Hi,
Here are the reports for SDFix and Combo Fix.
SDFix: Version 1.240
Run by Administrator on Thu 07/09/2009 at 11:50 PM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Checking Services :
Name :
Driver
Path :
C:\WINDOWS\system32\svchost.exe -k driver
Driver - Deleted
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
Checking Files :
No Trojan Files Found
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2009-07-10 00:04:22
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710
"NoPopUpsOnBoot"=dword:00000001
"AppInit_DLLs"="C:\WINDOWS\system32\kenahapu.dll c:\windows\system32\yelosuso.dll c:\windows\system32\vemumise.dll c:\windows\system32\fujehone.dll c:\windows\system32\mejiyuwo.dll c:\windows\system32\nehakite.dll"
"LoadAppInit_DLLs"=dword:00000001
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Microsoft Games\\Age of Empires\\EMPIRESX.EXE"="C:\\Program Files\\Microsoft Games\\Age of Empires\\EMPIRESX.EXE:*:Enabled:Age of Empires, the Rise of Rome"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"="C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe:*:Enabled:Age of Empires 3"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\WINDOWS\\SYSTEM32\\hpzipm12.exe"="C:\\WINDOWS\\SYSTEM32\\hpzipm12.exe:*:Enabled:HPZipm12"
"C:\\Program Files\\iPod\\bin\\iPodService.exe"="C:\\Program Files\\iPod\\bin\\iPodService.exe:*:Enabled:iPodService"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"="C:\\Program Files\\AVG\\AVG8\\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\AVG\\AVG8\\avgtray.exe"="C:\\Program Files\\AVG\\AVG8\\avgtray.exe:*:Enabled:avgtray"
"C:\\WINDOWS\\explorer.exe"="C:\\WINDOWS\\explorer.exe:*:Enabled:explorer"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Wed 8 Jul 2009 83,456 A.SH. --- "C:\WINDOWS\SYSTEM32\fabapufu.dll"
Thu 9 Jul 2009 83,456 A.SH. --- "C:\WINDOWS\SYSTEM32\fajohiti.dll"
Sun 5 Jul 2009 80,384 A.SH. --- "C:\WINDOWS\SYSTEM32\feyimupa.dll"
Wed 8 Jul 2009 2,713 ..SH. --- "C:\WINDOWS\SYSTEM32\gimowave.dll"
Sun 5 Jul 2009 84,480 A.SH. --- "C:\WINDOWS\SYSTEM32\juyarono.dll"
Wed 10 Jun 2009 49,664 A.SH. --- "C:\WINDOWS\SYSTEM32\maremapa.dll"
Thu 9 Jul 2009 84,480 A.SH. --- "C:\WINDOWS\SYSTEM32\nehakite.dll"
Thu 9 Jul 2009 79,360 A.SH. --- "C:\WINDOWS\SYSTEM32\redivipo.dll"
Sun 28 Jun 2009 2,713 ..SH. --- "C:\WINDOWS\SYSTEM32\rimuwuka.dll"
Sat 4 Jul 2009 83,456 A.SH. --- "C:\WINDOWS\SYSTEM32\robudiki.dll"
Mon 6 Jul 2009 84,480 A.SH. --- "C:\WINDOWS\SYSTEM32\rurimita.dll"
Tue 10 Mar 2009 49,664 A.SH. --- "C:\WINDOWS\SYSTEM32\ruvaluno.dll"
Sat 27 Jun 2009 2,713 ..SH. --- "C:\WINDOWS\SYSTEM32\sisazibo.exe"
Sun 28 Jun 2009 2,713 ..SH. --- "C:\WINDOWS\SYSTEM32\sosafuji.dll"
Tue 10 Mar 2009 49,664 A.SH. --- "C:\WINDOWS\SYSTEM32\vuvimuwe.dll"
Sun 5 Jul 2009 84,480 A.SH. --- "C:\WINDOWS\SYSTEM32\wegureju.dll"
Sun 5 Jul 2009 83,456 A.SH. --- "C:\WINDOWS\SYSTEM32\wifowigu.dll"
Fri 26 Jun 2009 2,713 ..SH. --- "C:\WINDOWS\SYSTEM32\wonupago.exe"
Sun 28 Jun 2009 2,713 ..SH. --- "C:\WINDOWS\SYSTEM32\wuleluzu.exe"
Mon 6 Jul 2009 79,360 A.SH. --- "C:\WINDOWS\SYSTEM32\yedibufo.dll"
Mon 15 Jun 2009 19,914 ..SH. --- "C:\WINDOWS\SYSTEM32\yukojuni.exe"
Tue 7 Jul 2009 714,789 A.SH. --- "C:\WINDOWS\SYSTEM32\zodofigu.exe"
Wed 11 Oct 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\DRMv1.bak"
Sat 4 Jul 2009 83,456 A.SH. --- "C:\System Volume Information\_restore{A62102F1-27F1-4831-8FC3-56DBFCD1262A}\RP11\A0002846.dll"
Sun 5 Jul 2009 83,968 A.SH. --- "C:\System Volume Information\_restore{A62102F1-27F1-4831-8FC3-56DBFCD1262A}\RP12\A0002885.dll"
Mon 6 Jul 2009 84,480 A.SH. --- "C:\System Volume Information\_restore{A62102F1-27F1-4831-8FC3-56DBFCD1262A}\RP12\A0002943.dll"
Mon 6 Jul 2009 83,456 A.SH. --- "C:\System Volume Information\_restore{A62102F1-27F1-4831-8FC3-56DBFCD1262A}\RP12\A0002944.dll"
Mon 6 Jul 2009 79,872 A.SH. --- "C:\System Volume Information\_restore{A62102F1-27F1-4831-8FC3-56DBFCD1262A}\RP12\A0002945.dll"
Tue 7 Jul 2009 79,872 A.SH. --- "C:\System Volume Information\_restore{A62102F1-27F1-4831-8FC3-56DBFCD1262A}\RP12\A0002968.dll"
Tue 7 Jul 2009 84,480 A.SH. --- "C:\System Volume Information\_restore{A62102F1-27F1-4831-8FC3-56DBFCD1262A}\RP12\A0002969.dll"
Wed 28 May 2008 35,328 ...H. --- "C:\Documents and Settings\Administrator.PARTSCOMPUTER\My Documents\Jose\~WRL4068.tmp"
Wed 23 Apr 2008 0 A.SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\Cache\Indiv01.tmp"
Thu 7 Dec 2006 3,096,576 A..H. --- "C:\Documents and Settings\Administrator.PARTSCOMPUTER\Application Data\U3\temp\Launchpad Removal.exe"
Tue 12 May 2009 22,528 ...H. --- "C:\Documents and Settings\Administrator.PARTSCOMPUTER\My Documents\Jose\Maria Caruso Homework\~WRL2969.tmp"
Wed 23 Apr 2008 20 A..H. --- "C:\Documents and Settings\Administrator.PARTSCOMPUTER\Application Data\Real\rhapsody\wmlicbackup\drmv1lic.bak"
Mon 20 Jun 2005 8 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp"
Mon 20 Jun 2005 8 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\lock.tmp"
Finished!
Combo Fix--------------------------------------------------
ComboFix 09-07-09.07 - Administrator 07/10/2009 0:21.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.510.177 [GMT -7:00]
Running from: c:\documents and settings\Administrator.PARTSCOMPUTER\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Administrator.PARTSCOMPUTER\Local Settings\Application Data\{767132FF-FABD-4B74-9FB8-6F9A1A5D220A}
c:\documents and settings\Administrator.PARTSCOMPUTER\Local Settings\Application Data\{767132FF-FABD-4B74-9FB8-6F9A1A5D220A}\chrome.manifest
c:\documents and settings\Administrator.PARTSCOMPUTER\Local Settings\Application Data\{767132FF-FABD-4B74-9FB8-6F9A1A5D220A}\chrome\content\_cfg.js
c:\documents and settings\Administrator.PARTSCOMPUTER\Local Settings\Application Data\{767132FF-FABD-4B74-9FB8-6F9A1A5D220A}\chrome\content\c.js
c:\documents and settings\Administrator.PARTSCOMPUTER\Local Settings\Application Data\{767132FF-FABD-4B74-9FB8-6F9A1A5D220A}\chrome\content\overlay.xul
c:\documents and settings\Administrator.PARTSCOMPUTER\Local Settings\Application Data\{767132FF-FABD-4B74-9FB8-6F9A1A5D220A}\install.rdf
c:\documents and settings\Administrator.PARTSCOMPUTER\Local Settings\Temporary Internet Files\Cpvff.stt
c:\documents and settings\All Users.WINDOWS\Application Data\91888116.ini
c:\program files\ACT
c:\program files\ACT\Layout\Accounts640x480.gly
c:\program files\ACT\Layout\bluea1.bmp
c:\program files\ACT\Layout\Default52.cly
c:\program files\ACT\Layout\Default54.gly
c:\program files\ACT\Layout\Default640x480.cly
c:\program files\ACT\Layout\Default640x480.gly
c:\program files\ACT\Layout\Default800x600.cly
c:\program files\ACT\Layout\DefaultBarBG.bmp
c:\program files\ACT\Layout\deflt16.cly
c:\program files\ACT\Layout\Dflt5bg.BMP
c:\program files\ACT\Layout\Essentials.cly
c:\program files\ACT\Layout\Essentials1024x768.cly
c:\program files\ACT\Layout\Essentials2.gly
c:\program files\ACT\Layout\Essentials800x600.cly
c:\program files\ACT\Layout\GroupsAccount52.gly
c:\program files\ACT\Layout\GroupsDefault52.gly
c:\program files\ACT\Layout\GroupsEssentials.gly
c:\program files\ACT\Layout\Layout Tools\Layout Shapes.cly
c:\program files\ACT\Layout\modernbk.bmp
c:\program files\ACT\Layout\Watermark071.bmp
c:\program files\ACT\NetLinks\50001dic.web
c:\program files\ACT\NetLinks\Interact\actlogo.gif
c:\program files\ACT\NetLinks\Interact\CompanyProfile.ini
c:\program files\ACT\NetLinks\Interact\connect.gif
c:\program files\ACT\NetLinks\Interact\makecontact.gif
c:\program files\ACT\NetLinks\Interact\offline.htm
c:\program files\ACT\Report\10.env
c:\program files\ACT\Report\11.env
c:\program files\ACT\Report\12.env
c:\program files\ACT\Report\2160.lbl
c:\program files\ACT\Report\2162.lbl
c:\program files\ACT\Report\2163.lbl
c:\program files\ACT\Report\4014.lbl
c:\program files\ACT\Report\4143.lbl
c:\program files\ACT\Report\4144.lbl
c:\program files\ACT\Report\4145.lbl
c:\program files\ACT\Report\4146.lbl
c:\program files\ACT\Report\4161.lbl
c:\program files\ACT\Report\5160.lbl
c:\program files\ACT\Report\5161.lbl
c:\program files\ACT\Report\5162.lbl
c:\program files\ACT\Report\5163.lbl
c:\program files\ACT\Report\5164.lbl
c:\program files\ACT\Report\5385.lbl
c:\program files\ACT\Report\6.env
c:\program files\ACT\Report\9.env
c:\program files\ACT\Report\ACCCOMP6.REP
c:\program files\ACT\Report\ACCLIST6.REP
c:\program files\ACT\Report\ACCMEMB6.REP
c:\program files\ACT\Report\ACCSUMM6.REP
c:\program files\ACT\Report\activit6.rep
c:\program files\ACT\Report\contact6.rep
c:\program files\ACT\Report\custom.lbl
c:\program files\ACT\Report\directr6.rep
c:\program files\ACT\Report\group6.rep
c:\program files\ACT\Report\grplst6.rep
c:\program files\ACT\Report\grpmemb6.rep
c:\program files\ACT\Report\Histcla6.rep
c:\program files\ACT\Report\history6.rep
c:\program files\ACT\Report\Hsallex6.rep
c:\program files\ACT\Report\monarch.env
c:\program files\ACT\Report\notehis6.rep
c:\program files\ACT\Report\Other Reports\callmtgsum.rep
c:\program files\ACT\Report\Other Reports\countgroupmem.rep
c:\program files\ACT\Report\Other Reports\emaillist.rep
c:\program files\ACT\Report\Other Reports\faxlist.rep
c:\program files\ACT\Report\phonels6.rep
c:\program files\ACT\Report\referra6.rep
c:\program files\ACT\Report\slsbymg6.rep
c:\program files\ACT\Report\slscntc6.rep
c:\program files\ACT\Report\slsdtai6.rep
c:\program files\ACT\Report\slsFrcs6.rep
c:\program files\ACT\Report\slspipeline6.rep
c:\program files\ACT\Report\slstota6.rep
c:\program files\ACT\Report\status6.rep
c:\program files\ACT\Report\tasklis6.rep
c:\program files\ACT\Template\emailbody.gmt
c:\program files\ACT\Template\faxcover.adt
c:\program files\ACT\Template\faxcover.tpl
c:\program files\ACT\Template\Letter.adt
c:\program files\ACT\Template\Letter.tpl
c:\program files\ACT\Template\lttrela.adt
c:\program files\ACT\Template\lttrela.tpl
c:\program files\ACT\Template\lttruka.adt
c:\program files\ACT\Template\lttruka.tpl
c:\program files\ACT\Template\lttrusc.adt
c:\program files\ACT\Template\lttrusc.tpl
c:\program files\ACT\Template\memo.adt
c:\program files\ACT\Template\memo.tpl
c:\program files\ACT\Template\Other Templates\anniv.gmt
c:\program files\ACT\Template\Other Templates\anniversary.adt
c:\program files\ACT\Template\Other Templates\anniversary.tpl
c:\program files\ACT\Template\Other Templates\anniversary_backgroud.gif
c:\program files\ACT\Template\Other Templates\anniversary_background_l1.gif
c:\program files\ACT\Template\Other Templates\anniversary_l1.gif
c:\program files\ACT\Template\Other Templates\anniversary_l1b.gif
c:\program files\ACT\Template\Other Templates\anniversary_ln.gif
c:\program files\ACT\Template\Other Templates\anniversary1_header.gif
c:\program files\ACT\Template\Other Templates\anniversary1_slice.gif
c:\program files\ACT\Template\Other Templates\bday.gmt
c:\program files\ACT\Template\Other Templates\bdaygroup.gmt
c:\program files\ACT\Template\Other Templates\birthday.adt
c:\program files\ACT\Template\Other Templates\birthday.tpl
c:\program files\ACT\Template\Other Templates\birthdayfromgroup.adt
c:\program files\ACT\Template\Other Templates\birthdayfromgroup.tpl
c:\program files\ACT\Template\Other Templates\enews.gmt
c:\program files\ACT\Template\Other Templates\enews1_header.gif
c:\program files\ACT\Template\Other Templates\enews1_slice.gif
c:\program files\ACT\Template\Other Templates\enews2.gmt
c:\program files\ACT\Template\Other Templates\enews2_bg.gif
c:\program files\ACT\Template\Other Templates\enews2_header.gif
c:\program files\ACT\Template\Other Templates\enews2_l1.gif
c:\program files\ACT\Template\Other Templates\enews2_r1.gif
c:\program files\ACT\Template\Other Templates\enews3_footer.gif
c:\program files\ACT\Template\Other Templates\enews3_header.gif
c:\program files\ACT\Template\Other Templates\enews3_slice_mid.gif
c:\program files\ACT\Template\Other Templates\enews3_slice_mid2.gif
c:\program files\ACT\Template\Other Templates\envlp10.adt
c:\program files\ACT\Template\Other Templates\envlp10.tpl
c:\program files\ACT\Template\Other Templates\file_01.jpg
c:\program files\ACT\Template\Other Templates\file_02.jpg
c:\program files\ACT\Template\Other Templates\file_03.jpg
c:\program files\ACT\Template\Other Templates\file_04.jpg
c:\program files\ACT\Template\Other Templates\file_05.jpg
c:\program files\ACT\Template\Other Templates\followup.adt
c:\program files\ACT\Template\Other Templates\followup.tpl
c:\program files\ACT\Template\Other Templates\followup_1_left.gif
c:\program files\ACT\Template\Other Templates\followup_1_right.gif
c:\program files\ACT\Template\Other Templates\followup_1_top.gif
c:\program files\ACT\Template\Other Templates\followup_1ln.gif
c:\program files\ACT\Template\Other Templates\followup_1lnl.gif
c:\program files\ACT\Template\Other Templates\followup_1lnr.gif
c:\program files\ACT\Template\Other Templates\followup_backup.gif
c:\program files\ACT\Template\Other Templates\group_background-v1.gif
c:\program files\ACT\Template\Other Templates\group_bday-_1_header.gif
c:\program files\ACT\Template\Other Templates\group_bday-_1_left slice.gif
c:\program files\ACT\Template\Other Templates\group_bday-_1_lines.gif
c:\program files\ACT\Template\Other Templates\group_bday-l1.gif
c:\program files\ACT\Template\Other Templates\group_bday-l1bg.gif
c:\program files\ACT\Template\Other Templates\group_bday-v1.gif
c:\program files\ACT\Template\Other Templates\ind_bday_1_left.jpg
c:\program files\ACT\Template\Other Templates\ind_bday_hor.gif
c:\program files\ACT\Template\Other Templates\ind_bday_horizontal1.gif
c:\program files\ACT\Template\Other Templates\newsletter.adt
c:\program files\ACT\Template\Other Templates\newsletter.tpl
c:\program files\ACT\Template\Other Templates\order_2_footer.gif
c:\program files\ACT\Template\Other Templates\order_2_header.gif
c:\program files\ACT\Template\Other Templates\order_2_l1.gif
c:\program files\ACT\Template\Other Templates\order_2_ln.gif
c:\program files\ACT\Template\Other Templates\order_2_r1.gif
c:\program files\ACT\Template\Other Templates\order_2_slice.gif
c:\program files\ACT\Template\Other Templates\order_2_title.gif
c:\program files\ACT\Template\Other Templates\orderconf.adt
c:\program files\ACT\Template\Other Templates\orderconf.gmt
c:\program files\ACT\Template\Other Templates\orderconf.tpl
c:\program files\ACT\Template\Other Templates\prospect.adt
c:\program files\ACT\Template\Other Templates\prospect.gmt
c:\program files\ACT\Template\Other Templates\prospect.tpl
c:\program files\ACT\Template\Other Templates\prospect_3_COMP_01.gif
c:\program files\ACT\Template\Other Templates\prospect_3_COMP_02.gif
c:\program files\ACT\Template\Other Templates\prospect_3_COMP_02b.gif
c:\program files\ACT\Template\Other Templates\prospect_3_COMP_03.gif
c:\program files\ACT\Template\Other Templates\prospect_3_COMP_04.gif
c:\program files\ACT\Template\Other Templates\prospect_3_COMP_07.gif
c:\program files\ACT\Template\Other Templates\prospect_background.gif
c:\program files\ACT\Template\Other Templates\renvlp10.adt
c:\program files\ACT\Template\Other Templates\renvlp10.tpl
c:\program files\ACT\Template\Other Templates\special-offer-4-ln.gif
c:\program files\ACT\Template\Other Templates\special-offer-4-ln2.gif
c:\program files\ACT\Template\Other Templates\special_3_background.gif
c:\program files\ACT\Template\Other Templates\special_3_bullet.gif
c:\program files\ACT\Template\Other Templates\special_3_header.gif
c:\program files\ACT\Template\Other Templates\special_3_ln.gif
c:\program files\ACT\Template\Other Templates\special_3_sl1.gif
c:\program files\ACT\Template\Other Templates\special_3_slice.gif
c:\program files\ACT\Template\Other Templates\special_4_bottomline.gif
c:\program files\ACT\Template\Other Templates\special_4_footer.gif
c:\program files\ACT\Template\Other Templates\special_4_header.gif
c:\program files\ACT\Template\Other Templates\special_4_slice.gif
c:\program files\ACT\Template\Other Templates\specialoffer.adt
c:\program files\ACT\Template\Other Templates\specialoffer.gmt
c:\program files\ACT\Template\Other Templates\specialoffer.tpl
c:\program files\ACT\Template\Other Templates\specialoffer2.gmt
c:\program files\ACT\Template\Other Templates\specialoffer3.gmt
c:\program files\ACT\Template\Other Templates\thankyou.gmt
c:\program files\ACT\Template\Other Templates\title_ordrcon.gif
c:\program files\driver
c:\windows\010112010146118114.dat
c:\windows\0101120101465452.dat
c:\windows\0101120101465749.dat
c:\windows\desktop
c:\windows\system32\adawetaz.ini
c:\windows\system32\agofufuh.ini
c:\windows\system32\apumiyef.ini
c:\windows\system32\egotisel.ini
c:\windows\system32\eguloyih.ini
c:\windows\system32\esonibaz.ini
c:\windows\system32\etemitav.ini
c:\windows\system32\etonuvih.ini
c:\windows\system32\gimowave.dll
c:\windows\system32\ifobabiy.ini
c:\windows\system32\ifomofon.ini
c:\windows\system32\ikuvawub.ini
c:\windows\system32\ilufazok.ini
c:\windows\system32\imiremez.ini
c:\windows\system32\inadamon.ini
c:\windows\system32\inojukeg.ini
c:\windows\system32\itafakuf.ini
c:\windows\system32\iyadiken.ini
c:\windows\system32\ofubidey.ini
c:\windows\system32\oganerew.ini
c:\windows\system32\opinomab.ini
c:\windows\system32\opivider.ini
c:\windows\system32\oruyofid.ini
c:\windows\system32\osusoley.ini
c:\windows\system32\ozivujef.ini
c:\windows\system32\redivipo.dll
c:\windows\system32\rimuwuka.dll
c:\windows\system32\sisazibo.exe
c:\windows\system32\sosafuji.dll
c:\windows\system32\ukajebor.ini
c:\windows\system32\umogevog.ini
c:\windows\system32\utejedoy.ini
c:\windows\system32\uwimufez.ini
c:\windows\system32\uzuleluw.ini
c:\windows\system32\wonupago.exe
c:\windows\system32\wuleluzu.exe
c:\windows\zaponce53290.dat
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_driverdrv
-------\Service_driverdrv
((((((((((((((((((((((((( Files Created from 2009-06-10 to 2009-07-10 )))))))))))))))))))))))))))))))
.
2009-07-10 06:44 . 2009-07-10 06:44 -------- d-----w- c:\windows\ERUNT
2009-07-10 06:33 . 2009-07-10 07:12 -------- d-----w- C:\SDFix
2009-06-29 03:45 . 2009-06-14 23:07 1004800 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-06-29 02:02 . 2009-06-29 02:02 -------- d-----w- c:\program files\uTorrent
2009-06-29 02:00 . 2009-07-10 07:32 -------- d-----w- c:\documents and settings\Administrator.PARTSCOMPUTER\Application Data\uTorrent
2009-06-28 04:03 . 2009-06-28 04:03 -------- d-----w- c:\documents and settings\Administrator.PARTSCOMPUTER\Local Settings\Application Data\AVG Security Toolbar
2009-06-27 17:07 . 2009-06-27 17:05 832144 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\avg8\update\backup\AVGToolbarInstall.exe
2009-06-27 17:06 . 2009-06-29 03:45 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AVG Security Toolbar
2009-06-27 17:06 . 2009-06-27 17:06 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Application Data\AVGTOOLBAR
2009-06-17 18:42 . 2009-06-17 18:42 1 ---h--w- c:\windows\jmmark2.dat
2009-06-17 18:41 . 2009-06-17 18:41 1 ---h--w- c:\windows\bf23567.dat
2009-06-17 18:40 . 2009-06-17 18:40 2 ----a-w- c:\windows\104116116112584747.dat
2009-06-15 18:39 . 2009-06-15 18:39 19914 --sh--w- c:\windows\system32\yukojuni.exe
2009-06-15 06:22 . 2009-06-15 06:22 159 ----a-w- C:\d45.bat
2009-06-12 01:37 . 2009-06-12 01:37 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\ghanorhd
2009-06-12 01:37 . 2009-06-12 01:37 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Application Data\ghanorhd
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-10 05:04 . 2009-04-10 05:04 84480 --sha-w- c:\windows\system32\nehakite.dll
2009-07-09 17:04 . 2009-04-09 17:04 83456 --sha-w- c:\windows\system32\fajohiti.dll
2009-07-09 05:04 . 2009-04-09 05:04 83456 --sha-w- c:\windows\system32\fabapufu.dll
2009-07-07 16:58 . 2009-04-07 16:58 714789 --sha-w- c:\windows\system32\zodofigu.exe
2009-07-06 23:41 . 2006-08-18 17:24 -------- d-----w- c:\documents and settings\Administrator.PARTSCOMPUTER\Application Data\LimeWire
2009-07-06 19:28 . 2009-04-22 18:29 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\avg8
2009-07-06 07:56 . 2009-04-06 07:56 84480 --sha-w- c:\windows\system32\rurimita.dll
2009-07-06 07:56 . 2009-04-06 07:56 79360 --sha-w- c:\windows\system32\yedibufo.dll
2009-07-06 06:51 . 2009-04-06 06:51 79360 ------w- c:\windows\system32\gekujoni.dll
2009-07-06 06:51 . 2009-04-06 06:51 84480 --sha-w- c:\windows\system32\juyarono.dll
2009-07-06 06:28 . 2009-04-06 06:28 84480 --sha-w- c:\windows\system32\wegureju.dll
2009-07-06 06:28 . 2009-04-06 06:28 79360 ------w- c:\windows\system32\yodejetu.dll
2009-07-06 06:06 . 2009-04-06 06:06 79360 ------w- c:\windows\system32\nofomofi.dll
2009-07-06 06:06 . 2009-04-06 06:06 83456 --sha-w- c:\windows\system32\wifowigu.dll
2009-07-05 17:47 . 2009-04-05 17:47 80384 --sha-w- c:\windows\system32\feyimupa.dll
2009-07-05 03:59 . 2009-04-05 03:59 83456 --sha-w- c:\windows\system32\robudiki.dll
2009-06-27 17:05 . 2009-05-09 06:05 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-27 17:05 . 2009-05-09 06:05 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-27 17:05 . 2009-05-09 06:05 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-17 04:52 . 2009-05-09 06:05 -------- d-----w- c:\documents and settings\Administrator.PARTSCOMPUTER\Application Data\AVGTOOLBAR
2009-06-15 06:38 . 2003-07-16 16:43 577536 ----a-w- c:\windows\system32\user32.dll
2009-06-15 06:31 . 2003-07-16 16:31 182912 ----a-w- c:\windows\system32\drivers\ndis.sys
2009-06-10 23:25 . 2009-03-10 23:25 49664 --sha-w- c:\windows\system32\maremapa.dll
2009-06-08 21:49 . 2009-06-08 20:18 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\91888116
2009-06-08 21:49 . 2009-06-08 20:18 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\11878124
2009-06-08 06:07 . 2004-06-18 16:57 24272 ----a-w- c:\documents and settings\Administrator.PARTSCOMPUTER\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-05 18:06 . 2009-05-06 22:18 0 ----a-w- c:\windows\system32\drivers\c356b783.sys
2009-06-04 17:40 . 2004-05-20 14:22 -------- d-----w- c:\documents and settings\Administrator.PARTSCOMPUTER\Application Data\MSN6
2009-05-25 21:30 . 2009-04-22 18:34 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2009-05-21 05:45 . 2009-05-09 18:12 0 ----a-w- c:\windows\system32\drivers\77c211ee.sys
2009-05-11 21:33 . 2006-12-07 17:05 -------- d-----w- c:\program files\DDBPlayer
2009-05-11 21:31 . 2004-11-02 16:27 -------- d-----w- c:\program files\Real
2009-05-11 21:31 . 2004-11-02 16:27 -------- d-----w- c:\program files\Common Files\Real
2009-05-11 21:24 . 2008-04-11 06:06 -------- d-----w- c:\program files\Microsoft Games
2009-05-11 21:22 . 2004-05-20 18:04 -------- d-----w- c:\program files\Almyta
2009-05-11 21:18 . 2007-06-12 21:09 -------- d-----w- c:\documents and settings\Administrator.PARTSCOMPUTER\Application Data\Yahoo!
2009-05-11 21:18 . 2007-06-04 20:41 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Yahoo!
2009-05-11 21:12 . 2006-11-07 23:30 -------- d-----w- c:\program files\Yahoo!
2009-05-11 20:02 . 2004-05-18 18:47 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-09 18:12 . 2009-05-09 18:12 14336 ----a-w- c:\windows\system32\OLD82.tmp
2009-05-09 06:05 . 2009-05-09 06:05 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-04-22 19:38 . 2009-04-22 19:38 390664 ----a-w- c:\documents and settings\Administrator.PARTSCOMPUTER\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2009-04-14 21:07 . 2009-04-14 21:07 75048 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-03-10 23:26 . 2009-03-10 23:26 49664 --sha-w- c:\windows\SYSTEM32\ruvaluno.dll
2009-03-10 23:26 . 2009-03-10 23:26 49664 --sha-w- c:\windows\SYSTEM32\vuvimuwe.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-06-15_06.42.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-31 16:56 . 2009-03-06 06:59 36864 c:\windows\SYSTEM32\DRIVERS\usbaapl.sys
+ 2004-05-15 00:08 . 2009-07-05 17:46 49152 c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat
- 2004-05-15 00:08 . 2009-06-15 06:22 49152 c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat
+ 2005-06-20 18:00 . 2005-06-20 18:00 84992 c:\windows\Installer\641162.msi
+ 2006-01-28 16:24 . 2006-01-28 16:24 20480 c:\windows\Installer\3687e98.msi
- 2004-05-15 00:08 . 2009-06-15 06:22 868352 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2004-05-15 00:08 . 2009-07-05 17:46 868352 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2004-05-15 00:08 . 2009-07-05 17:46 245760 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat
- 2004-05-15 00:08 . 2009-06-15 06:22 245760 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-04-22 02:20 . 2008-04-22 02:20 130560 c:\windows\Installer\f8c2c0.msi
+ 2008-04-22 02:19 . 2008-04-22 02:19 130048 c:\windows\Installer\f8c2bb.msi
+ 2008-04-22 02:19 . 2008-04-22 02:19 133632 c:\windows\Installer\f8c2b6.msi
+ 2008-04-22 02:19 . 2008-04-22 02:19 327680 c:\windows\Installer\f8c2b1.msi
+ 2007-10-25 16:23 . 2007-10-25 16:23 131072 c:\windows\Installer\e811.msi
+ 2007-10-25 16:23 . 2007-10-25 16:23 131072 c:\windows\Installer\e80c.msi
+ 2007-10-25 16:22 . 2007-10-25 16:22 130048 c:\windows\Installer\e807.msi
+ 2007-10-25 16:22 . 2007-10-25 16:22 327680 c:\windows\Installer\e802.msi
+ 2007-03-02 17:44 . 2007-03-02 17:44 344064 c:\windows\Installer\dfe9a71.msi
+ 2008-06-22 07:16 . 2008-06-22 07:16 289792 c:\windows\Installer\c6a385.msi
+ 2006-11-29 22:11 . 2006-11-29 22:11 312320 c:\windows\Installer\b9cf808.msi
+ 2008-09-03 23:17 . 2008-09-03 23:17 184832 c:\windows\Installer\a9648.msi
+ 2005-10-18 22:41 . 2005-10-18 22:41 509952 c:\windows\Installer\6d397e8.msi
+ 2005-06-20 18:00 . 2005-06-20 18:00 123904 c:\windows\Installer\641158.msi
+ 2005-06-20 17:59 . 2005-06-20 17:59 249344 c:\windows\Installer\641153.msi
+ 2005-06-20 17:59 . 2005-06-20 17:59 309248 c:\windows\Installer\64114e.msi
+ 2005-06-20 17:59 . 2005-06-20 17:59 193024 c:\windows\Installer\641116.msi
+ 2005-06-20 17:58 . 2005-06-20 17:58 394752 c:\windows\Installer\6410fe.msi
+ 2005-06-20 17:58 . 2005-06-20 17:58 265216 c:\windows\Installer\6410f6.msi
+ 2005-06-20 17:58 . 2005-06-20 17:58 130048 c:\windows\Installer\6410f1.msi
+ 2005-06-20 17:58 . 2005-06-20 17:58 363520 c:\windows\Installer\6410ec.msi
+ 2005-06-20 17:58 . 2005-06-20 17:58 445440 c:\windows\Installer\6410e7.msi
+ 2005-07-01 15:47 . 2005-07-01 15:47 375296 c:\windows\Installer\54bf647.msi
+ 2005-07-01 15:47 . 2005-07-01 15:47 377344 c:\windows\Installer\54bf63f.msi
+ 2007-05-03 17:20 . 2007-05-03 17:20 188928 c:\windows\Installer\51287d83.msi
+ 2008-07-17 17:52 . 2008-07-17 17:52 532992 c:\windows\Installer\5121950.msi
+ 2007-10-24 16:15 . 2007-10-24 16:15 129024 c:\windows\Installer\3f41d.msi
+ 2007-10-24 16:15 . 2007-10-24 16:15 502784 c:\windows\Installer\3f3ff.msi
+ 2007-10-24 16:14 . 2007-10-24 16:14 540672 c:\windows\Installer\3f3fa.msi
+ 2007-10-24 16:14 . 2007-10-24 16:14 501248 c:\windows\Installer\3f3f5.msi
+ 2007-10-24 16:14 . 2007-10-24 16:14 130560 c:\windows\Installer\3f3f0.msi
+ 2007-10-24 16:14 . 2007-10-24 16:14 501248 c:\windows\Installer\3f3eb.msi
+ 2007-10-24 16:14 . 2007-10-24 16:14 339968 c:\windows\Installer\3f3e3.msi
+ 2007-10-24 16:12 . 2007-10-24 16:12 209920 c:\windows\Installer\3f20c.msi
+ 2008-09-04 00:06 . 2008-09-04 00:06 184832 c:\windows\Installer\380dce.msi
+ 2009-04-22 19:15 . 2009-04-22 19:15 152576 c:\windows\Installer\352750.msi
+ 2004-05-19 17:32 . 2004-05-19 17:32 621056 c:\windows\Installer\2fafec.msi
+ 2009-05-09 05:24 . 2009-05-09 05:24 337408 c:\windows\Installer\28e40c9.msi
+ 2008-12-02 21:56 . 2008-12-02 21:56 891392 c:\windows\Installer\26ca9d.msi
+ 2005-10-06 15:41 . 2005-10-06 15:41 313856 c:\windows\Installer\242ac65c.msi
+ 2006-04-24 15:24 . 2006-04-24 15:24 258048 c:\windows\Installer\1d274224.msi
+ 2004-05-15 00:09 . 2004-05-15 00:09 264704 c:\windows\Installer\10783.msi
+ 2009-07-10 06:44 . 2009-07-10 06:44 266240 c:\windows\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2009-07-10 06:44 . 2008-08-07 22:27 163328 c:\windows\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2009-07-10 06:45 . 2009-07-10 06:45 266240 c:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2009-07-10 06:45 . 2008-08-07 22:27 163328 c:\windows\ERUNT\SDFIX\ERDNT.EXE
+ 2006-01-13 18:09 . 2005-04-04 09:07 982016 c:\windows\Downloaded Installations\{501BADCD-F8F7-44CB-AC3F-6ED25C1A28B5}\ISScript11.Msi
+ 2003-07-16 16:44 . 2004-07-17 18:35 1326080 c:\windows\SYSTEM32\webfldrs.msi
+ 2009-03-14 16:37 . 2009-03-06 06:59 1900544 c:\windows\SYSTEM32\usbaaplrc.dll
+ 2004-09-21 21:34 . 2004-07-17 18:35 1326080 c:\windows\ServicePackFiles\i386\webfldrs.msi
+ 2007-05-25 19:08 . 2007-05-25 19:08 9609728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp
+ 2008-04-11 04:47 . 2008-04-11 04:47 3620864 c:\windows\Installer\b9ea.msi
+ 2009-01-06 23:22 . 2009-01-06 23:22 1013248 c:\windows\Installer\b511c5.msi
+ 2009-03-14 16:41 . 2009-03-14 16:41 8992256 c:\windows\Installer\aa8ec.msi
+ 2009-04-21 20:29 . 2009-04-21 20:29 1541120 c:\windows\Installer\978699.msi
+ 2004-05-20 00:25 . 2004-10-26 20:44 3777536 c:\windows\Installer\6d45fc.msi
+ 2004-05-20 00:13 . 2004-05-20 00:13 4408832 c:\windows\Installer\6d4409.msi
+ 2006-01-28 18:20 . 2006-01-28 18:20 5864960 c:\windows\Installer\64184a.msp
+ 2005-06-20 17:59 . 2005-06-20 17:59 1217536 c:\windows\Installer\641139.msi
+ 2005-06-20 17:55 . 2005-06-20 17:55 3443712 c:\windows\Installer\6410b7.msi
+ 2009-04-14 21:29 . 2009-04-14 21:29 3966976 c:\windows\Installer\5c9c9d6.msi
+ 2009-04-14 21:26 . 2009-04-14 21:26 3293696 c:\windows\Installer\5c9c69d.msi
+ 2007-10-24 16:15 . 2007-10-24 16:15 1179648 c:\windows\Installer\3f404.msi
+ 2008-08-13 19:06 . 2008-08-13 19:06 1549312 c:\windows\Installer\2c2a76.msi
+ 2007-11-02 17:54 . 2007-11-02 17:54 3558912 c:\windows\Installer\2985537c.msi
+ 2009-01-21 06:59 . 2009-01-21 06:59 1602560 c:\windows\Installer\289d767.msi
+ 2009-04-06 05:34 . 2009-04-06 05:34 5885952 c:\windows\Installer\26d1ff2.msi
+ 2008-12-27 05:01 . 2008-12-27 05:01 2109440 c:\windows\Installer\24f858e.msi
+ 2005-06-20 17:53 . 2005-06-20 17:53 2220544 c:\windows\Hewlett-Packard\Setup Files\HP Software Update\{BB4EE741-CA46-4345-A3B7-1AECBFAB0AFE}\HP Software Update.msi
+ 2009-07-10 06:44 . 2009-07-10 06:44 7749632 c:\windows\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2009-07-10 06:44 . 2009-07-10 06:45 7749632 c:\windows\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2006-01-13 18:09 . 2005-12-21 19:57 9934848 c:\windows\Downloaded Installations\{501BADCD-F8F7-44CB-AC3F-6ED25C1A28B5}\iTunes.msi
+ 2007-11-02 17:51 . 2007-11-02 17:51 8581632 c:\windows\Downloaded Installations\{3E547985-AA94-4B1B-8ADD-21E060E5E31F}\Adobe Photoshop Album 3.2 SE.msi
+ 2004-09-21 21:27 . 2003-07-16 16:44 1325568 c:\windows\$NtServicePackUninstall$\webfldrs.msi
+ 2005-09-23 15:48 . 2005-09-23 15:48 24863744 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\netfx.msi
+ 2005-06-20 17:57 . 2005-06-20 17:57 16367616 c:\windows\Installer\6410d1.msi
+ 2007-07-17 15:10 . 2007-07-17 15:10 15256576 c:\windows\Installer\47bd20dd.msp
+ 2007-10-24 16:14 . 2007-10-24 16:14 16309248 c:\windows\Installer\3f3d0.msi
+ 2006-01-28 16:29 . 2006-01-28 16:29 19210240 c:\windows\Installer\3687ee1.msp
+ 2003-11-04 07:41 . 2003-11-04 07:41 19963904 c:\windows\Installer\1438e1d.msp
+ 2004-05-21 15:15 . 2004-05-21 15:15 19479040 c:\windows\Downloaded Installations\{E83562AD-CFFD-4E8B-841F-6B60B5AC2496}\iTunes.msi
+ 2006-01-27 16:22 . 2006-01-27 16:22 33979904 c:\windows\Downloaded Installations\{00C2E789-F948-4BE1-8167-6E6447DC4CE2}\iPod for Windows 2006-01-10.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6ced5bad-6afb-44f1-90ce-451e61b9b8c9}]
2009-03-10 23:26 49664 --sha-w- c:\windows\SYSTEM32\ruvaluno.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-14 23:07 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-06-29 288048]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-11-19 2356088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avg8_tray"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-27 1948440]
"bimafupika"="c:\windows\system32\vuvimuwe.dll" [2009-03-10 49664]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"CPMa7fcf994"="c:\windows\system32\nehakite.dll" [2009-07-10 84480]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\SYSTEM32\narrator.exe [2004-08-04 53760]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}"= "c:\windows\system32\nehakite.dll" [2009-07-10 84480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"SSODL"= {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\nehakite.dll [2009-07-10 84480]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-27 17:05 11952 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll
[HKLM\~\startupfolder\c:^documents and settings^all users.windows^start menu^programs^startup^acrobat assistant.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup
[HKLM\~\startupfolder\c:^documents and settings^all users.windows^start menu^programs^startup^hp digital imaging monitor.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"Pml Driver HPZ12"=3 (0x3)
"MDM"=2 (0x2)
"iPod Service"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"fci"=2 (0x2)
"bndmss"=2 (0x2)
"BITS"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"Adobe LM Service"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires\\EMPIRESX.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\SYSTEM32\\hpzipm12.exe"=
"c:\\Program Files\\iPod\\bin\\iPodService.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgtray.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\SYSTEM32\\wscntfy.exe"=
"c:\\WINDOWS\\explorer.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8085:TCP"= 8085:TCP:driver
R1 avgldx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [5/8/2009 11:05 PM 327688]
R1 avgtdix;AVG Free8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [5/8/2009 11:05 PM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [5/8/2009 11:04 PM 298776]
S1 4127bab8;4127bab8;c:\windows\system32\drivers\4127bab8.sys --> c:\windows\system32\drivers\4127bab8.sys [?]
S1 77c211ee;77c211ee;c:\windows\SYSTEM32\DRIVERS\77c211ee.sys [5/9/2009 11:12 AM 0]
S1 b40de6f4;b40de6f4;c:\windows\system32\drivers\b40de6f4.sys --> c:\windows\system32\drivers\b40de6f4.sys [?]
S1 b4689307;b4689307;c:\windows\system32\drivers\b4689307.sys --> c:\windows\system32\drivers\b4689307.sys [?]
S1 c33b18e9;c33b18e9;c:\windows\system32\drivers\c33b18e9.sys --> c:\windows\system32\drivers\c33b18e9.sys [?]
S1 c356b783;c356b783;c:\windows\SYSTEM32\DRIVERS\c356b783.sys [5/6/2009 3:18 PM 0]
S1 d058583c;d058583c;c:\windows\system32\drivers\d058583c.sys --> c:\windows\system32\drivers\d058583c.sys [?]
S1 d170b3c1;d170b3c1;c:\windows\system32\drivers\d170b3c1.sys --> c:\windows\system32\drivers\d170b3c1.sys [?]
S1 e21c929a;e21c929a;c:\windows\system32\drivers\e21c929a.sys --> c:\windows\system32\drivers\e21c929a.sys [?]
.
Contents of the 'Scheduled Tasks' folder
2009-06-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-12 19:34]
.
- - - - ORPHANS REMOVED - - - -
BHO-{0feb365c-dce7-47d2-a5a7-763fa116869a} - (no file)
HKLM-Run-a4cfca08 - c:\windows\system32\redivipo.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://msn.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=localhost:7171
uInternet Settings,ProxyOverride = *.local;<local>
FF - ProfilePath - c:\documents and settings\Administrator.PARTSCOMPUTER\Application Data\Mozilla\Firefox\Profiles\t2d7wq9d.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\Administrator.PARTSCOMPUTER\Application Data\Mozilla\Firefox\Profiles\t2d7wq9d.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071102000005.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2009-07-10 00:33
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3136)
c:\windows\system32\vuvimuwe.dll
c:\windows\system32\nehakite.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
.
**************************************************************************
.
Completion time: 2009-07-10 0:44 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-10 07:42
ComboFix2.txt 2009-06-15 06:51
Pre-Run: 5,429,927,936 bytes free
Post-Run: 5,391,306,752 bytes free
547 --- E O F --- 2009-03-25 10:00
Help
Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.
Attach.txt (1.8K)
Back to top
