Help - Search - Members - Calendar
Full Version: virtumonde
Gladiator Security Forum > Malware Help Forum > HELP! Think you are Infected?
IstMon58
Jan 24 2009, 11:52 PM
I have been infected by these three viruses Virtumonde, Virtumonde.generic, Virtumonde.sci.
The last one is undeletable for spybot search&destroy. I don't know what to do.

Can you help me please?



Virtumonde: [SBI $8F2A4A7E] Class ID (Registry ključ, fixed)
HKEY_CLASSES_ROOT\CLSID\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}

Virtumonde.generic: [SBI $1BB1339D] Browser helper object (Registry ključ, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}

Virtumonde.generic: [SBI $2F10E03B] Settings (Registry vrijednost, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}

Virtumonde.sci: [SBI $D87CA6BD] Class ID (Registry vrijednost, fixing failed)
HKEY_CLASSES_ROOT\CLSID\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}\InprocServer32\=...C:\WINDOWS\system32\pmnmmNEt.dll...
LoPhatPhuud
Jan 25 2009, 04:31 PM
First:
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application. (If using Windows Vista, be sure to "Run As Administrator")
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Acan" option is selected.
    • Then click on the Scan button.
  • The next screen will ask you to select the drives to scan. Leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Second:
Please download ATF Cleaner by Atribune.
    Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


Third:
Click Here to download the current version of HiJackThis.

  • Save HJTInstall.exe to your desktop.
  • Open Notepad > Click on Format > Uncheck Word wrap, if checked.
  • Double-click on the desktop icon for HJTINstall.exe.
  • By default it will install to C:\Program Files\Trend Micro\HiJackThis.
  • Continue to click Next in the setup dialogue boxes until you get to the Select Additional Tasks dialogue.
  • Put a check by Create a desktop icon then click Next again.
  • Continue to follow the rest of the prompts from there.
  • At the final dialogue box click Finish and HijackThis (HJT) will launch.
  • Go ahead and close HiJackThis at this point. It will be run automatically as part of the next step.


To see a tutorial with screenshots on using HijackThis you can click on the link below:
How to use HijackThis to remove Browser Hijackers, Malware, & Spyware


Fourth:
1. Download Random's system information tool (RSIT) from here:
http://images.malwareremoval.com/random/RSIT.exe

Choose to *save* the file to your desktop.

2. Double click on RSIT.exe to run the tool.

3. Click *Continue* at the disclaimer screen.

4. Once it has finished, two logs will open in two separate notepad instances.

Please post the contents of both log.txt (will be maximized) and info.txt (will be minimized). You can just copy and paste the text from those logs into a reply to this topic here.
IstMon58
Jan 26 2009, 01:20 AM


Maybe i solved a problem with spyware doctor, but i'm not sure.

Anyway, here is the logs

Thanks

_____


Logfile of random's system information tool 1.05 (written by random/random)
Run by User at 2009-01-26 02:13:10
Microsoft Windows XP Professional Service Pack 3
System drive C: has 59 GB (77%) free of 76 GB
Total RAM: 503 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:13:15, on 26.1.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\cFosSpeed\spd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\TheWorld 2.0\TheWorld.exe
C:\Documents and Settings\User\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\User.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.hr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: recfree3 Toolbar - {3d708b11-b57c-4aba-98f2-141dcf6c6ff8} - C:\Program Files\RadarSyncBar2\tbRad1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: recfree3 Toolbar - {3d708b11-b57c-4aba-98f2-141dcf6c6ff8} - C:\Program Files\RadarSyncBar2\tbRad1.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: recfree3 Toolbar - {3d708b11-b57c-4aba-98f2-141dcf6c6ff8} - C:\Program Files\RadarSyncBar2\tbRad1.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [pctsGui.exe] C:\Program Files\Spyware Doctor\pctsGui.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1197880606984
O17 - HKLM\System\CCS\Services\Tcpip\..\{C9BE906B-9CCB-4CA4-B9E6-9B1333814781}: NameServer = 85.37.17.51 85.38.28.97
O20 - Winlogon Notify: pmnmmNEt - pmnmmNEt.dll (file missing)
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 7800 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll [2003-05-15 50376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3d708b11-b57c-4aba-98f2-141dcf6c6ff8}]
recfree3 Toolbar - C:\Program Files\RadarSyncBar2\tbRad1.dll [2009-01-24 1784856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-13 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-01-13 251504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2009-01-13 657904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2009-01-13 522224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-13 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-13 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]
{3d708b11-b57c-4aba-98f2-141dcf6c6ff8} - recfree3 Toolbar - C:\Program Files\RadarSyncBar2\tbRad1.dll [2009-01-24 1784856]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-01-13 251504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-01-13 136600]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2007-01-05 872448]
"pctsGui.exe"=C:\Program Files\Spyware Doctor\pctsGui.exe [2009-01-24 2873224]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-01-14 399504]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-01-13 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-01-15 147456]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-01-13 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="wbsys.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-02-15 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmnmmNEt]
pmnmmNEt.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WB]
C:\Program Files\AlienGUIse\fastload.dll [2001-12-20 24576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispCPL"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoInstrumentation"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"ForceClassicControlPanel"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\PuAzZo\mirc.exe"="C:\PuAzZo\mirc.exe:*:Enabled:mIRC"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bfb1a08b-0d50-11dc-92df-806d6172696f}]
shell\AutoRun\command - D:\Programs\nu2menu\nu2menu.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f1f273d9-aa19-11dc-9796-806d6172696f}]
shell\AutoRun\command - D:\Programs\nu2menu\nu2menu.exe


======List of files/folders created in the last 1 months======

2009-01-26 02:13:10 ----D---- C:\rsit
2009-01-26 02:04:43 ----D---- C:\Program Files\Trend Micro
2009-01-26 01:49:31 ----D---- C:\Documents and Settings\User\Application Data\Malwarebytes
2009-01-26 01:49:25 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-26 01:49:25 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-01-25 23:43:15 ----A---- C:\WINDOWS\plugin.ini
2009-01-25 23:32:19 ----D---- C:\Downloads
2009-01-25 23:25:10 ----D---- C:\Program Files\TheWorld 2.0
2009-01-25 02:25:54 ----D---- C:\Program Files\Lavasoft
2009-01-24 02:46:21 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-01-24 02:46:17 ----D---- C:\Program Files\Common Files\PC Tools
2009-01-24 02:46:10 ----D---- C:\Program Files\Spyware Doctor
2009-01-24 02:46:10 ----D---- C:\Documents and Settings\User\Application Data\PC Tools
2009-01-24 02:46:10 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools
2009-01-24 02:45:01 ----D---- C:\Documents and Settings\All Users\Application Data\Avg8
2009-01-24 01:05:41 ----HD---- C:\WINDOWS\PIF
2009-01-24 00:43:03 ----D---- C:\Documents and Settings\User\Application Data\Smart PC Solutions
2009-01-24 00:42:22 ----D---- C:\Program Files\Smart PC Solutions
2009-01-24 00:09:32 ----D---- C:\PuAzZo
2009-01-24 00:02:38 ----D---- C:\Program Files\Conduit
2009-01-24 00:02:28 ----D---- C:\Program Files\RadarSyncBar2
2009-01-23 23:53:45 ----D---- C:\Program Files\eToro
2009-01-23 20:02:01 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-01-23 20:01:55 ----D---- C:\Documents and Settings\User\Application Data\SUPERAntiSpyware.com
2009-01-23 20:01:43 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-01-22 01:51:40 ----D---- C:\Documents and Settings\User\Application Data\vlc
2009-01-22 01:50:40 ----D---- C:\Program Files\VideoLAN
2009-01-21 14:50:31 ----D---- C:\Program Files\Stardock
2009-01-21 14:38:28 ----D---- C:\WINDOWS\Icons
2009-01-21 14:22:33 ----D---- C:\Documents and Settings\User\Application Data\AdobeUM
2009-01-18 21:14:39 ----A---- C:\WINDOWS\wb.ini
2009-01-18 21:14:38 ----A---- C:\WINDOWS\system32\wbsys.dll
2009-01-18 21:14:37 ----D---- C:\Program Files\Common Files\Stardock
2009-01-18 21:14:37 ----D---- C:\Program Files\AlienGUIse
2009-01-18 20:13:23 ----D---- C:\Program Files\QUAD Utilities
2009-01-15 12:59:24 ----D---- C:\SWSetup
2009-01-15 03:03:35 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-01-14 22:45:08 ----D---- C:\Documents and Settings\User\Application Data\GRETECH
2009-01-14 22:43:45 ----D---- C:\Program Files\GRETECH
2009-01-14 21:36:54 ----D---- C:\Documents and Settings\User\Application Data\LimeWire
2009-01-14 21:36:41 ----D---- C:\Program Files\LimeWire
2009-01-14 15:24:34 ----D---- C:\Documents and Settings\User\Application Data\DivX
2009-01-14 01:19:33 ----A---- C:\WINDOWS\system32\cfosspeed.dll
2009-01-14 01:16:19 ----D---- C:\Program Files\cFosSpeed
2009-01-14 00:26:12 ----D---- C:\WINDOWS\pss
2009-01-13 23:52:21 ----D---- C:\Program Files\eMule
2009-01-13 19:13:50 ----A---- C:\WINDOWS\ModemLog_Agere Systems HDA Modem.txt
2009-01-13 15:32:07 ----A---- C:\WINDOWS\system32\javaws.exe
2009-01-13 15:32:07 ----A---- C:\WINDOWS\system32\javaw.exe
2009-01-13 15:32:07 ----A---- C:\WINDOWS\system32\java.exe
2009-01-13 15:32:07 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-01-13 15:23:46 ----A---- C:\WINDOWS\system32\CNMVS71.DLL
2009-01-13 15:23:45 ----A---- C:\WINDOWS\system32\CNMLM71.DLL
2009-01-13 15:23:38 ----RA---- C:\WINDOWS\system32\CNMCP71.exe
2009-01-13 15:23:16 ----HD---- C:\BJPrinter
2009-01-13 15:22:31 ----D---- C:\Program Files\Canon
2009-01-13 15:17:54 ----D---- C:\Program Files\Mozilla Firefox
2009-01-13 12:28:33 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-01-12 02:45:39 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-01-12 02:39:42 ----D---- C:\Program Files\Yahoo!
2009-01-12 02:39:27 ----D---- C:\Program Files\CCleaner
2009-01-12 02:12:25 ----D---- C:\Program Files\Defraggler
2009-01-06 12:42:57 ----A---- C:\WINDOWS\NeroDigital.ini

======List of files/folders modified in the last 1 months======

2009-01-26 02:13:07 ----D---- C:\WINDOWS\Prefetch
2009-01-26 02:04:43 ----RD---- C:\Program Files
2009-01-26 02:02:44 ----D---- C:\WINDOWS\Temp
2009-01-26 01:49:29 ----D---- C:\WINDOWS\system32\drivers
2009-01-26 01:09:42 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-25 23:43:15 ----D---- C:\WINDOWS
2009-01-25 22:58:46 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-25 09:45:36 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-25 03:31:31 ----D---- C:\WINDOWS\system32\Restore
2009-01-25 03:31:30 ----SHD---- C:\System Volume Information
2009-01-25 02:48:15 ----D---- C:\WINDOWS\system32
2009-01-25 02:25:58 ----D---- C:\Documents and Settings\User\Application Data\Lavasoft
2009-01-25 02:25:55 ----SHD---- C:\WINDOWS\Installer
2009-01-24 02:58:09 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-01-24 02:46:17 ----D---- C:\Program Files\Common Files
2009-01-24 02:44:26 ----SD---- C:\Documents and Settings\User\Application Data\Microsoft
2009-01-24 00:52:37 ----D---- C:\WINDOWS\Media
2009-01-24 00:52:37 ----D---- C:\Program Files\Messenger
2009-01-21 14:21:53 ----D---- C:\Program Files\Common Files\Adobe
2009-01-21 14:20:28 ----RSD---- C:\WINDOWS\Fonts
2009-01-21 14:19:55 ----D---- C:\Program Files\Adobe
2009-01-16 19:16:02 ----HD---- C:\Program Files\InstallShield Installation Information
2009-01-15 15:20:00 ----SH---- C:\boot.ini
2009-01-15 15:20:00 ----A---- C:\WINDOWS\win.ini
2009-01-15 15:20:00 ----A---- C:\WINDOWS\system.ini
2009-01-15 12:59:54 ----D---- C:\WINDOWS\inf
2009-01-15 12:59:46 ----D---- C:\Program Files\Broadcom
2009-01-15 12:34:14 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2009-01-15 12:31:19 ----D---- C:\Program Files\Hewlett-Packard
2009-01-15 12:31:18 ----D---- C:\Program Files\HPQ
2009-01-15 12:30:39 ----D---- C:\Program Files\DivX
2009-01-15 04:11:39 ----D---- C:\WINDOWS\Debug
2009-01-15 03:05:33 ----D---- C:\WINDOWS\system32\CatRoot
2009-01-15 03:03:37 ----D---- C:\WINDOWS\system32\DllCache
2009-01-15 03:03:34 ----HD---- C:\WINDOWS\$hf_mig$
2009-01-14 22:43:21 ----D---- C:\Program Files\Webteh
2009-01-14 22:43:18 ----D---- C:\Documents and Settings\User\Application Data\BSplayer
2009-01-13 15:31:52 ----D---- C:\Program Files\Java
2009-01-13 12:27:38 ----D---- C:\Program Files\Google
2009-01-13 12:22:14 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2009-01-10 02:35:28 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 pctfw2;pctfw2; \??\C:\WINDOWS\system32\drivers\pctfw2.sys []
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-10-01 281600]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2007-07-13 94976]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2008-03-21 1203776]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2005-08-05 45312]
R3 cFosSpeed;cFosSpeed Miniport; C:\WINDOWS\system32\DRIVERS\cfosspeed.sys [2007-07-09 683984]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2008-04-28 9344]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-02-15 5854752]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2005-10-05 12160]
R3 NETw5x32;Intel® Wireless WiFi Link Adapter Driver for Windows XP 32 Bit ; C:\WINDOWS\system32\DRIVERS\NETw5x32.sys [2008-09-25 3626112]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-09-15 213696]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-13 37760]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter; \??\C:\WINDOWS\system32\drivers\NSDriver.sys []
S3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-10-05 701440]
S3 b57w2k;Broadcom NetLink Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2005-10-05 96640]
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2005-10-05 117760]
S3 eabfiltr;eabfiltr; C:\WINDOWS\system32\DRIVERS\eabfiltr.sys [2005-09-19 7808]
S3 eabusb;eabusb; C:\WINDOWS\system32\DRIVERS\eabusb.sys [2005-09-19 5760]
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 IKFileSec;File Security Driver; C:\WINDOWS\system32\drivers\ikfilesec.sys [2009-01-24 40840]
S3 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2009-01-24 66952]
S3 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2009-01-24 81288]
S3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-05-31 96896]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\WINDOWS\system32\agrsmsvc.exe [2008-03-18 13312]
R2 cFosSpeedS;cFosSpeed System Service; C:\Program Files\cFosSpeed\spd.exe [2007-07-09 310224]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-13 152984]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-13 137200]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-15 774144]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-01-15 266240]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]
S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-01-24 1079176]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.05 2009-01-26 02:13:17

======Uninstall list======

-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Ad-Aware SE Personal-->MsiExec.exe /X{78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747}
Adobe Acrobat 6.0 Professional - English, Français, Deutsch-->MsiExec.exe /I{AC76BA86-1033-F400-7760-000000000001}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Agere Systems HDA Modem-->agrsmdel
AlienGUIse Theme Manager-->C:\PROGRA~1\ALIENG~1\thememgr.exe /uninstallwise
Broadcom 440x 10/100 Integrated Controller-->MsiExec.exe /X{9C9D0F85-5658-4A5E-95A9-65F7DB2916EE}
Canon iP90-->C:\WINDOWS\system32\CNMCP71.exe "-PRINTERNAMECanon iP90" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon iP90 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon iP90 Installer\Inst2\cnmi0409.dll"
Canon Utilities Easy-PhotoPrint-->C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe C:\Program Files\Canon\Easy-PhotoPrint\uninst.ini
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
cFosSpeed v4.01-->"C:\Program Files\cFosSpeed\setup.exe" -uninstall
Defraggler (remove only)-->"C:\Program Files\Defraggler\uninst.exe"
eMule-->"C:\Program Files\eMule\Uninstall.exe"
ffdshow [rev 2183] [2008-10-07]-->"C:\Program Files\ffdshow\unins000.exe"
GOM Player-->"C:\Program Files\GRETECH\GomPlayer\Uninstall.exe"
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0531C63A913CC9D1.exe" /uninstall
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Intel® Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java™ SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
LimeWire PRO 4.18.5-->"C:\Program Files\LimeWire\uninstall.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Office 2003 Croatian User Interface Pack-->MsiExec.exe /I{901E041A-6000-11D3-8CFE-0150048383C9}
Microsoft Office 2003 French User Interface Pack-->MsiExec.exe /I{901E040C-6000-11D3-8CFE-0150048383C9}
Microsoft Office 2003 German User Interface Pack-->MsiExec.exe /I{901E0407-6000-11D3-8CFE-0150048383C9}
Microsoft Office 2003 Italian User Interface Pack-->MsiExec.exe /I{901E0410-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
mIRC-->"C:\PuAzZo\mirc.exe" -uninstall
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero 7 Ultra Edition-->MsiExec.exe /I{FC98FBE9-E931-494C-8717-497185371033}
OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
PuAzZo ScRipT 2.4.1-->"C:\PuAzZo\unins000.exe"
RadarSyncBar2 Toolbar-->C:\PROGRA~1\RADARS~1\UNWISE.EXE C:\PROGRA~1\RADARS~1\INSTALL.LOG
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Smart PC Professional v5.4-->"C:\Program Files\Smart PC Solutions\Smart PC Professional\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyware Doctor 6.0-->C:\Program Files\Spyware Doctor\unins000.exe /LOG
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TheWorld Browser 2.4 Final (2.4.0.2)-->C:\Program Files\TheWorld 2.0\UnInst.exe
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
VideoLAN VLC media player 0.8.6b-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Internet Explorer 7 Language Interface Pack (HRV)-->"C:\WINDOWS\ie7updates\IE7-LIP\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows paket jezičnog sučelja-->MsiExec.exe /X{BA463C8F-9922-4C1F-A59F-9F4E7FC5C3B4}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: Spyware Doctor with AntiVirus (disabled)

System event log

Computer Name: HOMEPC
Event Code: 7036
Message: The Fast User Switching Compatibility service entered the running state.

Record Number: 2346
Source Name: Service Control Manager
Time Written: 20081225195654.000000+060
Event Type: information
User:

Computer Name: HOMEPC
Event Code: 7035
Message: The Fast User Switching Compatibility service was successfully sent a start control.

Record Number: 2345
Source Name: Service Control Manager
Time Written: 20081225195654.000000+060
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: HOMEPC
Event Code: 7036
Message: The Terminal Services service entered the running state.

Record Number: 2344
Source Name: Service Control Manager
Time Written: 20081225195654.000000+060
Event Type: information
User:

Computer Name: HOMEPC
Event Code: 4201
Message: The system detected that network adapter \DEVICE\TCPIP_{9370621E-A298-4928-877A-443D7FEFEE4E} was connected to the network,
and has initiated normal operation over the network adapter.

Record Number: 2343
Source Name: Tcpip
Time Written: 20081225195637.000000+060
Event Type: information
User:

Computer Name: HOMEPC
Event Code: 7036
Message: The service entered the \DEVICE\{9370621E-A298-4928-877A-443D7FEFEE4E} state.

Record Number: 2342
Source Name: NETw5x32
Time Written: 20081225195637.000000+060
Event Type: information
User:

Application event log

Computer Name: HOMEPC
Event Code: 1517
Message: Windows je spremio registar korisnika HOMEPC\User dok je program ili servis još koristio registar prilikom odjave. Memorija koju koristi registar korisnika nije oslobođena. Registar će se ukloniti kad ga se više ne koristi.


Uzrok tome su često servisi koji se izvode kao korisnički račun, pokušajte konfigurirati servise tako da se izvode bilo kao LocalService ili NetworkService račun.

Record Number: 600
Source Name: Userenv
Time Written: 20090106230228.000000+060
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: HOMEPC
Event Code: 1002
Message: Ljuska je neočekivano zaustavljena i Explorer.exe ponovno je pokrenuta.

Record Number: 599
Source Name: Winlogon
Time Written: 20090106221001.000000+060
Event Type: information
User:

Computer Name: HOMEPC
Event Code: 4097
Message: The application, C:\WINDOWS\explorer.exe, generated an application error
The error occurred on 01/06/2009 @ 22:09:59.031
The exception generated was c000001d at address 7C910208 (ntdll!RtlAllocateHeap)

Record Number: 598
Source Name: DrWatson
Time Written: 20090106220959.000000+060
Event Type: information
User:

Computer Name: HOMEPC
Event Code: 1000
Message: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x0609dbe8.

Record Number: 597
Source Name: Application Error
Time Written: 20090106220949.000000+060
Event Type: error
User:

Computer Name: HOMEPC
Event Code: 1002
Message: Ljuska je neočekivano zaustavljena i Explorer.exe ponovno je pokrenuta.

Record Number: 596
Source Name: Winlogon
Time Written: 20090106210257.000000+060
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0e08
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------
LoPhatPhuud
Jan 26 2009, 04:50 PM
The logs were all clea/ No sign of Vundo.


Go ahead and remove RSIT by deleting rsit.exe and the folder C:\rsit.
IstMon58
Jan 26 2009, 05:59 PM
you've been a great help
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2009 Invision Power Services, Inc.