WiredWX Hobby Weather ToolsLog in

 


please help - Antivirus Live/Antivirus System Pro

3 posters

descriptionplease help - Antivirus Live/Antivirus System Pro - Page 3 EmptyRe: please help - Antivirus Live/Antivirus System Pro

more_horiz
sorry, i checked my computer again after i posted and a log file was on the screen. i dont know what happened but i guess i just needed to wait longer

ComboFix 09-12-08.03 - Anthony 12/14/2009 15:36:30.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1279.855 [GMT -5:00]
Running from: c:documents and settingsAnthonyMy DocumentsMathemergencycommy.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:docume~1AnthonyLOCALS~1Templsass.exe
c:docume~1AnthonyLOCALS~1Tempwinlogon.exe
c:docume~1AnthonyLOCALS~1Tempwscsvc32.exe
c:documents and settingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr0.dat
c:documents and settingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr1.dat
c:documents and settingsAnthonyLocal SettingsApplication Datapdvqtj
c:documents and settingsAnthonyLocal SettingsApplication Datapdvqtjcivssysguard.exe
c:documents and settingsAnthonyStart MenuProgramsStartupscandisk.dll
c:documents and settingsAnthonyStart MenuProgramsStartupscandisk.lnk
c:recyclerS-1-5-21-3781777486-0661304054-339478247-8690
c:recyclerS-1-5-21-3781777486-0661304054-339478247-8690Desktop.ini
c:recyclerS-1-5-21-3781777486-0661304054-339478247-8690msimfo32.exe
c:recyclerS-1-5-21-5289978000-5408025882-951223212-7940
c:windowsInstall.txt
c:windowssystem326to4v32.dll
c:windowssystem32AVR10.exe
c:windowssystem32BtwSrv.dll
c:windowssystem32certstore.dat
c:windowssystem32critical_warning.html
c:windowssystem32crt4.dll
c:windowssystem32FastNetSrv.exe
c:windowssystem32FInstall.sys
c:windowssystem32Iasv32.dll
c:windowssystem32Install.txt
c:windowssystem32kbdatat4.dll
c:windowssystem32kboem32.dat
c:windowssystem32kbupdate.dll
c:windowssystem32kidowavi.dll
c:windowssystem32md2092f86.dll
c:windowssystem32nijufagi.dll
c:windowssystem32nobiyaki.dll
c:windowssystem32notepad.dll
c:windowssystem32opeia.exe
c:windowssystem32penipure.dll
c:windowssystem32sazukojo.exe
c:windowssystem32tafiwizo.dll
c:windowssystem32tegavipo.exe
c:windowssystem32vidohosi.dll
c:windowssystem32winhelper86.dll
c:windowssystem32winlogon86.exe
c:windowssystem32winupdate86.exe
c:windowssystem32wmdtc.exe
c:windowssystem32yemopego.dll
c:windowsTasksmpgtzcdm.job
c:windowsTemp989609876.exe
c:windowsTEMPmta13187.dll

----- BITS: Possible infected sites -----

hxxp://82.98.231.102
hxxp://92.241.165.204
hxxp://thekmultimedia.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------Legacy_BTWSRV
-------Legacy_FASTNETSRV
-------Legacy_IAS
-------Service_BtwSrv
-------Service_fastnetsrv
-------Service_Ias


((((((((((((((((((((((((( Files Created from 2009-11-14 to 2009-12-14 )))))))))))))))))))))))))))))))
.

2009-12-11 16:36 . 2009-12-11 16:36 0 --sha-w- c:documents and settingsNetworkServicentload.dll
2009-12-11 07:40 . 2009-12-14 20:32 20 ----a-w- c:windowssystem32crt.dat
2009-12-11 07:40 . 2009-12-11 07:40 3584 ----a-w- C:udhkiixx.exe
2009-12-11 07:40 . 2009-12-11 07:40 156672 ----a-w- C:nymeu.exe
2009-12-11 07:40 . 2009-12-11 07:40 40960 ----a-w- C:pdvwd.exe
2009-12-11 07:39 . 2009-12-11 07:39 8704 ----a-w- C:ryiasu.exe
2009-12-11 07:39 . 2009-12-11 07:39 135168 ----a-w- C:dcgwhpoh.exe
2009-12-10 02:52 . 2009-12-10 02:52 -------- d-----w- c:documents and settingsAll UsersApplication DataF-Secure
2009-12-09 01:09 . 2009-12-09 01:09 -------- d-----w- c:documents and settingsAnthonyApplication DataMalwarebytes
2009-12-09 01:09 . 2009-12-03 21:14 38224 ----a-w- c:windowssystem32driversmbamswissarmy.sys
2009-12-09 01:09 . 2009-12-09 01:09 -------- d-----w- c:documents and settingsAll UsersApplication DataMalwarebytes
2009-12-09 01:09 . 2009-12-09 01:09 -------- d-----w- c:program filesMalwarebytes' Anti-Malware
2009-12-09 01:09 . 2009-12-03 21:13 19160 ----a-w- c:windowssystem32driversmbam.sys
2009-11-29 03:10 . 2009-11-29 03:10 -------- d-----w- c:documents and settingsAnthonyLocal SettingsApplication DataThreat Expert
2009-11-28 17:32 . 2009-11-28 17:32 79488 ----a-w- c:documents and settingsChrisApplication DataSunJavajre1.6.0_17gtapi.dll
2009-11-27 16:21 . 2009-11-27 16:21 -------- d-----w- c:program filesTrend Micro
2009-11-27 05:31 . 2009-11-27 05:31 -------- d-----w- c:documents and settingsChrisApplication DataAvanquest
2009-11-27 04:56 . 2009-11-27 04:58 -------- d-----w- c:program filesWindows Live Safety Center
2009-11-23 20:07 . 2009-11-29 05:24 79488 ----a-w- c:documents and settingsAnthonyApplication DataSunJavajre1.6.0_17gtapi.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-09 04:19 . 2007-06-08 18:22 -------- d-----w- c:program filesFull Tilt Poker
2009-11-29 03:37 . 2008-03-07 20:05 -------- d-----w- c:program filesSpyware Doctor
2009-11-29 03:12 . 2008-03-07 20:06 -------- d---a-w- c:documents and settingsAll UsersApplication DataTEMP
2009-11-15 01:05 . 2009-10-10 23:31 -------- d-----w- c:program filesWorld of Warcraft
2009-10-29 07:46 . 2005-10-21 17:51 832512 ----a-w- c:windowssystem32wininet.dll
2009-10-29 07:46 . 2004-08-04 07:56 78336 ----a-w- c:windowssystem32ieencode.dll
2009-10-29 07:46 . 2003-07-16 20:25 17408 ----a-w- c:windowssystem32corpol.dll
2009-10-29 03:42 . 2006-03-02 22:30 39952 ----a-w- c:documents and settingsAnthonyLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2009-10-21 05:38 . 2004-08-04 07:56 75776 ----a-w- c:windowssystem32strmfilt.dll
2009-10-21 05:38 . 2004-08-04 07:56 25088 ----a-w- c:windowssystem32httpapi.dll
2009-10-20 16:20 . 2004-08-04 06:00 265728 ------w- c:windowssystem32drivershttp.sys
2009-10-20 04:15 . 2009-10-20 04:15 -------- d-----w- c:program filesMicrosoft Silverlight
2009-10-13 10:30 . 2003-07-16 20:40 270336 ----a-w- c:windowssystem32oakley.dll
2009-10-12 13:38 . 2003-07-16 20:42 149504 ----a-w- c:windowssystem32rastls.dll
2009-10-12 13:38 . 2003-07-16 20:42 79872 ----a-w- c:windowssystem32raschap.dll
2009-10-11 04:04 . 2006-02-23 00:43 77423 ----a-w- c:windowsPCHealthHelpCtrOfflineCacheindex.dat
2009-09-12 04:03 . 2009-09-12 04:03 39424 --sha-w- c:windowssystem32barijatu.dll
2009-09-12 04:03 . 2009-09-12 04:03 54272 --sha-w- c:windowssystem32kabujupe.dll
2009-09-13 03:56 . 2009-09-13 03:56 39424 --sha-w- c:windowssystem32mayotomo.dll
2009-09-12 04:04 . 2009-09-12 04:04 54272 --sha-w- c:windowssystem32pebuhewe.dll
2009-09-14 19:18 . 2009-09-14 19:18 61952 --sha-w- c:windowssystem32vajatika.dll
2009-09-14 19:18 . 2009-09-14 19:18 39424 --sha-w- c:windowssystem32vohelipe.dll
2009-09-13 03:56 . 2009-09-13 03:56 45568 --sha-w- c:windowssystem32wogutopa.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE~Browser Helper Objects{14a12408-071b-4e7c-8b8d-9c195174b0be}]
2009-09-12 04:04 54272 --sha-w- c:windowssystem32pebuhewe.dll

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"MSMSGS"="c:program filesMessengermsmsgs.exe" [2008-04-14 1695232]
"swg"="c:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe" [2007-06-26 68856]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"NvCplDaemon"="c:windowsSystem32NvCpl.dll" [2003-11-03 4800512]
"diagent"="c:program filesCreativeSBLiveDiagnosticsdiagent.exe" [2002-04-03 135264]
"UpdReg"="c:windowsUpdReg.EXE" [2000-05-11 90112]
"dla"="c:windowssystem32dlatfswctrl.exe" [2004-03-15 122933]
"Dell AIO Printer A920"="c:program filesDell AIO Printer A920dlbkbmgr.exe" [2003-06-02 270336]
"masqform.exe"="c:program filesPureEdgeViewer 6.0masqform.exe" [2004-01-27 1048576]
"Ulead AutoDetector"="c:program filesUlead SystemsUlead Photo Explorer 8.0 SE BasicMonitor.exe" [2003-11-18 45056]
"Ulead Photo Express Calendar Checker"="c:program filesUlead SystemsUlead Photo Express 5 SEcalcheck.exe" [2004-01-13 69632]
"QuickTime Task"="c:program filesQuickTimeqttask.exe" [2008-01-10 385024]
"VirusScannerPro"="c:progra~1AVANQU~1Fix-ItMemCheck.exe" [2007-09-01 173312]
"Symantec PIF AlertEng"="c:program filesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PifSvc.exe" [2007-03-12 517768]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]

c:documents and settingsAll UsersStart MenuProgramsStartup
Adobe Reader Speed Launch.lnk - c:program filesAdobeAcrobat 7.0Readerreader_sl.exe [2005-9-23 29696]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalsdauxservice]
@=""

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalsdcoreservice]
@=""

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
"%windir%\system32\sessmgr.exe"=
"%windir%\Network Diagnostic\xpnetdiag.exe"=
"c:\Program Files\Bonjour\mDNSResponder.exe"=

R2 tmpreflt;tmpreflt;c:progra~1AVANQU~1Fix-Ittmpreflt.sys [8/31/2007 12:36 PM 32528]
R3 MailScan;MailScan;c:progra~1AVANQU~1Fix-ItMailScan.sys [9/1/2007 5:58 AM 20496]
S3 ndisdrv;ndisdrv;c:windowssystem32ndisdrv.sys [7/16/2003 3:33 PM 2304]
S3 winsts;winsts;c:windowssystem32winsts.sys [7/16/2003 3:33 PM 2304]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MAILSCAN
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride =
IE: &Yahoo! Search - file:///c:program filesYahoo!Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:progra~1MICROS~3Office12EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:program filesYahoo!Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:program filesYahoo!Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:program filesYahoo!Common/ycsms.htm
TCP: {B5CE61BE-37D9-4C95-8031-F02ABCFDCCB3} = 193.104.110.38,4.2.2.1,192.168.1.254
.
- - - - ORPHANS REMOVED - - - -

BHO-{C5B24B16-23F2-41AD-F4E4-00ABC39C0004} - c:windowssystem32md2092f86.dll
HKCU-Run-ngqbbvca - c:documents and settingsAnthonyLocal SettingsApplication Datapdvqtjcivssysguard.exe
HKLM-Run-notepad - c:windowssystem32notepad.dll
HKLM-Run-StartServiceNMDECMPM - c:documents and settingsAnthonyLocal SettingsApplication DataNMDECMPMStartService.exe
HKLM-Run-ngqbbvca - c:documents and settingsAnthonyLocal SettingsApplication Datapdvqtjcivssysguard.exe
HKLM-Run-pafulomip - c:windowssystem32kidowavi.dll
HKLM-Run-pugirofuge - tafiwizo.dll
SharedTaskScheduler-{C5B24B16-23F2-41AD-F4E4-00ABC39C0004} - c:windowssystem32md2092f86.dll
SharedTaskScheduler-{e7eaac45-3be4-48bc-b587-c625968085e2} - c:windowssystem32wewusigo.dll
SharedTaskScheduler-{b10269a1-0229-4fcc-bcb7-1402f6331ecb} - c:windowssystem32sonosuje.dll
SharedTaskScheduler-{82e79279-52b7-4927-81cf-ce75211e8af6} - c:windowssystem32kidowavi.dll
SSODL-jinakabiw-{e7eaac45-3be4-48bc-b587-c625968085e2} - c:windowssystem32wewusigo.dll
SSODL-sudodefuf-{b10269a1-0229-4fcc-bcb7-1402f6331ecb} - c:windowssystem32sonosuje.dll
SSODL-jokufovag-{82e79279-52b7-4927-81cf-ce75211e8af6} - c:windowssystem32kidowavi.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-14 15:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3512)
c:windowssystem32WININET.dll
c:progra~1AVANQU~1Fix-ItWinHook.dll
c:windowssystem32ieframe.dll
c:windowssystem32mshtml.dll
.
------------------------ Other Running Processes ------------------------
.
c:windowssystem32LEXBCES.EXE
c:windowssystem32LEXPPS.EXE
c:program filesSymantecLiveUpdateAluSchedulerSvc.exe
c:program filesBonjourmDNSResponder.exe
c:windowsSystem32CTsvcCDA.exe
c:progra~1AVANQU~1Fix-Itmxtask.exe
c:program filesJavajre6binjqs.exe
c:windowsSystem32nvsvc32.exe
c:program filesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe
c:windowsSystem32MsPMSPSv.exe
c:progra~1AVANQU~1Fix-Itmxtask.exe
c:windowssystem32wscntfy.exe
c:program filesDell AIO Printer A920dlbkbmon.exe
.
**************************************************************************
.
Completion time: 2009-12-14 15:55:03 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-14 20:55
ComboFix2.txt 2009-12-08 19:36
ComboFix3.txt 2009-11-29 03:49

Pre-Run: 8,525,221,888 bytes free
Post-Run: 8,823,894,016 bytes free

- - End Of File - - 2C44215E99278466C0A299E811237243

descriptionplease help - Antivirus Live/Antivirus System Pro - Page 3 EmptyRe: please help - Antivirus Live/Antivirus System Pro

more_horiz

  • Download random's system information tool (RSIT) by random/random from here.
  • It is important that is saved to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

descriptionplease help - Antivirus Live/Antivirus System Pro - Page 3 EmptyRe: please help - Antivirus Live/Antivirus System Pro

more_horiz
here is the log.txt

Logfile of random's system information tool 1.06 (written by random/random)
Run by Anthony at 2009-12-15 14:53:34
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 8 GB (22%) free of 38 GB
Total RAM: 1279 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:53:38 PM, on 12/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\InternetSecurity2010\IS2010.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Anthony\Desktop\RSIT.exe
C:\Documents and Settings\Anthony\Desktop\Anthony.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - {14a12408-071b-4e7c-8b8d-9c195174b0be} - pebuhewe.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.0\masqform.exe -UpdateCurrentUser
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [Ulead Photo Express Calendar Checker] C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VirusScannerPro] C:\PROGRA~1\AVANQU~1\Fix-It\MemCheck.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [pafulomip] Rundll32.exe "c:\windows\system32\mosirope.dll",a
O4 - HKLM\..\Run: [pugirofuge] Rundll32.exe "tafiwizo.dll",s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Internet Security 2010] C:\Program Files\InternetSecurity2010\IS2010.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - https://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B5CE61BE-37D9-4C95-8031-F02ABCFDCCB3}: NameServer = 193.104.110.38,4.2.2.1,192.168.1.254
O20 - AppInit_DLLs: penipure.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Fix-It Task Manager - Avanquest Software USA, Inc. - C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 8465 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{14a12408-071b-4e7c-8b8d-9c195174b0be}]
C:\WINDOWS\system32\pebuhewe.dll [2009-09-11 54272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-02-07 251504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2003-11-03 4800512]
"diagent"=C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe [2002-04-03 135264]
"UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-03-15 122933]
"Dell AIO Printer A920"=C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe [2003-06-02 270336]
"masqform.exe"=C:\Program Files\PureEdge\Viewer 6.0\masqform.exe [2004-01-26 1048576]
"Ulead AutoDetector"=C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe [2003-11-18 45056]
"Ulead Photo Express Calendar Checker"=C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe [2004-01-12 69632]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-01-10 385024]
"VirusScannerPro"=C:\PROGRA~1\AVANQU~1\Fix-It\MemCheck.exe [2007-09-01 173312]
"Symantec PIF AlertEng"=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe [2007-03-12 517768]
"pafulomip"=c:\windows\system32\mosirope.dll,a []
"pugirofuge"=tafiwizo.dll,s []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-25 68856]
"Internet Security 2010"=C:\Program Files\InternetSecurity2010\IS2010.exe [2009-12-15 1363968]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="penipure.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
tafiwizo.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
""=
"NoDriveTypeAutoRun"=
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\WINDOWS\system32\dla\tfswctrl.exe"="C:\WINDOWS\system32\dla\tfswctrl.exe:*:Enabled:tfswctrl"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:explorer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-12-15 14:53:34 ----D---- C:\rsit
2009-12-15 14:46:40 ----A---- C:\ComboFix.txt
2009-12-15 14:29:12 ----D---- C:\Program Files\InternetSecurity2010
2009-12-15 02:10:51 ----A---- C:\WINDOWS\system32\wuyojaza.dll
2009-12-11 02:40:02 ----A---- C:\udhkiixx.exe
2009-12-11 02:40:00 ----A---- C:\pdvwd.exe
2009-12-11 02:40:00 ----A---- C:\nymeu.exe
2009-12-11 02:39:58 ----A---- C:\ryiasu.exe
2009-12-11 02:39:56 ----A---- C:\dcgwhpoh.exe
2009-12-09 21:52:24 ----D---- C:\Documents and Settings\All Users\Application Data\F-Secure
2009-12-09 03:04:45 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2009-12-09 03:04:20 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2009-12-09 03:03:43 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2009-12-09 03:02:54 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2009-12-09 03:02:42 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2009-12-08 20:09:48 ----D---- C:\Documents and Settings\Anthony\Application Data\Malwarebytes
2009-12-08 20:09:36 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-11-28 22:25:24 ----A---- C:\Boot.bak
2009-11-28 22:25:13 ----RASHD---- C:\cmdcons
2009-11-28 22:23:56 ----A---- C:\WINDOWS\NIRCMD.exe
2009-11-28 22:23:56 ----A---- C:\WINDOWS\MBR.exe
2009-11-28 22:23:53 ----A---- C:\WINDOWS\zip.exe
2009-11-28 22:23:53 ----A---- C:\WINDOWS\SWREG.exe
2009-11-28 22:23:53 ----A---- C:\WINDOWS\PEV.exe
2009-11-28 22:23:53 ----A---- C:\WINDOWS\grep.exe
2009-11-28 22:23:52 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-11-28 22:23:52 ----A---- C:\WINDOWS\SWSC.exe
2009-11-28 22:23:52 ----A---- C:\WINDOWS\sed.exe
2009-11-28 22:23:43 ----D---- C:\WINDOWS\ERDNT
2009-11-28 22:22:47 ----D---- C:\Qoobox
2009-11-27 11:21:16 ----D---- C:\Program Files\Trend Micro
2009-11-26 23:56:17 ----D---- C:\Program Files\Windows Live Safety Center
2009-11-26 03:01:21 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2009-11-26 03:01:10 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$

