I {F54AC413-D2C6-4A24-B324-370C223C6250}
Adobe Reader 9.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Apple Mobile Device Support-->MsiExec.exe /I{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AusLogics Disk Defrag-->"C:\Program Files\Auslogics\AusLogics Disk Defrag\unins000.exe"
BitDefender Internet Security 2009-->MsiExec.exe /X{961CE74B-30C0-47D6-ACD9-0C887A5E23F5}
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Canon PhotoRecord-->MsiExec.exe /X{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE}
Canon PIXMA iP1000-->C:\WINDOWS\system32\CNMCP6e.exe "-PRINTERNAMECanon PIXMA iP1000" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP1000 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP1000 Installer\Inst2\cnmi0409.dll"
Canon Utilities Easy-PhotoPrint-->C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe C:\Program Files\Canon\Easy-PhotoPrint\uninst.ini
Canon Utilities Easy-PrintToolBox-->C:\WINDOWS\BJPSUNST.EXE
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Codec Pack - All In 1 6.0.3.0-->C:\WINDOWS\iun6002.exe "C:\Program Files\Codec Pack - All In 1\irunin.ini"
DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
DVD Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
Easy-WebPrint-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
EVEREST Ultimate Edition v4.00-->"C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe"
FreeAgent Pro Tools-->C:\Program Files\InstallShield Installation Information\{F5A83924-6A0A-40A2-9A9C-00D876B62E7F}\setup.exe -runfromtemp -l0x0409
Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
GpsGate-->C:\Program Files\Microsoft ActiveSync\GpsGate\Uninstall.exe GpsGate
HijackThis 2.0.2-->"C:\Documents and Settings\User\Desktop\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
ImTOO MPEG Encoder Platinum-->C:\Program Files\ImTOO\MPEG Encoder Platinum\Uninstall.exe
iTunes-->MsiExec.exe /I{B85C4D19-6CEB-48CF-BD98-C887AC8C6F94}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft ActiveSync-->MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (3.0.13)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 and SOAP Toolkit 3.0-->MsiExec.exe /I{32343DB6-9A52-40C9-87E4-5E7C79791C87}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PSPWare-->"C:\Program Files\PSPWare\uninstall.exe"
QuickTime-->MsiExec.exe /I{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}
REALTEK GbE & FE Ethernet PCI-E NIC Driver-->C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\SETUP.EXE -runfromtemp -l0x0009 -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.EXE" -l0x9 -removeonly
RollerCoaster Tycoon 3 Platinum-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\SETUP.EXE" -l0x9 -removeonly
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Sonic UDF Reader-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sony Picture Utility-->C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe -runfromtemp -l0x0009 /removeonly uninstall -removeonly
Sony USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\setup.exe" -l0x9 UNINSTALL -removeonly
Spy Sweeper Core-->MsiExec.exe /I{3F5B6210-0903-4DC6-8034-8F488AA3A782}
Spy Sweeper-->"C:\Program Files\Webroot\Spy Sweeper\unins000.exe" /Log="C:\DOCUME~1\User\LOCALS~1\Temp\Uninstall.txt"
SpywareBlaster 4.2-->"C:\Program Files\SpywareBlaster\unins000.exe"
SpywareGuard v2.2-->"C:\Program Files\SpywareGuard\unins000.exe"
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB972636)-->"C:\WINDOWS\ie8updates\KB972636-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
USB Drum V1.03-->"C:\Program Files\USB Drum\unins000.exe"
VIRGIN BROADBAND-->C:\Program Files\VIRGIN BROADBAND\uninst.exe
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Mobile® Device Handbook-->C:\Program Files\Windows Mobile Device Handbook\Windows Mobile Device Handbook\Bin\DHUninstall.exe
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinFast PVR2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C92C584E-C781-475E-A8E2-C67D993A6B95}\Setup.exe" -l0x9 -removeonly
WinFast PxDVR3200 H Driver -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ADB1EEBA-43DD-40C5-B753-F476158EA85E}\setup.exe" -l0x9 -removeonly
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

=====HijackThis Backups=====

O2 - BHO: (no name) - {46bb9dcf-c819-4ae7-bac8-38a6acbdeb6b} - C:\WINDOWS\system32\kijafise.dll [2008-12-17]
O2 - BHO: (no name) - {46bb9dcf-c819-4ae7-bac8-38a6acbdeb6b} - C:\WINDOWS\system32\kijafise.dll [2008-12-17]
O2 - BHO: (no name) - {46bb9dcf-c819-4ae7-bac8-38a6acbdeb6b} - (no file) [2008-12-17]
O2 - BHO: (no name) - {46bb9dcf-c819-4ae7-bac8-38a6acbdeb6b} - C:\WINDOWS\system32\kijafise.dll [2008-12-17]

======Security center information======

AV: BitDefender Antivirus
FW: BitDefender Firewall

======System event log======

Computer Name: PAULLOLO-PC
Event Code: 7011
Message: Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.

Record Number: 26733
Source Name: Service Control Manager
Time Written: 20090702115727.000000+600
Event Type: error
User:

Computer Name: PAULLOLO-PC
Event Code: 8021
Message: The browser was unable to retrieve a list of servers from the browser master \\DARYL-9BBC7AD79 on the network \Device\NetBT_Tcpip_{618F225C-A125-47A6-BB72-FC0B13736369}.
The data is the error code.

Record Number: 26724
Source Name: BROWSER
Time Written: 20090701215603.000000+600
Event Type: warning
User:

Computer Name: PAULLOLO-PC
Event Code: 7011
Message: Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.

Record Number: 26667
Source Name: Service Control Manager
Time Written: 20090630212543.000000+600
Event Type: error
User:

Computer Name: PAULLOLO-PC
Event Code: 7011
Message: Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.

Record Number: 26646
Source Name: Service Control Manager
Time Written: 20090629223339.000000+600
Event Type: error
User:

Computer Name: PAULLOLO-PC
Event Code: 8021
Message: The browser was unable to retrieve a list of servers from the browser master \\DARYL-9BBC7AD79 on the network \Device\NetBT_Tcpip_{618F225C-A125-47A6-BB72-FC0B13736369}.
The data is the error code.

Record Number: 26615
Source Name: BROWSER
Time Written: 20090628164310.000000+600
Event Type: warning
User:

=====Application event log=====

Computer Name: PAULLOLO-PC
Event Code: 2570
Message: Adobe Active File Monitor Service has Started.

Record Number: 22
Source Name: Adobe Active File Monitor 6.0
Time Written: 20090702115613.000000+600
Event Type:
User:

Computer Name: PAULLOLO-PC
Event Code: 2570
Message: Adobe Active File Monitor Service has Started.

Record Number: 17
Source Name: Adobe Active File Monitor 6.0
Time Written: 20090701214338.000000+600
Event Type:
User:

Computer Name: PAULLOLO-PC
Event Code: 2570
Message: Adobe Active File Monitor Service has Started.

Record Number: 12
Source Name: Adobe Active File Monitor 6.0
Time Written: 20090701130402.000000+600
Event Type:
User:

Computer Name: PAULLOLO-PC
Event Code: 2570
Message: Adobe Active File Monitor Service has Started.

Record Number: 6
Source Name: Adobe Active File Monitor 6.0
Time Written: 20090630212441.000000+600
Event Type:
User:

Computer Name: PAULLOLO-PC
Event Code: 2570
Message: Adobe Active File Monitor Service has Started.

Record Number: 1
Source Name: Adobe Active File Monitor 6.0
Time Written: 20090629223236.000000+600
Event Type:
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Common Files\Adobe\AGL
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_REVISION"=0f0b
"NUMBER_OF_PROCESSORS"=4
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip

-----------------EOF-----------------
paulis
Active Member
 
Posts: 6
Joined: August 18th, 2009, 3:30 am

Re: Please Help virtumonde Kobcka.rootkit also HUER rootkit

Unread postby Cypher » August 28th, 2009, 10:58 am

Hi paul.

Disable BitDefender

1. Right Click on the BitDefender icon in your task bar.
2. Select the advanced Settings.
3. Select Advanced on the down/left corner.
4. You can find a check box there that lets you disable BitDefender.
Please renable BitDefender as soon as Combofix is done.

Next.

You have Spy Sweeper running
This is good as Spy Sweeper protects you from many malicious changes to your registry. However, Spy Sweeper is a computer program, which has no way of distinguishing between good or malicous intentions; this means it might hinder the modifications I need to make to your system. This means that Spy Sweeper will need to be disabled until you have been cleaned of malware.

  • Start Spy Sweeper
  • Select Options and then Program Options
  • Uncheck the option Load at Windows Startup
  • Select Shields and uncheck all there
  • Uncheck Home page shield
  • Uncheck automatically restore default without notification
  • Reboot your machine to complete the process

When I give you the all-clear post, remember to reenable it!

Next.

Disable SUPERAntiSpyware
Programs like SUPERAntiSpyware, may interfere with the fix, so we need to temporarily disable it.
  • Right-click on the SUPERAntiSpyware icon, in the system tray.
  • Choose View Control Center... "Preferences/options" button/tab.
  • On the General and Startup...tab, uncheck, "Start SUPERAntiSpyware when Windows starts"
  • click Close to exit.
Don't forget to enable your SUPERAntiSpyware protection, when your computer is clean.

Next

Disable SpywareGuard until the computer is clean

  • Right click the running icon of Spywareguard, it will open the program.
  • Then go to Menu, file, exit.
  • Then confirm the program is closed.
Don't forget to re-enable it, when your computer is clean.

Next.

Download and Run ComboFix

  • Please download ComboFix, and find instructions on how to properly run it from Here
    Make sure you install the recovery console if asked to.
    The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time and can be a lifesaver later.
    Once installed, you should see a blue screen prompt that says:
    The Recovery Console was successfully installed.
  • Run ComboFix as instructed by the tutorial. Normal scan time is 10-20 minutes. When ComboFix is finished running, a log will be opened. Include this log in your next reply.

In your next reply.

1. ComboFix log.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Please Help virtumonde Kobcka.rootkit also HUER rootkit

Unread postby paulis » August 29th, 2009, 1:36 am

Here is the Combofix log

ComboFix 09-08-28.01 - User 29/08/2009 13:52.1.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1401 [GMT 10:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\1beb79e.msp
c:\windows\Installer\1e155ae.msp
c:\windows\Installer\475af7.msp
c:\windows\Installer\67e6f0.msp
c:\windows\Installer\92ce0.msp
c:\windows\Installer\cf77a2.msp
c:\windows\Installer\fa2867.msp
c:\windows\OPTIONS\CABS\_desktop.ini
c:\windows\system32\_004333_.tmp.dll
c:\windows\system32\_004334_.tmp.dll
c:\windows\system32\_004335_.tmp.dll
c:\windows\system32\_004336_.tmp.dll
c:\windows\system32\_004343_.tmp.dll
c:\windows\system32\_004344_.tmp.dll
c:\windows\system32\_004345_.tmp.dll
c:\windows\system32\_004346_.tmp.dll
c:\windows\system32\_004347_.tmp.dll
c:\windows\system32\_004348_.tmp.dll
c:\windows\system32\_004349_.tmp.dll
c:\windows\system32\_004350_.tmp.dll
c:\windows\system32\_004351_.tmp.dll
c:\windows\system32\_004352_.tmp.dll
c:\windows\system32\_004353_.tmp.dll
c:\windows\system32\_004354_.tmp.dll
c:\windows\system32\_004355_.tmp.dll
c:\windows\system32\_004356_.tmp.dll
c:\windows\system32\_004357_.tmp.dll
c:\windows\system32\_004359_.tmp.dll
c:\windows\system32\_004360_.tmp.dll
c:\windows\system32\_004362_.tmp.dll
c:\windows\system32\_004363_.tmp.dll
c:\windows\system32\_004367_.tmp.dll
c:\windows\system32\_004368_.tmp.dll
c:\windows\system32\_004370_.tmp.dll
c:\windows\system32\_004371_.tmp.dll
c:\windows\system32\_004372_.tmp.dll
c:\windows\system32\_004373_.tmp.dll
c:\windows\system32\_004374_.tmp.dll
c:\windows\system32\_004375_.tmp.dll
c:\windows\system32\_004376_.tmp.dll
c:\windows\system32\_004377_.tmp.dll
c:\windows\system32\_004378_.tmp.dll
c:\windows\system32\_004379_.tmp.dll
c:\windows\system32\_004381_.tmp.dll
c:\windows\system32\_004382_.tmp.dll
c:\windows\system32\_004383_.tmp.dll
c:\windows\system32\_004384_.tmp.dll
c:\windows\system32\_004385_.tmp.dll
c:\windows\system32\_004386_.tmp.dll
c:\windows\system32\_004387_.tmp.dll
c:\windows\system32\_004390_.tmp.dll
c:\windows\system32\_004391_.tmp.dll
c:\windows\system32\_004392_.tmp.dll
c:\windows\system32\_004393_.tmp.dll
c:\windows\system32\_004394_.tmp.dll
c:\windows\system32\_004396_.tmp.dll
c:\windows\system32\_004397_.tmp.dll
c:\windows\system32\_004398_.tmp.dll
c:\windows\system32\_004400_.tmp.dll
c:\windows\system32\_004403_.tmp.dll
c:\windows\system32\_004404_.tmp.dll
c:\windows\system32\_004408_.tmp.dll
c:\windows\system32\_004409_.tmp.dll
c:\windows\system32\_004411_.tmp.dll
c:\windows\system32\_004414_.tmp.dll
c:\windows\system32\_004416_.tmp.dll
c:\windows\system32\_004417_.tmp.dll
c:\windows\system32\_004418_.tmp.dll
c:\windows\system32\_004419_.tmp.dll
c:\windows\system32\_004422_.tmp.dll
c:\windows\system32\_004423_.tmp.dll
c:\windows\system32\_004424_.tmp.dll
c:\windows\system32\_004425_.tmp.dll
c:\windows\system32\_004426_.tmp.dll
c:\windows\system32\_004431_.tmp.dll
c:\windows\system32\_004433_.tmp.dll
c:\windows\system32\_004434_.tmp.dll
c:\windows\system32\drivers\Sonyhcp.dll
c:\windows\system32\Dvbpws.dll
c:\windows\system32\SET40E.tmp
c:\windows\system32\SET98E.tmp
J:\autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-07-28 to 2009-08-29 )))))))))))))))))))))))))))))))
.

2009-08-23 02:59 . 2009-08-28 08:33 -------- d-----w- C:\rsit
2009-08-23 02:58 . 2009-08-23 02:58 -------- d-----w- C:\Rooter$
2009-08-18 08:51 . 2009-08-18 08:51 -------- d-sh--w- c:\documents and settings\User\IECompatCache
2009-08-18 08:50 . 2009-08-18 08:50 -------- d-sh--w- c:\documents and settings\User\PrivacIE
2009-08-18 08:38 . 2009-08-18 08:38 -------- d-sh--w- c:\documents and settings\User\IETldCache
2009-08-18 07:41 . 2009-07-03 17:09 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-08-18 07:41 . 2009-07-03 17:09 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-08-18 07:41 . 2009-08-18 07:41 -------- d-----w- c:\windows\ie8updates
2009-08-18 07:40 . 2009-07-01 07:08 101376 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-08-18 07:38 . 2009-08-18 07:40 -------- dc-h--w- c:\windows\ie8
2009-08-15 17:00 . 2009-08-15 17:00 -------- d-----w- c:\program files\MSXML 4.0
2009-08-15 08:06 . 2006-02-28 12:00 4224 -c--a-w- c:\windows\system32\dllcache\beep.sys
2009-08-15 08:06 . 2006-02-28 12:00 4224 ----a-w- c:\windows\system32\drivers\beep.sys
2009-08-15 07:07 . 2009-08-15 07:07 -------- d-----w- c:\program files\MSSOAP
2009-08-13 12:06 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-12 12:29 . 2009-08-12 12:29 164 ----a-w- c:\windows\install.dat
2009-08-05 09:01 . 2009-08-05 09:01 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-03 08:03 . 2008-04-14 00:12 151552 -c--a-w- c:\windows\system32\dllcache\irftp.exe
2009-08-03 08:03 . 2008-04-14 00:12 151552 ----a-w- c:\windows\system32\irftp.exe
2009-08-03 08:03 . 2008-04-14 00:12 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2009-08-03 08:03 . 2008-04-14 00:12 8192 ----a-w- c:\windows\system32\wshirda.dll
2009-08-03 08:03 . 2008-04-14 00:11 28160 -c--a-w- c:\windows\system32\dllcache\irmon.dll
2009-08-03 08:03 . 2008-04-14 00:11 28160 ----a-w- c:\windows\system32\irmon.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-29 03:44 . 2009-06-13 08:19 117760 ----a-w- c:\documents and settings\User\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-08-29 03:42 . 2008-07-09 22:03 81984 ----a-w- c:\windows\system32\bdod.bin
2009-08-25 10:31 . 2008-07-12 10:08 -------- d-----w- c:\program files\Ahead
2009-08-25 10:30 . 2008-01-09 07:30 -------- d-----w- c:\program files\Common Files\Ahead
2009-08-22 08:01 . 2008-10-17 03:01 104456 ----a-w- c:\windows\system32\drivers\bdfndisf.sys
2009-08-16 11:59 . 2008-10-15 06:52 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-16 11:58 . 2008-10-15 06:52 -------- d-----w- c:\program files\SpywareBlaster
2009-08-15 08:27 . 2008-02-20 11:23 -------- d-----w- c:\program files\LimeWire
2009-08-15 07:14 . 2008-02-19 08:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Webroot
2009-08-14 08:13 . 2008-10-15 06:58 -------- d-----w- c:\program files\SpywareGuard
2009-08-13 12:18 . 2008-12-18 01:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-13 12:15 . 2009-02-07 05:28 3942047 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-08-05 09:01 . 2006-02-28 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 03:36 . 2008-12-18 01:10 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 03:36 . 2008-12-18 01:10 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-29 20:02 . 2009-06-13 08:17 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-07-23 12:12 . 2009-07-23 12:06 -------- d-----w- c:\program files\VIRGIN BROADBAND
2009-07-17 19:01 . 2006-02-28 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-15 06:08 . 2008-01-27 19:26 -------- d-----w- c:\documents and settings\User\Application Data\uTorrent
2009-07-13 13:43 . 2006-02-28 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2006-02-28 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-25 08:25 . 2008-09-14 10:17 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2008-09-14 10:17 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:25 . 2008-09-14 10:17 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2006-02-28 12:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2006-02-28 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2006-02-28 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-24 11:18 . 2008-09-14 10:17 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:36 . 2006-02-28 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2006-02-28 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 12:31 . 2006-02-28 12:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2006-02-28 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:14 . 2008-09-14 10:17 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-09 23:19 . 2008-01-09 06:47 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-03 19:09 . 2006-02-28 12:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-04-02 10:50 . 2008-10-30 06:34 49664 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-07-29 1830128]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-04 8523776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-04 81920]
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-08-22 782336]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2009-04-02 69632]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-04-12 16132608]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\User\Start Menu\Programs\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 02:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\User\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^AutoBackup Launcher.lnk]
path=c:\documents and settings\User\Start Menu\Programs\Startup\AutoBackup Launcher.lnk
backup=c:\windows\pss\AutoBackup Launcher.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]
path=c:\documents and settings\User\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk
backup=c:\windows\pss\Picture Motion Browser Media Check Tool.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk]
path=c:\documents and settings\User\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk
backup=c:\windows\pss\RollerCoaster Tycoon 3 Registration.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeper.exe"=
"c:\\Program Files\\Memeo\\AutoBackup\\MemeoService.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Adobe\\Photoshop Elements 6.0\\PhotoshopElementsFileAgent.exe"=
"c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=
"c:\\Program Files\\WinFast\\WFDTV\\DVBTAP.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2/04/2009 2:30 PM 29808]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [26/05/2009 10:05 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [26/05/2009 10:05 AM 72944]
R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [4/09/2008 3:33 PM 82696]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Spy Sweeper\WRConsumerService.exe [15/08/2009 5:08 PM 1181040]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [18/09/2008 10:09 AM 111112]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [17/10/2008 1:01 PM 104456]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [26/05/2009 10:05 AM 7408]
R3 WFSONORA;WinFast PxDVR3200 H;c:\windows\system32\drivers\wfsonora.sys [11/08/2008 6:34 PM 313472]
S1 soqwx32;soqwx32;\??\c:\windows\system32\drivers\soqwx32.sys --> c:\windows\system32\drivers\soqwx32.sys [?]
S2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [10/09/2007 11:45 PM 124832]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [17/07/2008 11:06 AM 118784]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [9/02/2008 8:46 PM 20856]
S3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFDTV\WFIOCTL.sys [11/08/2008 6:39 PM 9446]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-08-28 c:\windows\Tasks\wrSpySweeper_LB564713FDF4745268460C83B25B8BC4B.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-02-19 03:32]

2009-08-28 c:\windows\Tasks\wrSpySweeper_LB564713FDF4745268460C83B25B8BC4B.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-02-19 03:32]

2009-08-26 c:\windows\Tasks\wrSpySweeper_LE04E83C346474762855CCEBEEDDABDB1.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-02-19 03:32]

2009-08-26 c:\windows\Tasks\wrSpySweeper_LE04E83C346474762855CCEBEEDDABDB1.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-02-19 03:32]

2009-08-28 c:\windows\Tasks\wrSpySweeper_LF80B1552B81349948EB3AF9F8C6F0EDD.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-02-19 03:32]

2009-08-28 c:\windows\Tasks\wrSpySweeper_LF80B1552B81349948EB3AF9F8C6F0EDD.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-02-19 03:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bigpond.com/
uInternet Settings,ProxyServer = 192.104.67.250:8080
uInternet Settings,ProxyOverride = *.local
DPF: {F1D54B0B-B6EA-43B5-BD26-A79D3DBF47E3} - hxxp://bigpondmusic.com/activex/multidownx.cab
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\n4p69l3w.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.bigpond.com/
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npagent.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-29 14:01
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"NoChange"="1"
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
@=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1180)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
Completion time: 2009-08-29 14:21
ComboFix-quarantined-files.txt 2009-08-29 04:21

Pre-Run: 143,291,723,776 bytes free
Post-Run: 144,055,480,320 bytes free

300 --- E O F --- 2009-08-27 12:18
paulis
Active Member
 
Posts: 6
Joined: August 18th, 2009, 3:30 am

Re: Please Help virtumonde Kobcka.rootkit also HUER rootkit

Unread postby Cypher » August 30th, 2009, 12:38 pm

Hi paul.

Is there some reason you did not install the Recovery Console. With malware infections being as they are today, it's strongly recommended to have the Windows Recovery Console pre-installed on your machine before doing any malware removal. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
  • Go to Microsoft's website => http://support.microsoft.com/kb/310994
  • Select the download that's appropriate for your Operating System
    Image
  • Download the file & save it as it's originally named. Save the file to the desktop of your computer
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    Image
  • Drag the setup package onto ComboFix.exe and drop it
  • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console
    Image
  • At the next prompt, click No to exit

Next.

Disable BitDefender

1. Right Click on the BitDefender icon in your task bar.
2. Select the advanced Settings.
3. Select Advanced on the down/left corner.
4. You can find a check box there that lets you disable BitDefender.
Please renable BitDefender as soon as Combofix is done.

Next

ComboFix - CFScript
This script is for this user and computer ONLY! Using this tool incorrectly could cause problems with your operating system... preventing it from ever starting again!
You will not have Internet access when you execute ComboFix. All open windows will need to be closed!
  1. Please open Notepad and copy/paste all the text below... into the window:
    Code: Select all
    File::
    C:\WINDOWS\system32\zayuvosu.dll
    C:\WINDOWS\bdagent.INI
    c:\windows\system32\drivers\soqwx32.sys
    
    Folder::
    c:\documents and settings\User\Application Data\uTorrent
    C:\Program Files\LimeWire
    C:\DOCUME~1\User\Desktop\Programs\Garmin Mobile XT for Windows Mobile v.5.00.20w
    C:\DOCUME~1\User\Desktop\Programs\Tomtom navigator V_7 Western Europe by hackwarez-crew.com
    C:\DOCUME~1\User\My Documents\Old PC\To Be Moved\downloads\3Gp Video Converter
    C:\DOCUME~1\User\Desktop\Programs\Nero 9.2.5.0+Keygen[h33t]MasterUploader
    
    Driver::
    soqwx32.sys
    
    
  2. Save it to your desktop as CFScript.txt
  3. Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows.
    *Only* when the 2 items above (Step 3) have been taken care of...
  4. Drag the CFScript.txt (icon) into the ComboFix.exe icon... as seen in the image below:
    Image
    This will cause ComboFix to run again.
    Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash.
    Do Not touch your computer when ComboFix is running!
  5. When finished ComboFix will create a log file... you can save this file to a convenient place.
Please copy/paste the ComboFix log file in your next reply.
** Enable your Antivirus before connecting to the Internet again! **

In your next reply.

1. ComboFix log.
2. Please tell me how your computer is performing now.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Please Help virtumonde Kobcka.rootkit also HUER rootkit

Unread postby silver » September 3rd, 2009, 9:41 pm

Due to a Lack of Response this topic is now closed.

If you still require help, please open a new thread in the Malware Removal forum.

If you have been helped and wish to donate to help with the costs of this volunteer site,
please read Donations For Malware Removal
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 50 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware