Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Clean or not?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Clean or not?

Unread postby mdr » October 1st, 2009, 12:34 am

As another computer in my network had been infected, I ran Combofix (downloaded from geekstogo) on my own computer, although my virusscanner and online ones reported no problems (OK, maybe I should have posted a hijackthis log here first, sorry).
The results of Combofix were:

ComboFix 09-09-29.04 - Administrator 09/30/2009 21:58.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2510 [GMT 2:00]
Running from: c:\documents and settings\mdr\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Start Menu\HP Image Zone .lnk
c:\windows\AUTOLNCH.REG
c:\windows\Installer\d418e6.msi
c:\windows\Installer\WMEncoder.msi

.
((((((((((((((((((((((((( Files Created from 2009-08-28 to 2009-09-30 )))))))))))))))))))))))))))))))
.

2009-09-26 15:33 . 2009-09-26 15:33 -------- d-----w- c:\documents and settings\mdr\Local Settings\Application Data\Temp
2009-09-10 19:42 . 2009-09-10 19:43 -------- d-----w- c:\documents and settings\mdr\Application Data\HpUpdate
2009-09-10 19:42 . 2009-09-10 19:42 -------- d-----w- c:\windows\Hewlett-Packard
2009-09-08 17:26 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-30 19:55 . 2007-01-04 21:40 -------- d-----w- c:\documents and settings\mdr\Application Data\Comodo
2009-09-30 19:55 . 2007-01-04 21:35 -------- d-----w- c:\program files\Comodo
2009-09-30 19:51 . 2006-01-27 20:39 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-09-30 19:50 . 2006-01-27 20:39 -------- d-----w- c:\program files\Symantec
2009-09-30 19:50 . 2006-01-27 20:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-09-29 19:54 . 2008-03-01 22:36 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-29 19:54 . 2007-10-07 11:04 -------- d-----w- c:\program files\SpywareBlaster
2009-09-28 19:57 . 2009-07-31 20:31 -------- d-----w- c:\documents and settings\mdr\Application Data\FileZilla
2009-09-26 15:34 . 2006-10-03 19:20 -------- d-----w- c:\program files\Google
2009-09-21 05:31 . 2009-07-19 11:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-20 13:04 . 2009-07-31 20:31 -------- d-----w- c:\program files\FileZilla FTP Client
2009-09-12 18:07 . 2007-05-02 02:58 -------- d-----w- c:\program files\Java
2009-09-10 20:12 . 2006-01-28 09:08 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-10 19:43 . 2006-09-30 12:19 -------- d-----w- c:\program files\HP
2009-09-10 12:54 . 2009-07-19 11:02 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 12:53 . 2009-07-19 11:02 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-03 14:44 . 2007-12-27 18:19 -------- d-----w- c:\program files\PeerGuardian2
2009-08-09 21:38 . 2009-07-07 04:12 -------- d-----w- c:\program files\Panda Security
2009-08-06 17:53 . 2009-08-06 17:53 -------- d-----w- c:\program files\Softland
2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 13:07 . 2009-08-03 13:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 13:07 . 2009-08-03 13:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 13:07 . 2009-08-03 13:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
2009-08-02 13:45 . 2009-08-02 13:45 -------- d-----w- c:\documents and settings\mdr\Application Data\Artisteer
2009-07-25 03:23 . 2008-12-17 14:53 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-17 19:01 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 21:43 . 2004-08-04 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-13 09:22 . 2009-07-13 09:22 21419 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-07-09 15:29 . 2009-07-09 15:29 103728 ----a-w- c:\windows\system32\sqlfunc.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Blue]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2008-08-18 08:51 527304 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2008-08-18 08:51 527304 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Blue]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2008-08-18 08:51 527304 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Red]
@="{01CCCC8C-1D50-4b13-B96D-4B922DD3128B}"
[HKEY_CLASSES_ROOT\CLSID\{01CCCC8C-1D50-4b13-B96D-4B922DD3128B}]
2008-08-18 08:51 527304 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2008-08-18 08:51 527304 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-02 13529088]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2003-05-15 163840]
"EfreeSoft Boss Key"="c:\program files\Mgboss\mgboss.exe" [2005-08-03 261632]
"Acronis True Image Monitor"="c:\program files\Acronis\TrueImage\TrueImageMonitor.exe" [2006-01-30 423364]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2006-01-30 90112]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-10 289064]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 77824]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2008-08-18 600008]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"CTHelper"="CTHELPER.EXE" - c:\windows\system32\CtHelper.exe [2007-04-09 19456]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-02 1630208]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\ntvdm.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire Plus\\LimeWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

S2 gupdate1c9dada2d0a77da;Google Updateservice (gupdate1c9dada2d0a77da);c:\program files\Google\Update\GoogleUpdate.exe [5/22/2009 2:38 PM 133104]
S3 BS_DEF;BS_DEF;c:\windows\BS_DEF.sys [7/12/2008 11:53 AM 48579]
S3 CTL511Plus;Video Blaster WebCam 3/WebCam Plus (WDM);c:\windows\system32\drivers\webc3vid.sys [10/14/2007 5:36 PM 166504]
S3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;c:\windows\system32\drivers\aabed2.sys [9/12/2008 5:38 PM 21888]
S3 GemCCID;GemCCID;c:\windows\system32\drivers\GemCCID.sys [4/4/2008 10:02 AM 87424]
S3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCCFLTR.SYS [1/29/2006 8:40 PM 14095]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [7/13/2009 11:22 AM 644096]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - PGFILTER
.
Contents of the 'Scheduled Tasks' folder

2009-08-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 15:57]

2009-09-30 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-22 12:36]

2009-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-22 12:38]

2009-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-22 12:38]

2009-09-06 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-07-09 07:22]

2009-09-30 c:\windows\Tasks\SyncBackSE Backup Data bestanden van C.job
- c:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2008-01-27 15:20]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-COMODO Firewall Pro - c:\program files\Comodo\Firewall\cfp.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-30 22:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-09-30 22:02
ComboFix-quarantined-files.txt 2009-09-30 20:02

Pre-Run: 267,710,193,664 bytes free
Post-Run: 267,661,475,840 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

164 --- E O F --- 2009-09-20 16:25


I just now downloaded Hijackthis 2.02 from Trendmicro. A run resulted in:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:24:32, on 1-10-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Mgboss\mgboss.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hcc.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: CutePDF Form Filler - {D41289F2-69C6-417B-897E-C653D677CBAF} - C:\Program Files\Acro Software\CutePDF Pro\CPFillerCo.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [zBrowser Launcher] "C:\Program Files\Logitech\iTouch\iTouch.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [EfreeSoft Boss Key] "C:\Program Files\Mgboss\mgboss.exe" -min
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Acronis True Image Monitor] "C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [amd_dc_opt] "C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\Comodo\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [PeerGuardian] "C:\Program Files\PeerGuardian2\pg2.exe"
O4 - HKCU\..\Run: [SuperCleaner] "C:\Program Files\SuperCleaner\SuperCleaner.exe" /h/b
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 8413972359
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 8317616765
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updateservice (gupdate1c9dada2d0a77da) (gupdate1c9dada2d0a77da) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 9376 bytes

Can anyone inform me about any suspicious items left?
Thanks in advance!
mdr
Regular Member
 
Posts: 23
Joined: September 13th, 2007, 11:19 am
Advertisement
Register to Remove

Re: Clean or not?

Unread postby turtledove » October 5th, 2009, 8:17 pm

Hello mdr and welcome to the forums :)

I am turtledove, and will be assisting you with your log.
If you still need assistance, please do the following:

*Print all instructions or Copy to Notepad for reference.
*Please note, unless I'm notified ahead of time, this topic will close if there is not a response in 3 Days.
*Place a link to this thread in your Favorites/Bookmarks for easily returning here.
*Please respond until I give the all clear, as absence of symptoms does NOT always mean Clean.
*Please do not run any other tools/scans unless requested*
**Please be sure you have read the Notice about Peer to Peer File Sharing Programs at the top of this forum**
Link: http://www.malwareremoval.com/forum/viewtopic.php?f=11&t=33112
*If you can do the above all should go well.

**As I am an Undergrad, my responses will be approved by an Expert/Teacher before I post to you; therefore it may take a tad bit more time to reply.
Thanks for your patience.


Since it has been some time since your above post, please post the following logs. I will go over the new logs and return as soon as possible.

Step 1
Please make an Uninstall list :
To access the Uninstall Manager, please do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file.
Simply copy and paste the contents of that notepad here on your next reply.

Step 2
Rerun HijackThis and Save the log.

Post the New HijackThis and the Uninstall list using the Reply button.

Thank you
turtledove
User avatar
turtledove
Retired Graduate
 
Posts: 4398
Joined: February 13th, 2006, 3:26 am
Location: California

Re: Clean or not?

Unread postby mdr » October 6th, 2009, 4:37 pm

Hi turtledove,

Indeed good to do a rerun of everything.
I did a check yesterday with the Malwarebytes Antymalware prog and it came up with another infection. I deleted it ("worm agent" according to the prog).
For now, I will stop doing things by myself and will await your answers.
Thanks in advance!

So, here is the requested information of the uninstall manager:

Aangifte inkomstenbelasting 2007
Aangifte inkomstenbelasting 2008
ABN AMRO e.dentifier2 software
ABN AMRO Electronic Banking
ACDSee 7.0 PowerPack
Acronis True Image
Active@ UNDELETE Enterprise (Network Edition)
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.6
Adobe Shockwave Player 11
Advanced SystemCare 3
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
AxCrypt (Remove Only)
Bonjour
Carbonite
Citrix XenApp Web Plugin
COMODO Internet Security
Compatibility Pack for the 2007 Office system
Creative Audio Console
Creative Video Blaster WebCam 3 USB/WebCam Plus Driver
Critical Update for Windows Media Player 11 (KB959772)
CutePDF Professional 3.3
CutePDF Writer 2.6
Dual-Core Optimizer
EfreeSoft Boss Key Version 3.30
Eraser
Eraser
eWebEditPro 2.0 Client
Free 3GP Video Converter version 2.4
Free Mp3 Wma Converter V 1.8.0
Free Video Dub version 1.2
Free YouTube to iPod Converter version 2.8
GdiplusUpgrade
Google Earth
Google Earth Plug-in
Google Update Helper
Google Updater
Heroes of Might and Magic® IV: Winds of War
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
HP Image Zone 5.3
HP Imaging Device Functions 5.3
HP Product Assistant
HP Scanjet 4370
HP Solution Center & Imaging Support Tools 5.3
HP Update
iTunes
Java(TM) 6 Update 15
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
K-Lite Codec Pack 2.70 Basic
LimeWire Plus 1.6
LiveUpdate 2.0 (Symantec Corporation)
Logitech iTouch Software
Malwarebytes' Anti-Malware
MediaJoin
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Proofing Tools
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Nero 6 Ultra Edition
Nero BurnRights
NVIDIA Drivers
OGA Notifier 2.0.0048.0
PeerGuardian 2.0
QuickTime
RegVac Registry Cleaner 4.02 (Registered Version)
Revo Uninstaller 1.83
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Smart Defrag 1.20
SpamBayes 1.0.4
Spelling Dictionaries Support For Adobe Reader 8
Spybot - Search & Destroy
SpywareBlaster 4.2
SuperCleaner
Symantec AntiVirus
SyncBackSE
TomTom HOME
Uninstall 1.0.0.0
Unit 4 Agresso PDF printer (novaPDF 6.2 printer)
Unit 4 Multivers
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB973815)
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Genuine Advantage v1.3.0254.0
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix - KB894476
Windows Media Player 11
Windows Media Player 11
Windows Mobile® Device Handbook
Windows XP Service Pack 3
WinRAR archiver

The new hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:27:08, on 6-10-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Mgboss\mgboss.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hcc.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: CutePDF Form Filler - {D41289F2-69C6-417B-897E-C653D677CBAF} - C:\Program Files\Acro Software\CutePDF Pro\CPFillerCo.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [zBrowser Launcher] "C:\Program Files\Logitech\iTouch\iTouch.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [EfreeSoft Boss Key] "C:\Program Files\Mgboss\mgboss.exe" -min
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Acronis True Image Monitor] "C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [amd_dc_opt] "C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\Comodo\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [PeerGuardian] "C:\Program Files\PeerGuardian2\pg2.exe"
O4 - HKCU\..\Run: [SuperCleaner] "C:\Program Files\SuperCleaner\SuperCleaner.exe" /h/b
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 8413972359
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 8317616765
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CarboniteService - Carbonite, Inc. (http://www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updateservice (gupdate1c9dada2d0a77da) (gupdate1c9dada2d0a77da) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 9815 bytes
mdr
Regular Member
 
Posts: 23
Joined: September 13th, 2007, 11:19 am

Re: Clean or not?

Unread postby turtledove » October 10th, 2009, 3:57 am

Hello mdr, sorry for the delay, we are very busy of late. Thank you for the logs. A few items to start with.
*Please copy/print all instructions and follow in order*
**Please run no other tools/scans unless asked**


Step 1
Remove P2P software
While looking over your log, I have noticed the following Peer-to-Peer filesharing programs are present on your computer:

LimeWire Plus 1.6

These programs are the #1 source of infected systems. Although the software itself can be clean, the files you download are often infected with malware. Because of this, we do not allow P2P software present on machines we're cleaning anymore..

This means you must remove the above Peer-to-Peer filesharing programs and any others present on your machine. For a fully explanation of our policy, please read the following P2P Program Policy.

**The following program remove also, as it can be problematic in removing malware.

    PeerGuardian2

    The following are outdated and vulnerable, we will update Adobe later:
    Adobe Reader 8.1.6
    Java(TM) 6 Update 2
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Java(TM) SE Runtime Environment 6 Update 1

You can uninstall these programs in the Control Panel -> Add/remove Programs. Please do so before continuing.



Step 2

Download and Run RSIT
  • Please download Random's System Information Tool by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open:
    • log.txt will be opened maximized.
    • info.txt will be opened minimized.
  • Please post the contents of both log.txt and info.txt.



Step 3

Please go to C:\Documents and Settings\<your username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Post that log please.

**Important**
You are using Comodo Suite and Symantec Anti Virus. Using two Anti Virus products will slow down your system, as well as cause conflicting results.
Please let me know if you are using ALL of the Comodo Suite, and if so, we need to uninstall Symantec; especially if it is out of date.

****Note: Do NOT run Combofix again without being guided by a trained helper. It can lead to many issues if used incorrectly.


Did you install this: EfreeSoft Boss Key? Please answer in next post.



Post
C:\RSIT\ log.txt and info.txt
C:\Documents and Settings\<your username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\[b]mbam-log-date
Which Anti Virus you prefer, and is current and which to uninstall
Also, from your uninstall list, the top listed program-- what language is that?
Thank you

TD
User avatar
turtledove
Retired Graduate
 
Posts: 4398
Joined: February 13th, 2006, 3:26 am
Location: California

Re: Clean or not?

Unread postby mdr » October 10th, 2009, 8:22 am

Hi TD,

I removed the programs you mentioned.
However, please advise on a simple pdf reader, I cannot do without one. Maybe Sumatra pdf, from http://blog.kowalczyk.info/article/Suma ... lease.html?

OK, this is the log.txt from RSIT:

Logfile of random's system information tool 1.06 (written by random/random)
Run by mdr at 2009-10-10 13:57:40
Microsoft Windows XP Professional Service Pack 3
System drive C: has 254 GB (89%) free of 286 GB
Total RAM: 3071 MB (77% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:58:35, on 10-10-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Mgboss\mgboss.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\mdr\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\mdr.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hcc.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: CutePDF Form Filler - {D41289F2-69C6-417B-897E-C653D677CBAF} - C:\Program Files\Acro Software\CutePDF Pro\CPFillerCo.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [zBrowser Launcher] "C:\Program Files\Logitech\iTouch\iTouch.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [EfreeSoft Boss Key] "C:\Program Files\Mgboss\mgboss.exe" -min
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Acronis True Image Monitor] "C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [amd_dc_opt] "C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\Comodo\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SuperCleaner] "C:\Program Files\SuperCleaner\SuperCleaner.exe" /h/b
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 8413972359
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 8317616765
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CarboniteService - Carbonite, Inc. (http://www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updateservice (gupdate1c9dada2d0a77da) (gupdate1c9dada2d0a77da) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 9320 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\SyncBackSE Backup Data bestanden van C.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-05-22 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D41289F2-69C6-417B-897E-C653D677CBAF}]
CutePDF Form Filler Helper - C:\Program Files\Acro Software\CutePDF Pro\CPFillerCo.dll [2006-10-23 493368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-02 13529088]
"zBrowser Launcher"=C:\Program Files\Logitech\iTouch\iTouch.exe [2004-03-18 892928]
"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\point32.exe [2003-05-16 163840]
"EfreeSoft Boss Key"=C:\Program Files\Mgboss\mgboss.exe [2005-08-03 261632]
"CTHelper"=C:\WINDOWS\system32\CTHELPER.EXE [2007-04-09 19456]
"Acronis True Image Monitor"=C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe [2006-01-30 423364]
"Acronis Scheduler2 Service"=C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [2006-01-30 90112]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-10 116040]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-10 289064]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"nwiz"=nwiz.exe /install []
"amd_dc_opt"=C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2007-07-23 77824]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]
"Carbonite Backup"=C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe [2008-08-18 600008]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2004-02-29 66680]
"vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe [2004-03-12 124128]
"COMODO Internet Security"=C:\Program Files\Comodo\COMODO Internet Security\cfp.exe [2009-09-30 1799952]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]
"SuperCleaner"=C:\Program Files\SuperCleaner\SuperCleaner.exe [2009-01-11 569344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=" C:\WINDOWS\system32\guard32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2004-03-12 83176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=223

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoResolveSearch"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\WINDOWS\system32\ntvdm.exe"="C:\WINDOWS\system32\ntvdm.exe:*:Enabled:NTVDM.EXE"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{adea8c84-6f8e-11de-9e2d-0015f24d2e92}]
shell\AutoRun\command - G:\AutoInst.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2a4650e-8719-11dd-bce8-0015f24d2e92}]
shell\AutoRun\command - G:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2009-10-10 13:57:40 ----D---- C:\rsit
2009-10-01 06:24:03 ----D---- C:\Program Files\Trend Micro
2009-09-30 22:36:37 ----D---- C:\Documents and Settings\All Users\Application Data\Comodo
2009-09-30 22:36:35 ----A---- C:\WINDOWS\system32\guard32.dll
2009-09-30 22:24:42 ----A---- C:\WINDOWS\system32\S32EVNT1.DLL
2009-09-30 22:24:40 ----D---- C:\Program Files\Symantec
2009-09-30 22:24:36 ----D---- C:\Program Files\Symantec AntiVirus
2009-09-30 22:06:26 ----SHD---- C:\RECYCLER
2009-09-30 22:02:09 ----D---- C:\WINDOWS\temp
2009-09-30 22:02:07 ----A---- C:\ComboFix.txt
2009-09-30 21:57:57 ----A---- C:\Boot.bak
2009-09-30 21:57:55 ----RASHD---- C:\cmdcons
2009-09-30 21:57:03 ----A---- C:\WINDOWS\zip.exe
2009-09-30 21:57:03 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-09-30 21:57:03 ----A---- C:\WINDOWS\SWSC.exe
2009-09-30 21:57:03 ----A---- C:\WINDOWS\SWREG.exe
2009-09-30 21:57:03 ----A---- C:\WINDOWS\sed.exe
2009-09-30 21:57:03 ----A---- C:\WINDOWS\PEV.exe
2009-09-30 21:57:03 ----A---- C:\WINDOWS\NIRCMD.exe
2009-09-30 21:57:03 ----A---- C:\WINDOWS\grep.exe
2009-09-30 21:56:59 ----D---- C:\WINDOWS\ERDNT
2009-09-30 21:56:43 ----D---- C:\Qoobox
2009-09-30 21:50:24 ----D---- C:\Config.Msi
2009-09-20 18:25:25 ----D---- C:\WINDOWS\system32\zh-TW
2009-09-20 18:25:25 ----D---- C:\WINDOWS\system32\zh-HK
2009-09-20 18:25:25 ----D---- C:\WINDOWS\system32\tr-TR
2009-09-20 18:25:25 ----D---- C:\WINDOWS\system32\sv-SE
2009-09-20 18:25:25 ----D---- C:\WINDOWS\system32\pt-BR
2009-09-20 18:25:25 ----D---- C:\WINDOWS\system32\nl-NL
2009-09-20 18:25:25 ----D---- C:\WINDOWS\system32\nb-NO
2009-09-20 18:25:25 ----D---- C:\WINDOWS\system32\ko-KR
2009-09-20 18:25:25 ----D---- C:\WINDOWS\system32\it-IT
2009-09-20 18:25:25 ----D---- C:\WINDOWS\system32\he-IL
2009-09-20 18:25:25 ----D---- C:\WINDOWS\system32\fr-FR
2009-09-20 18:25:25 ----D---- C:\WINDOWS\system32\fi-FI
2009-09-20 18:25:25 ----D---- C:\WINDOWS\system32\es-ES
2009-09-20 18:25:25 ----D---- C:\WINDOWS\system32\el-GR
2009-09-20 18:25:25 ----D---- C:\WINDOWS\system32\de-DE
2009-09-20 18:25:25 ----D---- C:\WINDOWS\system32\da-DK
2009-09-20 18:25:25 ----D---- C:\WINDOWS\system32\ar-SA
2009-09-12 20:07:22 ----A---- C:\WINDOWS\system32\javaws.exe
2009-09-12 20:07:22 ----A---- C:\WINDOWS\system32\javaw.exe
2009-09-12 20:07:22 ----A---- C:\WINDOWS\system32\java.exe

======List of files/folders modified in the last 1 months======

2009-10-10 13:57:59 ----D---- C:\WINDOWS\Prefetch
2009-10-10 13:49:49 ----A---- C:\WINDOWS\iTouch.ini
2009-10-10 13:49:20 ----SD---- C:\WINDOWS\Tasks
2009-10-10 13:49:09 ----D---- C:\WINDOWS\system32\CatRoot2
2009-10-10 13:48:05 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-10-10 13:47:57 ----A---- C:\WINDOWS\{00000005-00000000-00000008-00001102-00000008-10211102}.BAK
2009-10-10 13:45:51 ----SHD---- C:\WINDOWS\Installer
2009-10-10 13:45:47 ----D---- C:\WINDOWS\WinSxS
2009-10-10 13:45:19 ----D---- C:\Program Files\Common Files\Adobe
2009-10-10 13:45:19 ----D---- C:\Program Files\Adobe
2009-10-10 13:45:18 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-10-10 13:44:51 ----D---- C:\WINDOWS\system32
2009-10-10 13:43:53 ----RD---- C:\Program Files
2009-10-10 13:42:30 ----D---- C:\Documents and Settings\mdr\Application Data\LimeWirePlus
2009-10-10 13:40:03 ----D---- C:\Program Files\Java
2009-10-10 13:00:27 ----SHD---- C:\System Volume Information
2009-10-10 13:00:14 ----D---- C:\WINDOWS\repair
2009-10-10 12:34:46 ----D---- C:\WINDOWS\Registration
2009-10-10 12:25:34 ----D---- C:\WINDOWS
2009-10-10 11:06:03 ----A---- C:\WINDOWS\ntbtlog.txt
2009-10-09 22:42:55 ----D---- C:\Documents and Settings\mdr\Application Data\FileZilla
2009-10-08 23:03:03 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-10-08 23:03:00 ----D---- C:\Program Files\SpywareBlaster
2009-10-08 20:56:53 ----A---- C:\WINDOWS\HNKZ.INI
2009-10-08 20:55:28 ----A---- C:\WINDOWS\cdlli42.INI
2009-10-07 21:30:58 ----D---- C:\WINDOWS\system32\NtmsData
2009-10-05 17:38:39 ----D---- C:\Program Files\FileZilla FTP Client
2009-09-30 23:27:32 ----D---- C:\Program Files\Comodo
2009-09-30 22:36:35 ----D---- C:\WINDOWS\system32\drivers
2009-09-30 22:25:04 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-09-30 22:24:36 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2009-09-30 22:17:35 ----D---- C:\WINDOWS\system32\config
2009-09-30 22:15:35 ----D---- C:\WINDOWS\system32\RegVac
2009-09-30 22:10:50 ----D---- C:\Program Files\RegVac Registry Cleaner
2009-09-30 22:02:14 ----A---- C:\WINDOWS\OEWABLog.txt
2009-09-30 22:00:58 ----A---- C:\WINDOWS\system.ini
2009-09-30 22:00:08 ----D---- C:\WINDOWS\AppPatch
2009-09-30 22:00:06 ----D---- C:\Program Files\Common Files
2009-09-30 21:57:57 ----RASH---- C:\boot.ini
2009-09-30 21:55:25 ----D---- C:\Documents and Settings\mdr\Application Data\Comodo
2009-09-28 21:51:54 ----D---- C:\WINDOWS\twain_32
2009-09-28 21:37:49 ----A---- C:\WINDOWS\NeroDigital.ini
2009-09-26 17:34:37 ----D---- C:\Program Files\Google
2009-09-24 23:42:04 ----D---- C:\Documents and Settings
2009-09-23 23:49:47 ----HD---- C:\WINDOWS\inf
2009-09-21 07:31:26 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-09-20 18:36:50 ----D---- C:\Temp
2009-09-20 18:25:25 ----D---- C:\WINDOWS\system32\en-US
2009-09-20 06:11:17 ----RSHDC---- C:\WINDOWS\system32\dllcache