======List of files/folders modified in the last 1 months======

2009-12-15 14:53:36 ----D---- C:\WINDOWS\Prefetch
2009-12-15 14:46:43 ----D---- C:\WINDOWS\system32\drivers
2009-12-15 14:46:42 ----D---- C:\WINDOWS\Temp
2009-12-15 14:45:43 ----D---- C:\WINDOWS\system32\CatRoot2
2009-12-15 14:41:36 ----AD---- C:\WINDOWS
2009-12-15 14:41:36 ----A---- C:\WINDOWS\system.ini
2009-12-15 14:37:43 ----D---- C:\WINDOWS\system32\config
2009-12-15 14:37:04 ----SD---- C:\WINDOWS\Tasks
2009-12-15 14:37:04 ----D---- C:\WINDOWS\system32
2009-12-15 14:36:03 ----D---- C:\WINDOWS\AppPatch
2009-12-15 14:35:58 ----D---- C:\Program Files\Common Files
2009-12-15 14:31:53 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-12-15 14:31:28 ----SHD---- C:\System Volume Information
2009-12-15 14:31:28 ----D---- C:\WINDOWS\system32\Restore
2009-12-15 14:29:12 ----D---- C:\Program Files
2009-12-11 01:50:16 ----HD---- C:\WINDOWS\inf
2009-12-09 21:46:05 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-12-09 15:38:23 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-09 03:04:48 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-12-09 03:04:40 ----SHD---- C:\WINDOWS\Installer
2009-12-09 03:04:24 ----A---- C:\WINDOWS\imsins.BAK
2009-12-09 03:03:41 ----HD---- C:\WINDOWS\$hf_mig$
2009-12-09 03:03:30 ----D---- C:\WINDOWS\system32\en-US
2009-12-09 03:03:30 ----D---- C:\Program Files\Internet Explorer
2009-12-08 23:19:22 ----D---- C:\Program Files\Full Tilt Poker
2009-12-08 21:30:17 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2009-12-03 20:34:28 ----D---- C:\_Backup
2009-11-30 03:00:22 ----D---- C:\WINDOWS\WinSxS
2009-11-28 22:37:04 ----D---- C:\Program Files\Spyware Doctor
2009-11-28 22:25:24 ----RASH---- C:\boot.ini
2009-11-28 22:12:27 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-11-27 00:31:17 ----A---- C:\WINDOWS\OEWABLog.txt

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 OMCI;OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-01-14 5621]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-01-14 23219]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2003-07-16 12032]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-02-27 40480]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\System32\PfModNT.sys []
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\System32\drivers\symlcbrd.sys []
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-03-15 25685]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-03-15 34837]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-03-15 4117]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-03-15 2233]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-03-15 85972]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-03-15 14229]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-03-15 6357]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-03-15 98580]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-03-15 100597]
R2 tmpreflt;tmpreflt; \??\C:\PROGRA~1\AVANQU~1\Fix-It\tmpreflt.sys []
R2 tmxpflt;tmxpflt; \??\C:\PROGRA~1\AVANQU~1\Fix-It\tmxpflt.sys []
R2 Vsapint;Vsapint; \??\C:\PROGRA~1\AVANQU~1\Fix-It\Vsapint.sys []
R3 catchme;catchme; \??\C:\commy\catchme.sys []
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2003-03-04 145408]
R3 MailScan;MailScan; \??\C:\PROGRA~1\AVANQU~1\Fix-It\MailScan.sys []
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2003-11-03 1330940]
R3 P16X;Creative SB Live! Series (WDM); C:\WINDOWS\system32\drivers\P16X.sys [2003-08-14 1296384]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 mbr;mbr; \??\C:\DOCUME~1\Anthony\LOCALS~1\Temp\mbr.sys []
S3 ndisdrv;ndisdrv; \??\C:\WINDOWS\system32\ndisdrv.sys []
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 winsts;winsts; \??\C:\WINDOWS\system32\winsts.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [2007-08-31 243064]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\System32\CTsvcCDA.exe [1999-12-13 44032]
R2 Fix-It Task Manager;Fix-It Task Manager; C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe [2007-09-01 152832]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-04-25 152984]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-06-02 303104]
R2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe [2007-03-12 517768]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\System32\nvsvc32.exe [2003-11-03 73728]
R2 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2008-01-23 1251720]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [2000-06-26 53520]
S3 LiveUpdate;LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE [2007-08-23 3192184]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------



here is the info.txt

info.txt logfile of random's system information tool 1.06 2009-12-15 14:53:39

======Uninstall list======

-->"C:\Program Files\Creative\SBLive\Program\Ctzapxx.EXE" /X /U /S /R
-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
-->C:\WINDOWS\System32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48E3A9E6-FA13-11D5-8CC9-00A0C98192B6}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48E3A9E6-FA13-11D5-8CC9-00A0C98192B6}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{51F5239C-197B-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{51F5239C-197B-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7337A45-3FE5-4392-ABBB-26B794D060C9}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7337A45-3FE5-4392-ABBB-26B794D060C9}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 5.0 Sprint-->MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
Adobe Download Manager 2.2 (Remove Only)-->"C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.7-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70700000002}
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Dell AIO Printer A920-->C:\WINDOWS\System32\spool\drivers\w32x86\3\DLBKUN5C.EXE -dDell AIO Printer A920
Dell ResourceCD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
FaxTools-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F45298E5-0083-426F-A668-1A2C5F04B8A0}\setup.exe" -l0x9 ControlPanel
Fix-It Utilities 8 Professional-->MsiExec.exe /I{5158974E-2D28-4018-9335-7694C2974746}
Full Tilt Poker-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}\setup.exe" -l0x9 -removeonly
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0531C63A913CC9D1.exe" /uninstall
HijackThis 2.0.2-->"C:\Documents and Settings\Anthony\Desktop\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
ICS Viewer 6.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E0000600-0600-0600-0600-000000000600}\Setup.exe" -l0x9 -uninst
Intel(R) PRO Network Adapters and Drivers-->Prounstl.exe
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
LiveUpdate (Symantec Corporation)-->MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate"
LiveUpdate (Symantec Corporation)-->MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}
LiveUpdate Notice (Symantec Corporation)-->MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Basic Edition 2003-->MsiExec.exe /I{91130409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
NVIDIA Windows 2000/XP Display Drivers-->rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvdd.inf
PFE Gold-->C:\PROGRA~1\PFESTU~1\UNWISE.EXE C:\PROGRA~1\PFESTU~1\INSTALL.LOG
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB974455)-->"C:\WINDOWS\ie7updates\KB974455-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB976325)-->"C:\WINDOWS\ie7updates\KB976325-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sound Blaster Live!-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{96E16100-A77F-4B31-B9AD-FFBA040EE1BD}\SETUP.EXE" -l0x9
Symantec KB-DocID:2003093015493306-->MsiExec.exe /I{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}
Ulead Photo Explorer 8.0 SE Basic-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D271DAE0-8D68-4C97-8356-A126D48A1D8C}\Setup.exe" -l0x9
Ulead Photo Express 5 SE-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{31383A1D-FAE6-435A-9DBD-FDB61C7C8EC9}\Setup.exe" -l0x9
Update for Windows Internet Explorer 7 (KB976749)-->"C:\WINDOWS\ie7updates\KB976749-IE7\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Yahoo! Browser Services-->C:\PROGRA~1\Yahoo!\Common\unyext.exe
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe

======System event log======

Computer Name: BOPREY1
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because nȯne of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 56080
Source Name: W32Time
Time Written: 20091206125933.000000-300
Event Type: warning
User:

Computer Name: BOPREY1
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because nȯne of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 55949
Source Name: W32Time
Time Written: 20091129125912.000000-300
Event Type: warning
User:

Computer Name: BOPREY1
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because nȯne of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 55822
Source Name: W32Time
Time Written: 20091128014231.000000-300
Event Type: warning
User:

Computer Name: BOPREY1
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 55742
Source Name: Tcpip
Time Written: 20091127010504.000000-300
Event Type: warning
User:

Computer Name: BOPREY1
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because nȯne of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 55557
Source Name: W32Time
Time Written: 20091126165841.000000-300
Event Type: warning
User:

=====Application event log=====

Computer Name: BOPREY1
Event Code: 1000
Message: Faulting application googletoolbarmanager_0531c63a913cc9d1.exe, version 5.0.2124.6042, faulting module googletoolbarmanager_0531c63a913cc9d1.exe, version 5.0.2124.6042, fault address 0x000a5e43.

Record Number: 58252
Source Name: Application Error
Time Written: 20091006184207.000000-240
Event Type: error
User:

Computer Name: BOPREY1
Event Code: 1000
Message: Faulting application googletoolbarmanager_0531c63a913cc9d1.exe, version 5.0.2124.6042, faulting module googletoolbarmanager_0531c63a913cc9d1.exe, version 5.0.2124.6042, fault address 0x000a5e43.

Record Number: 58251
Source Name: Application Error
Time Written: 20091006184201.000000-240
Event Type: error
User:

Computer Name: BOPREY1
Event Code: 101
Message: Information Level: error

Initialization of the COM subsystem failed. Error code: 0x8007041D.

Record Number: 58231
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20091006175915.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: BOPREY1
Event Code: 101
Message: Information Level: error

Initialization of the COM subsystem failed. Error code: 0x8007041D.

Record Number: 58171
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20091005211528.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: BOPREY1
Event Code: 101
Message: Information Level: error

Initialization of the COM subsystem failed. Error code: 0x8007041D.

Record Number: 58113
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20091005002157.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\Common Files\Ulead Systems\DVD;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip

-----------------EOF-----------------

descriptionplease help - Antivirus Live/Antivirus System Pro - Page 3 EmptyRe: please help - Antivirus Live/Antivirus System Pro

more_horiz
Please go to Start > Control Panel > Add or Remove Programs and remove the following (if present):


  • InternetSecurity2010


Please re-open HijackThis and scan. Check the boxes to the left of all the entries listed below.

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - {14a12408-071b-4e7c-8b8d-9c195174b0be} - pebuhewe.dll (file missing)
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [pafulomip] Rundll32.exe "c:\windows\system32\mosirope.dll",a
O4 - HKLM\..\Run: [pugirofuge] Rundll32.exe "tafiwizo.dll",s
O4 - HKCU\..\Run: [Internet Security 2010] C:\Program Files\InternetSecurity2010\IS2010.exe
O20 - AppInit_DLLs: penipure.dll

Then, please exit all programs except for HijackThis (System Tray (bottom right of screen): right-click on each program icon and click an Exit or shut down option, etc.), then click Fix Checked.

Please reboot your computer, and post a new HijackThis log here in your next reply.

==

Re-running ComboFix to remove infections:

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    Registry::
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{14a12408-071b-4e7c-8b8d-9c195174b0be}]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "pafulomip"=-
    "pugirofuge"=-

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "Internet Security 2010"=-

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS"=-

    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]


    File::
    C:\WINDOWS\system32\wuyojaza.dll
    C:\udhkiixx.exe
    C:\pdvwd.exe
    C:\nymeu.exe
    C:\ryiasu.exe
    C:\dcgwhpoh.exe
    C:\WINDOWS\system32\winsts.sys
    C:\WINDOWS\UpdReg.EXE
    c:\windows\system32\mosirope.dll


    Folder::
    C:\Program Files\InternetSecurity2010
  4. Save this as CFScript.txt, in the same location as ComboFix.exe

    please help - Antivirus Live/Antivirus System Pro - Page 3 2v3rg44

  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


==

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    Code:


    :filefind
    tafiwizo.dll
    penipure.dll



  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

==

Please go HERE. Copy and paste the following file path in to the box.

C:\WINDOWS\system32\winsts.sys

Do the same for these two files:

C:\windows\system32\userinit.exe
C:\windows\explorer.exe


Then click submit. (Do re-scans. Do not get old results.).

Please post the results (URL from the address bar) to your next reply. Also, post the new HijackThis log, SystemLook log, and ComboFix log.

descriptionplease help - Antivirus Live/Antivirus System Pro - Page 3 EmptyRe: please help - Antivirus Live/Antivirus System Pro

more_horiz
i did all of what you said, except for the CFScript and Combofix. When i tried to use it, i got a message saying ComboFix was currently offline. I guess ill just try it later, but here are the other logs.

HijackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:25:00 PM, on 12/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Anthony\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.0\masqform.exe -UpdateCurrentUser
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [Ulead Photo Express Calendar Checker] C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VirusScannerPro] C:\PROGRA~1\AVANQU~1\Fix-It\MemCheck.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - https://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B5CE61BE-37D9-4C95-8031-F02ABCFDCCB3}: NameServer = 193.104.110.38,4.2.2.1,192.168.1.254
O20 - AppInit_DLLs: penipure.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Fix-It Task Manager - Avanquest Software USA, Inc. - C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 7863 bytes


SystemLook log
SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 23:38 on 15/12/2009 by Anthony (Administrator - Elevation successful)

========== filefind ==========

Searching for "tafiwizo.dll"
No files found.

Searching for "penipure.dll"
No files found.

-=End Of File=-


Virustotal
winsts.sys results http://www.virustotal.com/analisis/62e598ba24d2f021240997044de9b38803bb47c229182981ee707925486cc94b-1260938501

userinit.exe results http://www.virustotal.com/analisis/944cd2135e171af338352568aa7fe1b8004733a4281395ad6723e0cf43d5f53f-1260938645

explorer.exe results http://www.virustotal.com/analisis/1e675cb7df214172f7eb0497f7275556038a0d09c6e5a3e6862c5e26885ef455-1260938758

descriptionplease help - Antivirus Live/Antivirus System Pro - Page 3 EmptyRe: please help - Antivirus Live/Antivirus System Pro

more_horiz
Please copy and paste the following in to Notepad:

Code:

Windows Registry Editor 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{14a12408-071b-4e7c-8b8d-9c195174b0be}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"pafulomip"=-
"pugirofuge"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Internet Security 2010"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=-

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]


Then click File > Save as
Save it to the Desktop as killthem.reg
Save as type: All files.

==

Please copy and paste the following in to Notepad:

Code:


del C:\WINDOWS\system32\wuyojaza.dll
del C:\udhkiixx.exe
del C:\pdvwd.exe
del C:\nymeu.exe
del C:\ryiasu.exe
del C:\dcgwhpoh.exe
del C:\WINDOWS\system32\winsts.sys
del C:\WINDOWS\UpdReg.EXE
del c:\windows\system32\mosirope.dll
del "C:\Program Files\InternetSecurity2010"
del C:\WINDOWS\system32\winsts.sys
exit


Then click File > Save as
Save to the Desktop as blackpudding.bat
And Save as type: All Files.

==

Double-click on each of them. Allow them to finish. Then do the following:

Please download DDS by sUBs from BleepingComputer.com or Forospyware.com and save it to your Desktop.

Note: Before scanning, make sure all other running programs are closed. There shouldn't be any scheduled antivirus scans running while the scan is being performed. Do not use your computer for anything else during the scan.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click Yes to the Optional_Scan
  • Please follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your Desktop.

descriptionplease help - Antivirus Live/Antivirus System Pro - Page 3 EmptyRe: please help - Antivirus Live/Antivirus System Pro

more_horiz
i made the two files you asked, but when i ran the killthem.reg, it said i cant import it because it is not a registry script, and i can only import binary registry files from within the registry editor. Im not sure what that means exactly, or if you wanted me the continue with the dds scan. The blackpudding file worked fine though.

descriptionplease help - Antivirus Live/Antivirus System Pro - Page 3 EmptyRe: please help - Antivirus Live/Antivirus System Pro

more_horiz
Try this script for the Registry instead:

Code:

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{14a12408-071b-4e7c-8b8d-9c195174b0be}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"pafulomip"=-
"pugirofuge"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Internet Security 2010"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=-

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

descriptionplease help - Antivirus Live/Antivirus System Pro - Page 3 EmptyRe: please help - Antivirus Live/Antivirus System Pro

more_horiz
okay, the new registry script worked. I got a question about the dds scan though. I got the two logs, but one said to zip it and attach it to the forum. Do you want me to do that, and if yes, than can u tell me how? Here is the first log from the scan.


DDS (Ver_09-12-01.01) - NTFSx86
Run by Anthony at 21:43:47.96 on Wed 12/16/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1279.895 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
svchost.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Anthony\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride =
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [diagent] "c:\program files\creative\sblive\diagnostics\diagent.exe" startup
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [Dell AIO Printer A920] "c:\program files\dell aio printer a920\dlbkbmgr.exe"
mRun: [masqform.exe] c:\program files\pureedge\viewer 6.0\masqform.exe -UpdateCurrentUser
mRun: [Ulead AutoDetector] c:\program files\ulead systems\ulead photo explorer 8.0 se basic\Monitor.exe
mRun: [Ulead Photo Express Calendar Checker] c:\program files\ulead systems\ulead photo express 5 se\calcheck.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [VirusScannerPro] c:\progra~1\avanqu~1\fix-it\MemCheck.exe
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
mPolicies-explorer: =
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {32505657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - hxxps://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: {B5CE61BE-37D9-4C95-8031-F02ABCFDCCB3} = 193.104.110.38,4.2.2.1,192.168.1.254

============= SERVICES / DRIVERS ===============

R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-2-23 1251720]
R2 tmpreflt;tmpreflt;c:\progra~1\avanqu~1\fix-it\tmpreflt.sys [2007-8-31 32528]
R3 MailScan;MailScan;c:\progra~1\avanqu~1\fix-it\MailScan.sys [2007-9-1 20496]
S3 ndisdrv;ndisdrv;c:\windows\system32\ndisdrv.sys [2003-7-16 2304]
S3 winsts;winsts;\??\c:\windows\system32\winsts.sys --> c:\windows\system32\winsts.sys [?]

=============== Created Last 30 ================

2009-12-15 19:29:12 0 d-----w- c:\program files\InternetSecurity2010
2009-12-11 07:40:12 20 ----a-w- c:\windows\system32\crt.dat
2009-12-10 02:52:24 0 d-----w- c:\docume~1\alluse~1\applic~1\F-Secure
2009-12-09 01:09:48 0 d-----w- c:\docume~1\anthony\applic~1\Malwarebytes
2009-12-09 01:09:36 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-11-29 03:25:13 0 d-sha-r- C:\cmdcons
2009-11-29 03:23:56 77312 ----a-w- c:\windows\MBR.exe
2009-11-29 03:23:53 260096 ----a-w- c:\windows\PEV.exe
2009-11-29 03:23:53 161792 ----a-w- c:\windows\SWREG.exe
2009-11-29 03:23:52 98816 ----a-w- c:\windows\sed.exe
2009-11-27 16:21:16 0 d-----w- c:\program files\Trend Micro

==================== Find3M ====================

2009-10-29 07:46:59 832512 ------w- c:\windows\system32\wininet.dll
2009-10-29 07:46:52 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:46:50 17408 ----a-w- c:\windows\system32\corpol.dll
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20:16 265728 ------w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll
2009-09-12 04:03:25 39424 --sha-w- c:\windows\system32\barijatu.dll
2009-09-15 19:18:41 39424 --sha-w- c:\windows\system32\buhovawu.dll
2009-09-12 04:03:25 54272 --sha-w- c:\windows\system32\kabujupe.dll
2009-09-13 03:56:14 39424 --sha-w- c:\windows\system32\mayotomo.dll
2009-09-15 19:18:41 62464 --sha-w- c:\windows\system32\mikowuto.dll
2009-09-12 04:04:01 54272 --sha-w- c:\windows\system32\pebuhewe.dll
2009-09-15 07:18:28 45568 --sha-w- c:\windows\system32\romotaja.dll
2009-09-14 19:18:29 61952 --sha-w- c:\windows\system32\vajatika.dll
2009-09-14 19:18:32 39424 --sha-w- c:\windows\system32\vohelipe.dll
2009-09-13 03:56:15 45568 --sha-w- c:\windows\system32\wogutopa.dll
2009-09-15 07:18:28 92672 --sha-w- c:\windows\system32\yihenori.dll

============= FINISH: 21:44:17.09 ===============

descriptionplease help - Antivirus Live/Antivirus System Pro - Page 3 EmptyRe: please help - Antivirus Live/Antivirus System Pro

more_horiz
Download The Avenger by Swandog46 from here.

  • Unzip/extract it to a folder on your desktop.
  • Double click on avenger.exe to run The Avenger.
  • Click OK.
  • Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
  • Copy all of the lines in between the **** stars lines **** below textbox to the clibpboard by highlighting it and then pressing Ctrl C.
    ***********************************************
    Files to delete:
    c:\windows\system32\winsts.sys
    c:\windows\system32\oakley.dll
    c:\windows\system32\raschap.dll
    c:\windows\system32\barijatu.dll
    c:\windows\system32\buhovawu.dll
    c:\windows\system32\kabujupe.dll
    c:\windows\system32\mayotomo.dll
    c:\windows\system32\mikowuto.dll
    c:\windows\system32\pebuhewe.dll
    c:\windows\system32\romotaja.dll
    c:\windows\system32\vajatika.dll
    c:\windows\system32\vohelipe.dll
    c:\windows\system32\wogutopa.dll
    c:\windows\system32\yihenori.dll

    Drivers to delete:
    winsts

    Folders to delete:
    c:\program files\InternetSecurity2010

    ***********************************************
  • In the avenger window, click the Paste Script from Clipboard icon, please help - Antivirus Live/Antivirus System Pro - Page 3 Pastets4 button.
  • ! Make sure that what appears in Avenger matches exactly what you were asked to Copy/Paste from the Code box above.
  • Click the Execute button.
  • You will be asked Are you sure you want to execute the current script?.
  • Click Yes.
  • You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
  • Click Yes.
  • Your PC will now be rebooted.
  • Note: If the above script contains Drivers to delete: or Drivers to disable:, then The Avenger will require two reboots to complete its operation.
  • If that is the case, it will force a BSOD on the first reboot. This is normal & expected behaviour.
  • After your PC has completed the necessary reboots, a log should automatically open. Please copy/paste the contents of c:\avenger.txt into your next reply.
Not
all the items will be found; so do not worry. Hopefully enough of the
rootkit will be removed so that we can continue forward with more
cleaning.
If you get a blue screen abort when it reboots, please write down all the information, STOP codes and description.
and then reboot the system again.

==

Please copy and paste the following in to Notepad:

Code:

echo System File Reliability > chksystem.txt
echo Program based from Cheetah Anti-Rogue >> chksystem.txt
echo by DragonMaster Jay >> chksystem.txt
echo. >> chksystem.txt
dir C:\WINDOWS\system32\svchost >> chksystem.txt

echo. >> chksystem.txt
echo EOF >> chksystem.txt

Then, click File > Save as
Save to the Desktop as chksystem.bat
Change Save as type to All Files.
Click the Save button and exit Notepad.

Double-click on it to run.
Then post the contents of chksystem.txt as well as the Avenger log.

descriptionplease help - Antivirus Live/Antivirus System Pro - Page 3 EmptyRe: please help - Antivirus Live/Antivirus System Pro

more_horiz
here are the two log files.
Avenger logfile

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: file "c:\windows\system32\winsts.sys" not found!
Deletion of file "c:\windows\system32\winsts.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "c:\windows\system32\oakley.dll" deleted successfully.
File "c:\windows\system32\raschap.dll" deleted successfully.
File "c:\windows\system32\barijatu.dll" deleted successfully.
File "c:\windows\system32\buhovawu.dll" deleted successfully.
File "c:\windows\system32\kabujupe.dll" deleted successfully.
File "c:\windows\system32\mayotomo.dll" deleted successfully.
File "c:\windows\system32\mikowuto.dll" deleted successfully.
File "c:\windows\system32\pebuhewe.dll" deleted successfully.
File "c:\windows\system32\romotaja.dll" deleted successfully.
File "c:\windows\system32\vajatika.dll" deleted successfully.
File "c:\windows\system32\vohelipe.dll" deleted successfully.
File "c:\windows\system32\wogutopa.dll" deleted successfully.
File "c:\windows\system32\yihenori.dll" deleted successfully.
Driver "winsts" deleted successfully.
Folder "c:\program files\InternetSecurity2010" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.


Chksystem logfile

System File Reliability
Program based from Cheetah Anti-Rogue
by DragonMaster Jay

Volume in drive C has no label.
Volume Serial Number is 187E-5C0A

Directory of C:\WINDOWS\system32


EOF

descriptionplease help - Antivirus Live/Antivirus System Pro - Page 3 EmptyRe: please help - Antivirus Live/Antivirus System Pro

more_horiz
Please re-run DDS and post a log.

descriptionplease help - Antivirus Live/Antivirus System Pro - Page 3 EmptyRe: please help - Antivirus Live/Antivirus System Pro

more_horiz
here is the new DDS log.


DDS (Ver_09-12-01.01) - NTFSx86
Run by Anthony at 12:39:09.56 on Thu 12/17/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1279.896 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Anthony\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride =
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [diagent] "c:\program files\creative\sblive\diagnostics\diagent.exe" startup
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [Dell AIO Printer A920] "c:\program files\dell aio printer a920\dlbkbmgr.exe"
mRun: [masqform.exe] c:\program files\pureedge\viewer 6.0\masqform.exe -UpdateCurrentUser
mRun: [Ulead AutoDetector] c:\program files\ulead systems\ulead photo explorer 8.0 se basic\Monitor.exe
mRun: [Ulead Photo Express Calendar Checker] c:\program files\ulead systems\ulead photo express 5 se\calcheck.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [VirusScannerPro] c:\progra~1\avanqu~1\fix-it\MemCheck.exe
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
mPolicies-explorer: =
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {32505657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - hxxps://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: {B5CE61BE-37D9-4C95-8031-F02ABCFDCCB3} = 193.104.110.38,4.2.2.1,192.168.1.254
LSA: Notification Packages = scecli tafiwizo.dll

============= SERVICES / DRIVERS ===============

R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-2-23 1251720]
R2 tmpreflt;tmpreflt;c:\progra~1\avanqu~1\fix-it\tmpreflt.sys [2007-8-31 32528]
R3 MailScan;MailScan;c:\progra~1\avanqu~1\fix-it\MailScan.sys [2007-9-1 20496]
S3 ndisdrv;ndisdrv;c:\windows\system32\ndisdrv.sys [2003-7-16 2304]

=============== Created Last 30 ================

2009-12-11 07:40:12 20 ----a-w- c:\windows\system32\crt.dat
2009-12-10 02:52:24 0 d-----w- c:\docume~1\alluse~1\applic~1\F-Secure
2009-12-09 01:09:48 0 d-----w- c:\docume~1\anthony\applic~1\Malwarebytes
2009-12-09 01:09:36 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-11-29 03:25:13 0 d-sha-r- C:\cmdcons
2009-11-29 03:23:56 77312 ----a-w- c:\windows\MBR.exe
2009-11-29 03:23:53 260096 ----a-w- c:\windows\PEV.exe
2009-11-29 03:23:53 161792 ----a-w- c:\windows\SWREG.exe
2009-11-29 03:23:52 98816 ----a-w- c:\windows\sed.exe
2009-11-27 16:21:16 0 d-----w- c:\program files\Trend Micro

==================== Find3M ====================

2009-10-29 07:46:59 832512 ------w- c:\windows\system32\wininet.dll
2009-10-29 07:46:52 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:46:50 17408 ----a-w- c:\windows\system32\corpol.dll
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20:16 265728 ------w- c:\windows\system32\drivers\http.sys
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll

============= FINISH: 12:39:39.39 ===============

descriptionplease help - Antivirus Live/Antivirus System Pro - Page 3 EmptyAntivirus Live

more_horiz
Moderated Message: Hello, your comment has been removed. Please do not post in another member's topic. If you need help, please read this over and click here to open a new topic. -Belahzur

descriptionplease help - Antivirus Live/Antivirus System Pro - Page 3 EmptyRe: please help - Antivirus Live/Antivirus System Pro

more_horiz
Now, please post a new HijackThis log.

descriptionplease help - Antivirus Live/Antivirus System Pro - Page 3 EmptyRe: please help - Antivirus Live/Antivirus System Pro

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum