Please Help! HijackThis Diagnose

hyperlite2008

Ok so I have been literally trying to remove spyware, Trojans, and other viruses from computer for over 4 days. I am not that computer friendly but I have been reading and reading and talking to computer friendly people and still once I think I have got rid of all the stuff in my computer it comes back again. I have swept my computer with Spy Sweeper, PC Doctor, and Norton Anti-Virus all about 10 times a piece on different days. I have quarantined and deleted, I have manually went in and deleted individual items including in Reg Keys and some stuff which I will delete and then I will scan a couple hours later and the same thing is back. Usually Virtumonde and some Trojan/Win32. I am currently a undergrad student and not being able to use my computer is killing me. I would really appreciate any ideas or help. I have included the HijackThis report. thank you


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:37:17 PM, on 10/14/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\ProgramData\tgxahklu\ryzebyxm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\System32\ico.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\Windows\System32\FSRremoS.EXE
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\Notepad.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O1 - Hosts: ::1 localhost
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: QXK Olive - {65352C87-3458-4CD8-A4A0-EDDAFE7CEDF2} - C:\Windows\vortsgbqrfe.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: QXK Olive - {7537829F-2786-4AE6-95F5-52CC96AC0F3F} - C:\Windows\vortsgbqkwo.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {F1DEB0E5-B1EC-403E-BCFF-E71EFE1F18D7} - (no file)
O3 - Toolbar: (no name) - {799314E0-9BB7-4657-A53E-E409FDAE10BA} - (no file)
O3 - Toolbar: (no name) - {BC589E0B-BDE4-4CF5-B052-9E97921302B1} - (no file)
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [PWRISOVM.EXE] "C:\Program Files\PowerISO\PWRISOVM.EXE"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [VideoraConverter] C:\Program Files\VideoraConverter\VideoraConverter.exe -t
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] "C:\Windows\system32\ICO.EXE"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [WD Drive Manager] "C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Michael\AppData\Local\Temp\cbxXpmMf.dll,c
O4 - HKCU\..\Run: [\YURE08A.exe] C:\Windows\system32\YURE08A.exe
O4 - HKCU\..\Run: [64376558] rundll32.exe "C:\Users\Michael\AppData\Local\Temp\xtifcpsr.dll",b
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKLM\..\Policies\Explorer\Run: [R2uKZiLEP7] C:\ProgramData\tgxahklu\ryzebyxm.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 13561 bytes

Katana

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those three things, everything should go smoothly

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe

---

---

Step 1


Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to
  • Update Malwarebytes' Anti-Malware
  • and Launch Malwarebytes' Anti-Malware
• then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform full scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. please copy and paste the log into your next reply
  
  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

---

---

Step 2

If the previous step did not automatically reboot your machine, Please reboot now

---

---

Step 3


Download and Run RSIT

• Please download Random's System Information Tool by random/random from here and save it to your desktop.
• Double click on RSIT.exe to run RSIT.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open:
  
  • log.txt will be opened maximized.
  • info.txt will be opened minimized.
• Please post the contents of both log.txt and info.txt.

---

---

Step 4


Logs/Information to Post in Reply
Please post the following logs/Information in your reply

• MalwareBytes Log
• RSIT Logs
• How are things running now ?

hyperlite2008

[/quote]

Thanks for your help my computer seems to be running a lot better, I cant tell for sure though because sometimes after I do spyware scans and remove items a couple hours later I have problems again. But Thank You for your help! I really appreciate it.




Logfile of random's system information tool 1.04 (written by random/random)
Run by Michael at 2008-10-15 15:48:18
Microsoft® Windows Vista™ Home Premium
System drive C: has 14 GB (18%) free of 76 GB
Total RAM: 510 MB (22% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:50:04 PM, on 10/15/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\System32\ico.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\System32\FSRremoS.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\Pelmiced.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\lpremove.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\lpksetup.exe
C:\Windows\system32\RacAgent.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Michael\Desktop\RSIT.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\Michael.exe
C:\Windows\system32\SearchProtocolHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O1 - Hosts: ::1 localhost
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {F1DEB0E5-B1EC-403E-BCFF-E71EFE1F18D7} - (no file)
O3 - Toolbar: (no name) - {799314E0-9BB7-4657-A53E-E409FDAE10BA} - (no file)
O3 - Toolbar: (no name) - {BC589E0B-BDE4-4CF5-B052-9E97921302B1} - (no file)
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [PWRISOVM.EXE] "C:\Program Files\PowerISO\PWRISOVM.EXE"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [VideoraConverter] C:\Program Files\VideoraConverter\VideoraConverter.exe -t
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] "C:\Windows\system32\ICO.EXE"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [WD Drive Manager] "C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 12726 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Check Updates for Windows Live Toolbar.job
C:\Windows\tasks\Norton AntiVirus - Run Full System Scan - Michael.job
C:\Windows\tasks\User_Feed_Synchronization-{9B3FCE87-11CF-4706-B5A5-7BD7FD72869E}.job
C:\Windows\tasks\wrSpySweeperFullSweep.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
Ask Search Assistant BHO - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL [2008-10-13 66912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2007-12-07 1377576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2007-12-24 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2006-09-27 544032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2007-12-24 2403392]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2006-09-27 544032]
{F1DEB0E5-B1EC-403E-BCFF-E71EFE1F18D7}
{799314E0-9BB7-4657-A53E-E409FDAE10BA}
{BC589E0B-BDE4-4CF5-B052-9E97921302B1}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2007-06-13 1006264]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2007-04-09 200704]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2007-06-01 257088]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2007-01-09 115816]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-05-13 774233]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-11 40048]
"VideoraConverter"=C:\Program Files\VideoraConverter\VideoraConverter.exe -t []
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2007-02-07 71216]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2007-02-07 54832]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136]
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2007-08-08 1828136]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"Mouse Suite 98 Daemon"=C:\Windows\system32\ICO.EXE [2007-09-17 77824]
"Symantec PIF AlertEng"=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2007-11-28 583048]
"WD Drive Manager"=C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe [2008-02-19 438272]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]
"ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2008-10-13 1107848]
"SpySweeper"=C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-08-09 5418864]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [2007-12-24 171448]

C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0a4c60e6-19e8-11dc-9470-0010c68b11f8}]
shell\AutoRun\command - G:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{831da5d7-1a1b-11dc-b558-0010c68b11f8}]
shell\AutoRun\command - F:\WDSetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d554d75b-420f-11dd-881f-0010c68b11f8}]
shell\AutoRun\command - E:\TrueCrypt\TrueCrypt.exe /q background /e /m rm /v "Secure Disk.tc"
shell\dismount\command - E:\TrueCrypt\TrueCrypt.exe /q /d
shell\start\command - E:\TrueCrypt\TrueCrypt.exe


======List of files/folders created in the last 1 months======

2008-10-15 15:48:18 ----D---- C:\rsit
2008-10-15 09:52:44 ----D---- C:\Users\Michael\AppData\Roaming\Malwarebytes
2008-10-15 09:51:24 ----D---- C:\ProgramData\Malwarebytes
2008-10-15 09:51:21 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-15 01:35:11 ----A---- C:\Windows\system32\ntkrnlpa.exe
2008-10-15 01:35:05 ----A---- C:\Windows\system32\ntoskrnl.exe
2008-10-15 01:32:22 ----A---- C:\Windows\system32\mshtml.dll
2008-10-15 01:29:56 ----A---- C:\Windows\system32\ieframe.dll
2008-10-15 01:29:50 ----A---- C:\Windows\system32\urlmon.dll
2008-10-15 01:29:48 ----A---- C:\Windows\system32\wininet.dll
2008-10-15 01:29:48 ----A---- C:\Windows\system32\iertutil.dll
2008-10-15 01:29:47 ----A---- C:\Windows\system32\mshtmled.dll
2008-10-15 01:29:47 ----A---- C:\Windows\system32\dxtmsft.dll
2008-10-15 01:29:34 ----A---- C:\Windows\system32\dxtrans.dll
2008-10-15 01:29:33 ----A---- C:\Windows\system32\mstime.dll
2008-10-15 01:29:31 ----A---- C:\Windows\system32\ieapfltr.dll
2008-10-15 01:29:29 ----A---- C:\Windows\system32\advpack.dll
2008-10-15 01:29:27 ----A---- C:\Windows\system32\ie4uinit.exe
2008-10-15 01:29:25 ----A---- C:\Windows\system32\ieui.dll
2008-10-15 01:29:24 ----A---- C:\Windows\system32\iesetup.dll
2008-10-15 01:29:24 ----A---- C:\Windows\system32\iernonce.dll
2008-10-15 01:29:17 ----A---- C:\Windows\system32\icardie.dll
2008-10-15 01:29:16 ----A---- C:\Windows\system32\jsproxy.dll
2008-10-15 01:29:16 ----A---- C:\Windows\system32\ieUnatt.exe
2008-10-15 01:29:08 ----A---- C:\Windows\system32\pngfilt.dll
2008-10-13 22:29:09 ----D---- C:\Users\Michael\AppData\Roaming\PC Tools
2008-10-13 22:29:09 ----D---- C:\Program Files\Spyware Doctor
2008-10-13 17:52:28 ----D---- C:\Program Files\Trend Micro
2008-10-13 17:11:32 ----D---- C:\Windows\__SkypeIEToolbar_Cache
2008-10-13 17:10:58 ----D---- C:\Windows\Google Toolbar
2008-10-13 12:36:31 ----D---- C:\Users\Michael\AppData\Roaming\Webroot
2008-10-13 12:36:31 ----D---- C:\ProgramData\Webroot
2008-10-13 12:36:31 ----D---- C:\Program Files\Webroot
2008-10-13 12:36:31 ----A---- C:\Windows\WRSetup.dll
2008-10-13 12:36:25 ----D---- C:\Program Files\AskSBar
2008-10-13 10:02:34 ----D---- C:\ProgramData\Lavasoft
2008-10-13 08:58:16 ----D---- C:\Users\Michael\AppData\Roaming\Download Manager
2008-10-10 07:18:06 ----A---- C:\Windows\system32\urqNETnL.dll
2008-10-10 07:18:06 ----A---- C:\Windows\system32\mlJApPHy.dll
2008-10-10 07:18:06 ----A---- C:\Windows\system32\geBuTnLf.dll
2008-10-10 07:18:06 ----A---- C:\Windows\system32\byXPJDvt.dll
2008-10-10 06:16:48 ----A---- C:\Windows\system32\rqRHxVmJ.dll
2008-10-10 06:16:45 ----A---- C:\Windows\system32\wvUMgFvu.dll
2008-10-10 06:16:31 ----A---- C:\Windows\system32\efcDwTMG.dll
2008-10-10 06:16:29 ----A---- C:\Windows\system32\hGvVnlmJ.dll
2008-10-10 05:15:43 ----A---- C:\Windows\system32\urqRHYoP.dll
2008-10-10 05:15:43 ----A---- C:\Windows\system32\fccdeDUn.dll
2008-10-10 05:15:32 ----A---- C:\Windows\system32\hGVmkHyv.dll
2008-10-10 05:15:32 ----A---- C:\Windows\system32\byXNEWmN.dll
2008-10-10 04:14:08 ----A---- C:\Windows\system32\ssqrrSji.dll
2008-10-10 04:14:08 ----A---- C:\Windows\system32\nNEuttSK.dll
2008-10-10 04:13:58 ----A---- C:\Windows\system32\tUlJdBst.dll
2008-10-10 04:13:57 ----A---- C:\Windows\system32\jkkIcCtT.dll
2008-10-09 20:57:30 ----D---- C:\ProgramData\tgxahklu
2008-10-09 20:50:35 ----D---- C:\Users\Michael\AppData\Roaming\sp2
2008-10-09 20:50:10 ----A---- C:\Program Files\MediaXCodec1.exe
2008-10-09 20:49:49 ----A---- C:\Program Files\MediaXCodec.exe
2008-10-09 20:49:26 ----A---- C:\Windows\uninstall.exe
2008-09-28 21:07:46 ----D---- C:\Program Files\Sun
2008-09-28 20:58:40 ----A---- C:\Windows\system32\javaws.exe
2008-09-28 20:58:39 ----A---- C:\Windows\system32\javaw.exe
2008-09-28 20:58:38 ----A---- C:\Windows\system32\java.exe

======List of files/folders modified in the last 1 months======

2008-10-15 15:49:08 ----AD---- C:\ProgramData\TEMP
2008-10-15 15:48:59 ----D---- C:\Windows\Prefetch
2008-10-15 15:48:51 ----D---- C:\Windows\Temp
2008-10-15 15:29:11 ----D---- C:\Windows\System32
2008-10-15 15:29:10 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-10-15 15:29:01 ----D---- C:\Windows\inf
2008-10-15 15:18:39 ----D---- C:\Windows\system32\drivers
2008-10-15 15:06:33 ----D---- C:\Windows
2008-10-15 09:51:24 ----HD---- C:\ProgramData
2008-10-15 09:51:21 ----RD---- C:\Program Files
2008-10-15 04:20:28 ----D---- C:\Windows\winsxs
2008-10-15 04:19:00 ----D---- C:\Windows\system32\catroot
2008-10-15 04:08:39 ----D---- C:\Program Files\Windows Mail
2008-10-15 04:08:18 ----D---- C:\Program Files\Internet Explorer
2008-10-15 04:08:16 ----D---- C:\Windows\system32\migration
2008-10-15 04:08:06 ----D---- C:\Windows\AppPatch
2008-10-15 03:56:41 ----SHD---- C:\Windows\Installer
2008-10-15 03:54:53 ----D---- C:\ProgramData\Microsoft Help
2008-10-15 03:09:42 ----D---- C:\Windows\system32\catroot2
2008-10-15 03:08:35 ----SHD---- C:\System Volume Information
2008-10-13 16:39:11 ----D---- C:\Users\Michael\AppData\Roaming\Skype
2008-10-13 16:37:30 ----D---- C:\Users\Michael\AppData\Roaming\skypePM
2008-10-13 12:51:17 ----D---- C:\Windows\system32\Tasks
2008-10-13 12:51:15 ----D---- C:\Windows\Tasks
2008-10-13 12:26:37 ----D---- C:\Users\Michael\AppData\Roaming\uTorrent
2008-10-13 11:25:05 ----D---- C:\Program Files\Common Files
2008-10-10 08:22:32 ----D---- C:\Windows\Minidump
2008-10-10 08:18:54 ----A---- C:\Windows\ntbtlog.txt
2008-10-09 20:50:21 ----D---- C:\Users\Michael\AppData\Roaming\Adobe
2008-10-02 08:11:42 ----D---- C:\Program Files\Mozilla Firefox
2008-09-28 20:58:22 ----D---- C:\Program Files\Java

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2008-01-18 385072]
R1 IDSvix86;Symantec Intrusion Prevention Driver; \??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\IDS-DI~1\20080613.002\IDSvix86.sys [2008-02-13 261680]
R1 IKSysFlt;System Filter Driver; C:\Windows\system32\drivers\iksysflt.sys [2007-12-10 66952]
R1 IKSysSec;System Security Driver; C:\Windows\system32\drivers\iksyssec.sys [2007-12-10 81288]
R1 mchInjDrv;madCodeHook DLL injection driver; \??\C:\Windows\system32\Drivers\mchInjDrv.sys [2008-10-15 2560]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2007-04-09 31548]
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [2007-01-03 417592]
R1 SRTSP;SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [2007-01-11 247608]
R1 SRTSPX;SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [2007-01-11 25400]
R1 SYMTDI;SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [2007-01-09 191544]
R1 truecrypt;truecrypt; C:\Windows\System32\drivers\truecrypt.sys [2008-06-24 223424]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B}; \??\C:\Program Files\CyberLink\PowerDVD\000.fcl [2006-11-02 13560]
R3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384]
R3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-04-28 19456]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2006-11-02 92160]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-28 29184]
R3 CAMCAUD;Conexant AMC Audio; C:\Windows\system32\drivers\camc6aud.sys [2005-01-11 37760]
R3 CAMCHALA;CAMCHALA; C:\Windows\system32\drivers\camc6hal.sys [2005-01-11 346496]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2007-11-14 14208]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-01-18 109616]
R3 GEARAspiWDM;GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 NAVENG;NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20080614.003\NAVENG.SYS [2008-06-10 89936]
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20080614.003\NAVEX15.SYS [2008-06-10 856336]
R3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-01-19 2314752]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2006-11-02 49664]
R3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2006-11-02 47104]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2007-06-13 82432]
R3 SYMDNS;SYMDNS; C:\Windows\System32\Drivers\SYMDNS.SYS [2007-01-09 12984]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2008-08-22 123952]
R3 SYMFW;SYMFW; C:\Windows\System32\Drivers\SYMFW.SYS [2007-01-09 145976]
R3 SYMIDS;SYMIDS; C:\Windows\System32\Drivers\SYMIDS.SYS [2007-01-09 40120]
R3 SYMNDISV;SYMNDISV; C:\Windows\System32\Drivers\SYMNDISV.SYS [2007-01-09 38200]
R3 SYMREDRV;SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [2007-01-09 27576]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2006-05-13 193056]
R3 tifm21;tifm21; C:\Windows\system32\drivers\tifm21.sys [2005-06-23 162176]
R3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2006-11-02 35328]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2007-11-14 11264]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2008-04-28 220160]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 MR97310_USB_DUAL_CAMERA;DUAL MODE CAMERA SL310; C:\Windows\system32\DRIVERS\mr97310c.sys [2005-03-15 127574]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 NPF;Netgroup Packet Filter; C:\Windows\system32\drivers\npf.sys [2007-09-28 42512]
S3 Ph3xIB32;Philips 713x Inbox PCI TV Card; C:\Windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 1131136]
S3 s125bus;Sony Ericsson Device 125 driver (WDM); C:\Windows\system32\DRIVERS\s125bus.sys [2007-04-24 83336]
S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s125mdfl.sys [2007-04-24 15112]
S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s125mdm.sys [2007-04-24 108680]
S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s125mgmt.sys [2007-04-24 100488]
S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s125obex.sys [2007-04-24 98696]
S3 SRTSPL;SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [2007-01-11 276792]
S3 UMPass;Microsoft UMPass Driver; C:\Windows\system32\DRIVERS\umpass.sys [2006-11-02 7168]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-02-18 110592]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-01-05 554616]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-09 108648]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-09 108648]
R2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-09 108648]
R2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-09 108648]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-08-08 836904]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2007-02-07 173616]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-10-13 337800]
R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2008-10-13 1017224]
R2 SymAppCore;Symantec AppCore Service; C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe [2007-01-05 47712]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service; C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [2008-02-19 106496]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine; C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe [2008-08-09 3585384]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2007-06-01 501312]
R3 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2007-11-01 1252232]
S2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2007-11-28 583048]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-12-24 138168]
S3 ISPwdSvc;Symantec IS Password Validation; C:\Program Files\Norton AntiVirus\isPwdSvc.exe [2007-01-14 80504]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-01-05 2918008]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-08-03 382248]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]

---

EOF

---

info.txt logfile of random's system information tool 1.04 2008-10-15 15:50:20

======Uninstall list======

-->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
AC3Filter (remove only)-->C:\Program Files\AC3Filter\uninstall.exe
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Aperio ImageScope-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5856584-F090-4FD3-BA95-34E6D85546B1}\Setup.exe" -l0x9
AppCore-->MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Mobile Device Support-->MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Ask Toolbar-->rundll32 C:\PROGRA~1\AskSBar\bar\1.bin\AskSBar.dll,O
AV-->MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Camera Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D1B3874F-3057-11D6-B2EA-0050BA18806B}\Setup.exe"
ccCommon-->MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
Codec Pack - All In 1 6.0.3.0-->C:\Windows\iun6002.exe "C:\Program Files\Codec Pack - All In 1\irunin.ini"
Conexant AC-Link Audio-->CIAunwdm.exe
Disc2Phone-->MsiExec.exe /I{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}
DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"
Form Fill (Windows Live Toolbar)-->MsiExec.exe /X{F5AF5CDA-76FC-4794-9F28-09B6D54E7431}
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Internet Worm Protection-->MsiExec.exe /I{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}
iTunes-->MsiExec.exe /I{553E56C3-7AA1-45FE-A2FC-2C43DC27F765}
J2SE Runtime Environment 5.0 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Kensington SlimBlade Driver-->Pmuninst.exe MouseSuite98
LiveUpdate 3.2 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation)-->MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Magic ISO Maker v5.4 (build 0251)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Map Button (Windows Live Toolbar)-->MsiExec.exe /X{ECDA9BD9-A54E-462A-8191-A2B569D9AB34}
Microsoft .NET Framework 1.1 Hotfix (KB929729)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Mozilla Firefox (2.0.0.17)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
Nero 8-->MsiExec.exe /X{8AEA4BE2-2B52-41C0-BB7D-9F2D17AF1033}
NeroVision Express 3-->C:\Windows\UNNeroVision.exe /UNINSTALL
Norton AntiVirus (Symantec Corporation)-->"C:\Program Files\Common Files\Symantec Shared\SymSetup\{830D8CBD-C668-49e2-A969-C2C2106332E0}_14_2_0_29\{830D8CBD-C668-49e2-A969-C2C2106332E0}.exe" /X
Norton AntiVirus Help-->MsiExec.exe /I{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}
Norton AntiVirus Parent MSI-->MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton AntiVirus SYMLT MSI-->MsiExec.exe /I{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8}
Norton AntiVirus-->MsiExec.exe /X{830D8CBD-C668-49e2-A969-C2C2106332E0}
Norton Internet Security-->"C:\Program Files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_2_0_30\Temp{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}.exe" /X
Norton Protection Center-->MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}
OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
Photo Viewer 2.25-->"C:\Program Files\Photo Viewer\uninstall.exe"
PokerStars-->"C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:PokerStars
PowerDVD-->"C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -l0x000409 /z-uninstall
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
Riva FLV Encoder 2.0-->"C:\Program Files\Riva\Riva FLV Encoder 2.0\unins000.exe"
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB955936)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1D94099C-2BBA-440E-BD5E-093BBDF8F028}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB955470)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6E8637D8-10D6-4568-AA06-E2706F31685E}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Visio 2007 (KB947590)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Skypeâ„¢ 3.6-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Smart Menus (Windows Live Toolbar)-->MsiExec.exe /X{95FC661A-A0C5-4B18-92CE-90347DA79CC9}
SPBBC 32bit-->MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spy Sweeper Core-->MsiExec.exe /I{3F5B6210-0903-4DC6-8034-8F488AA3A782}
Spy Sweeper-->"C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
Spyware Doctor 5.5-->C:\Program Files\Spyware Doctor\unins000.exe /LOG
Symantec-->MsiExec.exe /I{228F6876-A313-40A3-91C0-C3CBE6997D09}
SymNet-->MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Texas Instruments PCIxx21/x515 drivers.-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{FF6F491D-BC82-4DCC-A72F-1824957C6466} /l1033
The Rosetta Stone-->C:\Windows\unvise32.exe C:\Program Files\The Rosetta Stone\TRS Support\uninstal.log
Total Video Converter 3.11 070908-->"C:\Program Files\Total Video Converter\unins000.exe"
TrueCrypt-->"C:\Program Files\TrueCrypt\TrueCrypt Setup.exe" /u
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb957258)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {E070CDA4-A8DD-47FA-89A0-F5DA5D5DDFF9}
VideoLAN VLC media player 0.8.6b-->C:\Program Files\VideoLAN\VLC\uninstall.exe
WD Drive Manager (x86)-->MsiExec.exe /X{F2E6CAF1-D651-4A74-8CC6-D92FE81FDBCC}
Win AVI HelixSDK-->"C:\Program Files\WinAVI Video Converter\HelixSDK\unins000.exe"
WinAVI Video Converter-->"C:\Program Files\WinAVI Video Converter\unins000.exe"
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Toolbar Feed Detector (Windows Live Toolbar)-->MsiExec.exe /X{38024121-D084-4E7D-B1A2-1A04CB5C4CF3}
Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {DA0FFF7B-DA9D-46A2-A329-87804ECA58EA}
Windows Live Toolbar-->MsiExec.exe /X{DA0FFF7B-DA9D-46A2-A329-87804ECA58EA}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======Security center information======

AV: Norton AntiVirus (outdated)
FW: Norton AntiVirus
AS: Spyware Doctor
AS: Windows Defender
AS: Webroot Spy Sweeper
AS: Norton AntiVirus (outdated)

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 15 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0f00
"NUMBER_OF_PROCESSORS"=1
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip

---

EOF

---

hyperlite2008

Malwarebytes' Anti-Malware 1.28
Database version: 1274
Windows 6.0.6000

10/15/2008 3:06:43 PM
mbam-log-2008-10-15 (15-06-42).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 146261
Time elapsed: 3 hour(s), 19 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 35
Registry Values Infected: 10
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 127

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Users\Michael\AppData\Local\Temp\cbxXpmMf.dll (Trojan.Vundo) -> Delete on reboot.
C:\Users\Michael\AppData\Local\Temp\xtifcpsr.dll (Trojan.Vundo) -> Delete on reboot.
C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Adware.AskSBAR) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\TypeLib\{f0d4b230-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f0d4b23a-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f0d4b23c-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b15fd82e-85bc-430d-90cb-65db1b030510} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f0d4b231-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f0d4b231-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f0d4b23b-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{f0d4b23b-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\qaccess.tchongabho (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df9a99cf-49c6-4e3e-b668-498b718fd313} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c8e19c4c-ffe7-4e05-bcfc-e4634b162bb6} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{52d0b1f3-2523-4e67-ad89-88552d4b6daa} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a1947fc6-efc1-4e24-ac41-698821dc0ea5} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7537829f-2786-4ae6-95f5-52cc96ac0f3f} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7537829f-2786-4ae6-95f5-52cc96ac0f3f} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{d29bf030-5eb9-40e8-83de-bec2bb593b6b} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9aed4f64-7449-4e4a-b08c-36696e885142} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c921d08d-288f-489b-ac6f-332ec7a22d78} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{65352c87-3458-4cd8-a4a0-eddafe7cedf2} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{65352c87-3458-4cd8-a4a0-eddafe7cedf2} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\olnmraew.blqr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\olnmraew.bneb (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\olnmraew.bokx (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\olnmraew.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\r2ukzilep7 (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmds (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{df9a99cf-49c6-4e3e-b668-498b718fd313} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yure08a.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\64376558 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Windows\System32\smp (Fake.Dropped.Malware) -> Delete on reboot.

Files Infected:
C:\ProgramData\tgxahklu\ryzebyxm.exe (Trojan.FakeAlert.H) -> Delete on reboot.
C:\Users\Michael\AppData\Local\Temp\cbxXpmMf.dll (Trojan.Vundo) -> Delete on reboot.
C:\Users\Michael\AppData\Local\Temp\xtifcpsr.dll (Trojan.Vundo) -> Delete on reboot.
C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Adware.AskSBAR) -> Delete on reboot.
C:\Windows\System32\wvUnmLCr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-1021416711-2452985224-3044302750-1000\$RO5TFVZ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KVRTW7IZ\upd105320[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PC0PI0ER\nd82m0[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Michael\AppData\Local\Temp\rlolyygf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Michael\AppData\Local\Temp\rQHbccaW.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Michael\AppData\Local\Temp\bqmjqdfc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Michael\AppData\Local\Temp\mlJAsRKa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Michael\AppData\Local\Temp\efcBurPj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Michael\AppData\Local\Temp\awtTKebc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Michael\AppData\Local\Temp\awttrOFu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Michael\AppData\Local\Temp\TDSS7643.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Users\Michael\AppData\Local\Temp\TDSSc688.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Users\Michael\AppData\Local\Temp\kwwncxiy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Michael\AppData\Local\Temp\lifenmxb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Michael\AppData\Local\Temp\ljJYqOec.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Michael\AppData\Local\Temp\lwbejomh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Michael\AppData\Local\Temp\windfr.exe.bak (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Michael\AppData\Local\Temp\ddCuRkLd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Michael\AppData\Local\Temp\wryiogdb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Michael\AppData\Local\Temp\wynlawsn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Michael\AppData\Local\Temp\xgxofyiy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Michael\AppData\Local\Temp\upkinowl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Michael\AppData\Local\Temp\urQHwtsR.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Michael\AppData\Local\Temp\vtUNdBQg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Michael\AppData\Local\Temp\vtUnmLde.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Michael\AppData\Local\Temp\tkplufut.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Michael\AppData\Local\Temp\tmp0003e7a2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Michael\AppData\Local\Temp\tmp0003f87a (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Michael\AppData\Local\Temp\tmp0003f8b9 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Michael\AppData\Local\Temp\tmp00044b9c (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Michael\AppData\Local\Temp\tmp00054359 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Michael\AppData\Local\Temp\tmp00067fd1 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Michael\AppData\Local\Temp\tmp000dc583 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Michael\AppData\Local\Temp\aefbtxoa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Michael\AppData\Local\Temp\efcARlIx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Michael\AppData\Local\Temp\efcASMCS.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Michael\AppData\Local\Temp\khfCvWOH.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Michael\AppData\Local\Temp\qOiFuULD.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Michael\AppData\Local\Temp\opnKcAsS.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Michael\AppData\Local\Temp\nctvibba.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Michael\AppData\Local\Temp\uhtednse.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Michael\AppData\Local\Temp\fccdbBuS.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Michael\Music\iTunes\iTunes Music\New Folder\WinAVI.3GP.MP4.PSP.iPod.Video.Converter.v3.1.Incl.Keymaker-CORE\CORE10k.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\eedk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\egpt.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\exvb.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\System32\ljJBSjgF.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\ssqqOHbY.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\awTKETNF.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\byxWMebB.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\cbxxwVpo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\ddcBqppq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\efcAPFuS.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\efcyaaww.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\efcYRHxW.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\eFwvvULF.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\geBuTmNE.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\hgGVOfed.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\hgGyawwV.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\iIBqnMdE.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\iifgGVNh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\jKATnmJy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\kHaxVnNE.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\khfEXrPI.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\mlJAPFvt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\mlJDuTkh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\nnnMdcBr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\pmnkKdEv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\pmnMGYqp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\urQkkKdd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\urqRllkJ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\vtUMefeB.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\vtUmMFuR.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\wvUkICRJ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\xXpqOigF.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\Temp\pwr15CF.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Windows\System32\smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\System32\1.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\Windows\System32\2.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\Windows\System32\tdssservers.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\a.bat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\iTunesMusic.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\akttzn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\anticipator.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\awtoolb.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\dpcproxy.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\hoproxy.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\hxiwlgpm.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\hxiwlgpm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\msgp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\mtr2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\mwin32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\netode.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\newsd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\ps1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\psoft1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\regm64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\Rundl1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\ssvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\sysreq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\taack.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\taack.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\temp#01.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\VBIEWER.OCX (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\winlogonpc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\winsystem.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\WINWGPX.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\vortsgbqkwo.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\vortsgbqrfe.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\Temp\TDSS7a9d.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Michael\AppData\Local\Temp\TDSS7a18.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Michael\AppData\Local\Temp\TDSS7c62.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Michael\AppData\Local\Temp\TDSS8151.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Michael\AppData\Local\Temp\TDSS88ce.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Michael\AppData\Local\Temp\TDSSd267.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Michael\AppData\Local\Temp\msfont32.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\System32\TDSSerrors.log (Trojan.TDSS) -> Quarantined and deleted successfully.

Katana

Information

======Security center information======

AV: Norton AntiVirus (outdated)
FW: Norton AntiVirus

You need to update your Antivirus database.
Do you have a current subscription for Norton ?

---

---

Step 1

Disable SpySweeper
If you have Spy Sweeper version 4:

• Open it, Click Options over on the left, then Program options
• Uncheck load at windows startup.
• Over to the left, Click shields and Uncheck all there.
• Uncheck home page shield.
• Uncheck automatically restore default without notification.
• Reboot your computer, and verify SpySweeper is disabled.

If you have SpySweeper version 5:

• Open SpySweeper, click Shield Settings on the right
  (or Shields on the left, depending what screen you're on).
• Click Internet Explorer and uncheck all items.
• Click Windows System and uncheck all items.
• Click Hosts File and uncheck all items.
• Click Startup Programs and uncheck all items.
• Close SpySweeper.
  Reboot your computer, and verify Spy Sweeper is disabled.

---

---

Step 2

Remove Programs

Now click Start---Control Panel. Double click Add or Remove Programs (XP) / Programs and Features (Vista) . If any of the following programs are listed there,
click on the program to highlight it, and click on remove.

• Adobe Reader 8.1.0 << Please see the notes below on updating Adobe
• J2SE Runtime Environment 5.0 Update 3
  Java(TM) 6 Update 2
  Java(TM) 6 Update 3
  

Now close the Control Panel.

---

---

Step 3


Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:

Bleeping Computer ComboFix Tutorial

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

---

---

Step 4


Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html

Read the Requirements and limitations before you click Accept.
Once the database has downloaded, click My Computer in the left pane
Now go and put the kettle on !
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.


**Note**

To optimize scanning time and produce a more sensible report for review:

• Close any open programs.
• Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

---

---

Step 5


Logs/Information to Post in Reply
Please post the following logs/Information in your reply

• ComboFix Log
• Kaspersky Log
• How are things running now ?

---

---

Additional Notes



Your Adobe Acrobat Reader is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Adobe Reader is a large program and uses unnecessary space.
If you prefer a smaller program you can get Foxit 2.0 from http://www.foxitsoftware.com/pdf/rd_intro.php << Recommended

There is a newer version of Adobe Acrobat Reader available.

• Please go to this link Adobe Acrobat Reader Download Link
• Click Download
• On the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.
• Click the Continue button
• Click Run, and click Run again
• Next click the Install Now button and follow the on screen prompts

When the installation is complete go to Add/Remove Programs and uninstall all previous versions.

hyperlite2008

I figured I should ask before proceeding. Under the combofix tutorial it says you should load the Recovery Console DVD for Vista. I do not have the disc which is the problem. Would it be alright to run combofix without loading this console? Isn't there a recovery tool already in Vista like a system restore? thank you again for all of your help you awesome.

Katana

hyperlite2008 wrote:

Would it be alright to run combofix without loading this console?

That will be fine

hyperlite2008

Ok Also I wanted to say that I cannot disable spysweeper I did everything you said and still keeps coming back up. Also do you want me to turn windows firewall off also as well as windows defender? thanks

Katana

Don't worry about those, let's see what we get without disabling them.

Whilst we appreciate that you may be busy, it has been 5 days or more since we heard from you. This topic is now closed.

Infections can change and fresh instructions will now need to be given. If you wish to reopen your topic, please send a Private Message (PM) to Trogan with a link to your thread.

If you are not the user who started this thread, you must start your own Thread instead