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 36864]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2009-09-30 132296]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2009-09-30 25160]
R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec AntiVirus\savrt.sys []
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2004-03-11 263616]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.5.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-07-13 21419]
R2 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys []
R2 tifsfilter;Acronis TrueImage FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2006-01-30 29824]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 AmdLLD;AMD Low Level Device Driver; C:\WINDOWS\system32\DRIVERS\AmdLLD.sys [2007-06-29 34304]
R3 COMMONFX.DLL;COMMONFX.DLL; C:\WINDOWS\system32\COMMONFX.DLL [2007-04-18 98600]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\system32\drivers\ctac32k.sys [2007-04-10 511272]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2007-04-10 520488]
R3 CTAUDFX.DLL;CTAUDFX.DLL; C:\WINDOWS\system32\CTAUDFX.DLL [2007-04-12 546048]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\system32\drivers\ctprxy2k.sys [2007-04-10 14632]
R3 CTSBLFX.DLL;CTSBLFX.DLL; C:\WINDOWS\system32\CTSBLFX.DLL [2007-04-12 560384]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\drivers\ctsfm2k.sys [2007-04-10 157480]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\system32\drivers\emupia2k.sys [2007-04-10 92968]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2007-04-10 797992]
R3 hap17v2k;Creative P17V HAL Driver; C:\WINDOWS\system32\drivers\hap17v2k.sys [2007-04-10 189736]
R3 itchfltr;iTouch Keyboard Filter; C:\WINDOWS\system32\DRIVERS\itchfltr.sys [2004-03-10 12953]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20091009.008\naveng.sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20091009.008\navex15.sys []
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-02 6554496]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-04-05 33536]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-04-05 12928]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2007-04-10 126760]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2003-05-16 19072]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2004-03-11 16288]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S1 AmdPPM;Stuurprogramma voor AMD HwPState processor; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S2 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 BOCDRIVE;BOClean Kernel Monitor.; \??\C:\Program Files\Comodo\CBOClean\BOCDRIVE.sys []
S3 BS_DEF;BS_DEF; \??\C:\WINDOWS\BS_DEF.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 CT20XUT.DLL;CT20XUT.DLL; C:\WINDOWS\system32\CT20XUT.DLL [2007-04-12 164608]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\system32\drivers\ctdvda2k.sys [2007-04-10 347128]
S3 CTEAPSFX.DLL;CTEAPSFX.DLL; C:\WINDOWS\system32\CTEAPSFX.DLL [2007-04-12 168192]
S3 CTEDSPFX.DLL;CTEDSPFX.DLL; C:\WINDOWS\system32\CTEDSPFX.DLL [2007-04-12 280320]
S3 CTEDSPIO.DLL;CTEDSPIO.DLL; C:\WINDOWS\system32\CTEDSPIO.DLL [2007-04-12 128768]
S3 CTEDSPSY.DLL;CTEDSPSY.DLL; C:\WINDOWS\system32\CTEDSPSY.DLL [2007-04-12 323328]
S3 CTERFXFX.DLL;CTERFXFX.DLL; C:\WINDOWS\system32\CTERFXFX.DLL [2007-04-12 94976]
S3 CTEXFIFX.DLL;CTEXFIFX.DLL; C:\WINDOWS\system32\CTEXFIFX.DLL [2007-04-12 1317632]
S3 CTHWIUT.DLL;CTHWIUT.DLL; C:\WINDOWS\system32\CTHWIUT.DLL [2007-04-12 66816]
S3 CTL511Plus;Video Blaster WebCam 3/WebCam Plus (WDM); C:\WINDOWS\system32\DRIVERS\webc3vid.sys [2001-11-07 166504]
S3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2; C:\WINDOWS\system32\DRIVERS\aabed2.sys [2008-03-20 21888]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 GemCCID;GemCCID; C:\WINDOWS\System32\Drivers\GemCCID.sys [2008-04-04 87424]
S3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\system32\drivers\hap16v2k.sys [2007-04-10 163112]
S3 LCcfltr;Logitech USB Filter Driver; C:\WINDOWS\system32\drivers\lccfltr.sys [2004-03-03 14095]
S3 LHidUsb;Logitech USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsb.Sys [2004-03-03 37887]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\rt2870.sys [2008-10-29 644096]
S3 SANDRA;SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\WNt500x86\Sandra.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2006-01-30 159744]
R2 Apple Mobile Device;Mobiel Apple apparaat; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-10 116040]
R2 Bonjour Service;Bonjour-service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 CarboniteService;CarboniteService; C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe [2008-08-18 1699784]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2004-02-29 255096]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2004-02-29 242808]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe [2009-09-30 723632]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2004-03-12 29928]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-19 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-02 159812]
R2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2004-03-12 1221864]
R3 iPod Service;iPod-service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-10 532264]
S2 gupdate1c9dada2d0a77da;Google Updateservice (gupdate1c9dada2d0a77da); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-05-22 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-22 183280]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 ccPwdSvc;Symantec Password Validation; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2004-02-29 87160]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2004-03-12 169192]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2004-03-11 193760]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

The info.txt file:

info.txt logfile of random's system information tool 1.06 2009-10-10 13:58:39

======Uninstall list======

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Aangifte inkomstenbelasting 2007-->C:\Program Files\Belastingdienst\Aangifte inkomstenbelasting\2007\ib2007u.exe
Aangifte inkomstenbelasting 2008-->C:\Program Files\Belastingdienst\Aangifte inkomstenbelasting\2008\ib2008u.exe
ABN AMRO e.dentifier2 software-->MsiExec.exe /X{D820BECD-97D3-4942-B6CF-1B670CA7690C}
ABN AMRO Electronic Banking-->C:\WINDOWS\UNWISE.EXE C:\PROGRA~1\ABNAMRO\HNKZ\INSTALL.LOG
ACDSee 7.0 PowerPack-->MsiExec.exe /I{B0625F16-B742-4F75-9FD8-20B47ACC7DE2}
Acronis True Image-->C:\Program Files\Acronis\TrueImage\uninstall.exe
Active@ UNDELETE Enterprise (Network Edition) -->C:\PROGRA~1\ACTIVE~2\ACTIVE~1\UNWISE.EXE C:\PROGRA~1\ACTIVE~2\ACTIVE~1\INSTALL.LOG
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Advanced SystemCare 3-->"C:\Program Files\IObit\Advanced SystemCare 3\unins000.exe"
Apple Mobile Device Support-->MsiExec.exe /I{35B91753-5789-4517-9CF1-2CCE3A8CF4F1}
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
AxCrypt (Remove Only)-->"C:\Program Files\Axon Data\AxCrypt\AxCryptU.exe"
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Carbonite-->C:\Program Files\Carbonite\Carbonite Backup\CarboniteSetup.exe /remove
Citrix XenApp Web Plugin-->MsiExec.exe /X{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}
COMODO Internet Security-->C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe -u
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Creative Audio Console-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x9 /remove
Creative Video Blaster WebCam 3 USB/WebCam Plus Driver-->C:\WINDOWS\ctdrvins.exe -uninstall usb\vid_05a9&pid_0511 -plugin webc3pin.dll -pluginres webc3pin.crl
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
CutePDF Professional 3.3-->MsiExec.exe /I{F10D1D8F-C20C-4F0D-B243-688C0C6873F6}
CutePDF Writer 2.6-->C:\WINDOWS\system32\uninscpw.exe C:\Program Files\
Dual-Core Optimizer-->MsiExec.exe /X{FF3D660E-E5CC-47FD-8050-1B4DE3BA81A9}
EfreeSoft Boss Key Version 3.30-->"C:\Program Files\Mgboss\unins000.exe"
Eraser-->"C:\Documents and Settings\All Users\Application Data\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}\EraserSetup32.exe" REMOVE=TRUE MODIFY=FALSE
Eraser-->C:\Documents and Settings\All Users\Application Data\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}\EraserSetup32.exe
eWebEditPro 2.0 Client-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ADAE6A0F-3038-4F17-8B6F-F29CFBDCFD42}\setup.exe"
Free 3GP Video Converter version 2.4-->"C:\Program Files\DVDVideoSoft\Free 3GP Video Converter\unins000.exe"
Free Mp3 Wma Converter V 1.8.0-->"C:\Program Files\Free Audio Pack\unins000.exe"
Free Video Dub version 1.2-->"C:\Program Files\DVDVideoSoft\Free Video Dub\unins000.exe"
Free YouTube to iPod Converter version 2.8-->"C:\Program Files\DVDVideoSoft\Free YouTube to iPod Converter\unins000.exe"
GdiplusUpgrade-->MsiExec.exe /I{5421155F-B033-49DB-9B33-8F80F233D4D5}
Google Earth Plug-in-->MsiExec.exe /X{FE24D361-A3E8-11DE-88F3-005056806466}
Google Earth-->MsiExec.exe /X{CC016F21-3970-11DE-B878-005056806466}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Heroes of Might and Magic® IV: Winds of War-->C:\WINDOWS\IsUninst.exe -f"d:\games\3DO\Heroes of Might and Magic IV\Heroes of Might and Magic IV.isu" -c"C:\Program Files\Common Files\3DO Shared\3DOUnInst.dll
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
HP Image Zone 5.3-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Imaging Device Functions 5.3-->C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Product Assistant-->MsiExec.exe /I{36FDBE6E-6684-462B-AE98-9A39A1B200CC}
HP Scanjet 4370-->C:\Program Files\HP\Digital Imaging\{2766C573-EFD3-4f15-83A5-2788B48994F0}\setup\hpzscr01.exe -datfile hpgscr07.dat
HP Solution Center & Imaging Support Tools 5.3-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{818ABC3C-635C-4651-8183-D0E9640B7DD1}
iTunes-->MsiExec.exe /I{EF6C4600-306D-4F6A-A119-C2A877D25B4A}
Java(TM) 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
K-Lite Codec Pack 2.70 Basic-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
LiveUpdate 2.0 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Logitech iTouch Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{036AA4D4-6D32-11D4-9875-00105ACE7734}\Setup.exe" -l0x9 UNINSTALL
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MediaJoin-->"C:\Documents and Settings\All Users\Application Data\{4588FC3C-C040-44E3-BB19-D9D014557FE1}\setup_mj.exe" REMOVE=TRUE MODIFY=FALSE
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft ActiveSync-->MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2003 Proofing Tools-->MsiExec.exe /I{901F0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MSN Music Assistant-->rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero 6 Ultra Edition-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Nero BurnRights-->C:\WINDOWS\UNNeroBurnRights.exe /UNINSTALL
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
RegVac Registry Cleaner 4.02 (Registered Version)-->"C:\Program Files\RegVac Registry Cleaner\unins000.exe"
Revo Uninstaller 1.83-->C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Encoder (KB954156)-->"C:\WINDOWS\$NtUninstallKB954156_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Smart Defrag 1.20-->"C:\Program Files\IObit\IObit SmartDefrag\unins000.exe"
SpamBayes 1.0.4-->"C:\Program Files\SpamBayes\unins000.exe"
Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
SpywareBlaster 4.2-->"C:\Program Files\SpywareBlaster\unins000.exe"
SuperCleaner-->"C:\Program Files\SuperCleaner\Uninst.exe" C:\Program Files\SuperCleaner\Uninst.ini
Symantec AntiVirus-->MsiExec.exe /I{848AC794-8B81-440A-81AE-6474337DB527}
SyncBackSE-->"C:\Program Files\2BrightSparks\SyncBackSE\unins000.exe"
TomTom HOME-->C:\Program Files\InstallShield Installation Information\{CE325D55-FCAF-4273-BB79-069BB8747270}\setup.exe -runfromtemp -l0x0009 -removeonly -removeonly
Uninstall 1.0.0.0-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
Unit 4 Agresso PDF printer (novaPDF 6.2 printer)-->"C:\Program Files\Softland\novaPDF 6\unins000.exe"
Unit 4 Multivers-->MsiExec.exe /X{AD5FE8BA-992F-4EC3-82D8-3BECC109FD4E}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_C074F64CC74B03BC354BB5DC973CCF768D5A7194\amdk8.inf
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 10 Hotfix - KB894476-->"C:\WINDOWS\$NtUninstallKB894476$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Mobile® Device Handbook-->C:\Program Files\Windows Mobile Device Handbook\Windows Mobile Device Handbook\Bin\DHUninstall.exe
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======Hosts File======

127.0.0.1 http://www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 http://www.008k.com
127.0.0.1 008k.com
127.0.0.1 http://www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 http://www.032439.com
127.0.0.1 032439.com

======Security center information======

FW: COMODO Firewall

======System event log======

Computer Name: CC1
Event Code: 7009
Message: Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.

Record Number: 137416
Source Name: Service Control Manager
Time Written: 20090930220056.000000+120
Event Type: error
User:

Computer Name: CC1
Event Code: 7009
Message: Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.

Record Number: 137412
Source Name: Service Control Manager
Time Written: 20090930215841.000000+120
Event Type: error
User:

Computer Name: CC1
Event Code: 7034
Message: The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).

Record Number: 137407
Source Name: Service Control Manager
Time Written: 20090930215715.000000+120
Event Type: error
User:

Computer Name: CC1
Event Code: 7034
Message: The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s).

Record Number: 137406
Source Name: Service Control Manager
Time Written: 20090930215715.000000+120
Event Type: error
User:

Computer Name: CC1
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 137122
Source Name: W32Time
Time Written: 20090928220746.000000+120
Event Type: warning
User:

=====Application event log=====

Computer Name: CC1
Event Code: 1004
Message: Detection of product '{99052DB7-9592-4522-A558-5417BBAD48EE}', feature 'ActiveSync', component '{13611E77-B9F9-43C7-85A6-1CB12FD67A1D}' failed. The resource 'HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows CE Services\Defname' does not exist.

Record Number: 33602
Source Name: MsiInstaller
Time Written: 20091003235951.000000+120
Event Type: warning
User: CC1\pr

Computer Name: CC1
Event Code: 1001
Message: Detection of product '{99052DB7-9592-4522-A558-5417BBAD48EE}', feature 'ActiveSync' failed during request for component '{25AE009D-012F-4A42-A341-259F0FB629A0}'

Record Number: 33599
Source Name: MsiInstaller
Time Written: 20091003235948.000000+120
Event Type: warning
User: CC1\pr

Computer Name: CC1
Event Code: 1004
Message: Detection of product '{99052DB7-9592-4522-A558-5417BBAD48EE}', feature 'ActiveSync', component '{13611E77-B9F9-43C7-85A6-1CB12FD67A1D}' failed. The resource 'HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows CE Services\Defname' does not exist.

Record Number: 33598
Source Name: MsiInstaller
Time Written: 20091003235948.000000+120
Event Type: warning
User: CC1\pr

Computer Name: CC1
Event Code: 1001
Message: Detection of product '{99052DB7-9592-4522-A558-5417BBAD48EE}', feature 'ActiveSync' failed during request for component '{25AE009D-012F-4A42-A341-259F0FB629A0}'

Record Number: 33595
Source Name: MsiInstaller
Time Written: 20091003235945.000000+120
Event Type: warning
User: CC1\pr

Computer Name: CC1
Event Code: 1004
Message: Detection of product '{99052DB7-9592-4522-A558-5417BBAD48EE}', feature 'ActiveSync', component '{13611E77-B9F9-43C7-85A6-1CB12FD67A1D}' failed. The resource 'HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows CE Services\Defname' does not exist.

Record Number: 33594
Source Name: MsiInstaller
Time Written: 20091003235945.000000+120
Event Type: warning
User: CC1\pr

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Unit4\Unit 4 Multivers\Bin;C:\Program Files\Unit4\Unit 4 Multivers\bin;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 35 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2302
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip

-----------------EOF-----------------

The last Malwarebytes log file of the scan that found something The two after that are clean):

Malwarebytes' Anti-Malware 1.41
Database version: 2910
Windows 5.1.2600 Service Pack 3 (Safe Mode)

6-10-2009 6:30:21
mbam-log-2009-10-06 (06-30-21).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 249885
Time elapsed: 31 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{4DA77F6B-B2ED-4F95-B5EC-373934F1C3D7}\RP31\A0006601.sys (Worm.Agent) -> Quarantined and deleted successfully.

For the rest: Yes, the Efreesoft Boss key I installed myself.
Furthermore: I use just the Comodo Firewall, not the antivirus or anything else from that Comodo package. I know not to use two antivirus programs at the same time and will stick to Symantec.
The last question to answer: the language is Dutch.
Those programs we use to calculate the yearly tax we have to pay. They can be downloaded from the Dutch equivalent of IRS in the USA. We have to pay tax here too and a lot more than in the USA.... :-(
But, this is not a tax forum, so let's skip that issue.

I will be looking forward to your answer.
mdr
Regular Member
 
Posts: 23
Joined: September 13th, 2007, 11:19 am

Re: Clean or not?

Unread postby turtledove » October 12th, 2009, 11:42 am

Hello mdr,

Thank you for the logs.
Looking at the HijackThis log and the other information supplied in RSIT you've supplied, the set up and the software running makes it look like the computer is used in/for a business or a company supplied computer. If this is the case, you would be best to contact your IT/Computing team for help as there may be specific settings that only they would know about. We, at Malware Removal, would not know these specific settings and may innocently make changes that could cause some of your computer's functions to stop working.

Can you please confirm whether your computer is a personal or a business / corporate computer.

Thank you

TD
User avatar
turtledove
Retired Graduate
 
Posts: 4398
Joined: February 13th, 2006, 3:26 am
Location: California

Re: Clean or not?

Unread postby mdr » October 12th, 2009, 5:15 pm

Hi TD,

Yes, you are right.
However, I own the company and there are no other people here (unless I hire them) who can tell.
Everything has run smoothly for the past nine years...
So, if you think there are risks involved, I could always first make a full backup with imaging software.
But maybe better to discuss first: What are the things that still look suspicious?
I may be able to tell myself where they are from?

Thanks,
mdr
mdr
Regular Member
 
Posts: 23
Joined: September 13th, 2007, 11:19 am

Re: Clean or not?

Unread postby turtledove » October 13th, 2009, 11:23 am

Hello mdr,

As this is business related, we must suggest you take your computer to a local repair or Computer store for fixing. As our site and others online are set up for only home personal non business assistance. There are liabilities our sites can not take chances with when working with business computers. WinPatrol is great along with your Anti Virus and Firewall. Your selection for a PDF Reader is also a good one.

We wish you the best in the future. Post back that you have seen this and are okay to close this topic.

Thank you

TD
User avatar
turtledove
Retired Graduate
 
Posts: 4398
Joined: February 13th, 2006, 3:26 am
Location: California

Re: Clean or not?

Unread postby mdr » October 13th, 2009, 3:11 pm

TD,

Can't say I am happy with this response.
In fact, it's quite dissappointing.
And not at all what I expected.
Never knew my frankness could be so rewarding.
All the best,

MDR
mdr
Regular Member
 
Posts: 23
Joined: September 13th, 2007, 11:19 am

Re: Clean or not?

Unread postby silver » October 14th, 2009, 8:56 pm

This topic is now closed

If you have been helped and wish to donate with the costs of this volunteer site, you can do so using this link
Donations For Malware Removal
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7
Advertisement
Register to Remove


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 294 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware