Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Help! Trojan.Agent and Trojan.Vundo


  • Please log in to reply
11 replies to this topic

#1 kennethlindley

kennethlindley

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 16 November 2008 - 12:08 PM

Somehow in the past couple of weeks I have acquired AntiSpyware 2009 (which I got rid of with Malwarebytes) and Trojan.Agent and Trojan.Vundo, which I cannot seem to shake.

While surfing the internet, random pop-ups will "pop up" every 2 or 3 minutes, and they all start with <hxxp://gallimp.com> before changing to some other web address. Most of these are then ads for online entertainment video sites or financial ads.

I have tried reading through these forums to find out how to rid myself of these problems, and it seems that you all are very helpful. When the comptuer really starts getting bogged down, I run Malwarebytes and it always finds Trojan.Agent and Trojan.Vundo, despite removing them hours earlier.

I have downloaded and tried to run SDFix, and seem to have encountered an error that no one else has described. I boot up in safe mode and run the program, but all it says is that it is searching processes and has a blinking cursor on the 3rd line where it should say "This process may take up to 20 minutes. . . . ." It never gets beyond this, even after leaving the computer on overnight. Any insight on how to get it to work would be greatly appreciated.

Also, I ran Hijackthis, and here is my thread:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:03:56 PM, on 11/16/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
E:\Program Files\PhotoshopElementsFileAgent.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
E:\Program Files\apdproxy.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\PIXELA\ImageMixer3\HDDCameraMonitor.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\AVG\AVG8\avgscanx.exe
C:\WINDOWS\system32\som8oTyv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://espn.go.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://espn.go.com/
O2 - BHO: (no name) - {084FBE50-EB88-452A-8E57-6D0F8C17322d} - C:\WINDOWS\system32\cwkpfhjq.dll (file missing)
O2 - BHO: (no name) - {0F838DA3-061B-4976-B0F2-95E2DDDFE65e} - C:\WINDOWS\system32\cwkpfhjq.dll (file missing)
O2 - BHO: (no name) - {109F7CA0-EB88-452A-8E57-6D0F8C17322d} - C:\WINDOWS\system32\cwkpfhjq.dll (file missing)
O2 - BHO: (no name) - {1F071B46-061B-4976-B0F2-95E2DDDFE65e} - C:\WINDOWS\system32\cwkpfhjq.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {476346D2-C808-43B6-A7B9-919417852968} - C:\WINDOWS\system32\rqRLfeBQ.dll (file missing)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: (no name) - {c4961c38-b939-4af4-8f8c-8908176705e3} - C:\WINDOWS\system32\fegopuyi.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Adobe Photo Downloader] "E:\Program Files\apdproxy.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [judevagope] Rundll32.exe "C:\WINDOWS\system32\dijepahu.dll",s
O4 - HKLM\..\Run: [c094ad07] rundll32.exe "C:\WINDOWS\system32\pivumuwe.dll",b
O4 - HKLM\..\Run: [CPMc3a79e9b] Rundll32.exe "c:\windows\system32\jotogeni.dll",a
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Aepp] C:\Documents and Settings\Max Power\Application Data\mwpe.exe
O4 - HKCU\..\Run: [Wlcgdaj] C:\WINDOWS\system32\w?nlogon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\Max Power\Application Data\gadcom\gadcom.exe" 61A847B5BBF72813338B2B27128065E9C084320161C4661227A755E9C2933154389A
O4 - HKUS\S-1-5-19\..\Run: [judevagope] Rundll32.exe "C:\WINDOWS\system32\dijepahu.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [judevagope] Rundll32.exe "C:\WINDOWS\system32\dijepahu.dll",s (User 'NETWORK SERVICE')
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: ImageMixer HDD Camera Monitor.lnk = ?
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} - http://s3.photoparade.com/autoinstall/phpsetup.cab
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/contr...vex/TmHcmsX.CAB
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://www.viidoo.tv/TVUAx.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/276bbe6d91d6d2...ip/RdxIE601.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://meijer.lifepics.com/net/Uploader/ImageUploader3.cab
O16 - DPF: {AE6C4705-0F11-4ACB-BDD4-37F138BEF289} (Image Uploader Control) - http://meijer.lifepics.com/net/Uploader/LPUploader41.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://unmcnotes02.unmc.edu/dwa7W.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://xlonhcld.xlontech.net/100348/qmpbet...2ie06011811.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...410/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0CFFD435-C521-44B4-A8A7-4A06AB390050}: NameServer = 206.141.195.204,206.141.192.60
O17 - HKLM\System\CCS\Services\Tcpip\..\{AC18D94D-1007-448C-B708-BD9EC5E82638}: NameServer = 206.141.195.204,206.141.192.60
O17 - HKLM\System\CS1\Services\Tcpip\..\{0CFFD435-C521-44B4-A8A7-4A06AB390050}: NameServer = 206.141.195.204,206.141.192.60
O17 - HKLM\System\CS2\Services\Tcpip\..\{0CFFD435-C521-44B4-A8A7-4A06AB390050}: NameServer = 206.141.195.204,206.141.192.60
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\fuzenofo.dll,c:\windows\system32\jotogeni.dll,avgrsstx.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\jotogeni.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\jotogeni.dll
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - E:\Program Files\PhotoshopElementsFileAgent.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 10747 bytes



Please help me!!! I am desperate and am considering running "Doctor Format," but I don't have time for that.
Thank you,
Kenny

Edited by Orange Blossom, 11 February 2013 - 02:28 AM.
Deactivate link. ~ OB


BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:46 PM

Posted 16 November 2008 - 12:44 PM

Hello kennethlindley

Welcome to BleepingComputer :thumbsup:
========================
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 kennethlindley

kennethlindley
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 16 November 2008 - 01:21 PM

Here is log.txt:

Logfile of random's system information tool 1.04 (written by random/random)
Run by Max Power at 2008-11-16 13:12:27
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 7 GB (26%) free of 29 GB
Total RAM: 1015 MB (30% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:13:15 PM, on 11/16/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
E:\Program Files\PhotoshopElementsFileAgent.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
E:\Program Files\apdproxy.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\PIXELA\ImageMixer3\HDDCameraMonitor.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\AVG\AVG8\avgscanx.exe
C:\WINDOWS\system32\som8oTyv.exe
C:\Documents and Settings\Max Power\Local Settings\Temporary Internet Files\Content.IE5\V0UKPRLF\stinger1001602[1].exe
C:\Documents and Settings\Max Power\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Max Power.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://espn.go.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://espn.go.com/
O2 - BHO: (no name) - {084FBE50-EB88-452A-8E57-6D0F8C17322d} - C:\WINDOWS\system32\cwkpfhjq.dll (file missing)
O2 - BHO: (no name) - {0F838DA3-061B-4976-B0F2-95E2DDDFE65e} - C:\WINDOWS\system32\cwkpfhjq.dll (file missing)
O2 - BHO: (no name) - {109F7CA0-EB88-452A-8E57-6D0F8C17322d} - C:\WINDOWS\system32\cwkpfhjq.dll (file missing)
O2 - BHO: (no name) - {1F071B46-061B-4976-B0F2-95E2DDDFE65e} - C:\WINDOWS\system32\cwkpfhjq.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {476346D2-C808-43B6-A7B9-919417852968} - C:\WINDOWS\system32\rqRLfeBQ.dll (file missing)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: (no name) - {c4961c38-b939-4af4-8f8c-8908176705e3} - C:\WINDOWS\system32\fegopuyi.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Adobe Photo Downloader] "E:\Program Files\apdproxy.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [judevagope] Rundll32.exe "C:\WINDOWS\system32\dijepahu.dll",s
O4 - HKLM\..\Run: [c094ad07] rundll32.exe "C:\WINDOWS\system32\pivumuwe.dll",b
O4 - HKLM\..\Run: [CPMc3a79e9b] Rundll32.exe "c:\windows\system32\jotogeni.dll",a
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Aepp] C:\Documents and Settings\Max Power\Application Data\mwpe.exe
O4 - HKCU\..\Run: [Wlcgdaj] C:\WINDOWS\system32\w?nlogon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\Max Power\Application Data\gadcom\gadcom.exe" 61A847B5BBF72813338B2B27128065E9C084320161C4661227A755E9C2933154389A
O4 - HKUS\S-1-5-19\..\Run: [judevagope] Rundll32.exe "C:\WINDOWS\system32\dijepahu.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [judevagope] Rundll32.exe "C:\WINDOWS\system32\dijepahu.dll",s (User 'NETWORK SERVICE')
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: ImageMixer HDD Camera Monitor.lnk = ?
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} - http://s3.photoparade.com/autoinstall/phpsetup.cab
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/contr...vex/TmHcmsX.CAB
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://www.viidoo.tv/TVUAx.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/276bbe6d91d6d2...ip/RdxIE601.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://meijer.lifepics.com/net/Uploader/ImageUploader3.cab
O16 - DPF: {AE6C4705-0F11-4ACB-BDD4-37F138BEF289} (Image Uploader Control) - http://meijer.lifepics.com/net/Uploader/LPUploader41.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://unmcnotes02.unmc.edu/dwa7W.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://xlonhcld.xlontech.net/100348/qmpbet...2ie06011811.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...410/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0CFFD435-C521-44B4-A8A7-4A06AB390050}: NameServer = 206.141.195.204,206.141.192.60
O17 - HKLM\System\CCS\Services\Tcpip\..\{AC18D94D-1007-448C-B708-BD9EC5E82638}: NameServer = 206.141.195.204,206.141.192.60
O17 - HKLM\System\CS1\Services\Tcpip\..\{0CFFD435-C521-44B4-A8A7-4A06AB390050}: NameServer = 206.141.195.204,206.141.192.60
O17 - HKLM\System\CS2\Services\Tcpip\..\{0CFFD435-C521-44B4-A8A7-4A06AB390050}: NameServer = 206.141.195.204,206.141.192.60
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\fuzenofo.dll,c:\windows\system32\jotogeni.dll,avgrsstx.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\jotogeni.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\jotogeni.dll
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - E:\Program Files\PhotoshopElementsFileAgent.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 10919 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At10.job
C:\WINDOWS\tasks\At11.job
C:\WINDOWS\tasks\At12.job
C:\WINDOWS\tasks\At13.job
C:\WINDOWS\tasks\At14.job
C:\WINDOWS\tasks\At15.job
C:\WINDOWS\tasks\At16.job
C:\WINDOWS\tasks\At17.job
C:\WINDOWS\tasks\At18.job
C:\WINDOWS\tasks\At19.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At20.job
C:\WINDOWS\tasks\At21.job
C:\WINDOWS\tasks\At22.job
C:\WINDOWS\tasks\At23.job
C:\WINDOWS\tasks\At24.job
C:\WINDOWS\tasks\At25.job
C:\WINDOWS\tasks\At26.job
C:\WINDOWS\tasks\At27.job
C:\WINDOWS\tasks\At28.job
C:\WINDOWS\tasks\At29.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At30.job
C:\WINDOWS\tasks\At31.job
C:\WINDOWS\tasks\At32.job
C:\WINDOWS\tasks\At33.job
C:\WINDOWS\tasks\At34.job
C:\WINDOWS\tasks\At35.job
C:\WINDOWS\tasks\At36.job
C:\WINDOWS\tasks\At37.job
C:\WINDOWS\tasks\At38.job
C:\WINDOWS\tasks\At39.job
C:\WINDOWS\tasks\At4.job
C:\WINDOWS\tasks\At40.job
C:\WINDOWS\tasks\At41.job
C:\WINDOWS\tasks\At42.job
C:\WINDOWS\tasks\At43.job
C:\WINDOWS\tasks\At44.job
C:\WINDOWS\tasks\At45.job
C:\WINDOWS\tasks\At46.job
C:\WINDOWS\tasks\At47.job
C:\WINDOWS\tasks\At48.job
C:\WINDOWS\tasks\At5.job
C:\WINDOWS\tasks\At6.job
C:\WINDOWS\tasks\At7.job
C:\WINDOWS\tasks\At8.job
C:\WINDOWS\tasks\At9.job
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1081998092.job
C:\WINDOWS\tasks\WebReg 20040828011535.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{084FBE50-EB88-452A-8E57-6D0F8C17322d}]
C:\WINDOWS\system32\cwkpfhjq.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0F838DA3-061B-4976-B0F2-95E2DDDFE65e}]
C:\WINDOWS\system32\cwkpfhjq.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{109F7CA0-EB88-452A-8E57-6D0F8C17322d}]
C:\WINDOWS\system32\cwkpfhjq.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1F071B46-061B-4976-B0F2-95E2DDDFE65e}]
C:\WINDOWS\system32\cwkpfhjq.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-11-16 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{476346D2-C808-43B6-A7B9-919417852968}]
C:\WINDOWS\system32\rqRLfeBQ.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-11-16 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c4961c38-b939-4af4-8f8c-8908176705e3}]
C:\WINDOWS\system32\fegopuyi.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BA52B914-B692-46c4-B683-905236F6F655}
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-11-16 2055960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Photo Downloader"=E:\Program Files\apdproxy.exe [2005-09-09 57344]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2004-10-29 4620288]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-09-01 282624]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-02-15 135168]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-02-15 159744]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-02-15 131072]
"SNM"=C:\Program Files\SpyNoMore\SNM.exe /startup []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"judevagope"=C:\WINDOWS\system32\dijepahu.dll []
"c094ad07"=C:\WINDOWS\system32\pivumuwe.dll [2008-11-16 85044]
"CPMc3a79e9b"=c:\windows\system32\jotogeni.dll [2008-11-16 92724]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-11-16 1234712]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Aepp"=C:\Documents and Settings\Max Power\Application Data\mwpe.exe []
"Wlcgdaj"=C:\WINDOWS\system32\w?nlogon.exe []
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe []
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]
"gadcom"=C:\Documents and Settings\Max Power\Application Data\gadcom\gadcom.exe 61A847B5BBF72813338B2B27128065E9C084320161C4661227A755E9C2933154389A []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
DataViz Inc Messenger.lnk - C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
HOTSYNCSHORTCUTNAME.lnk - C:\Program Files\Palm\Hotsync.exe
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
ImageMixer HDD Camera Monitor.lnk - C:\Program Files\PIXELA\ImageMixer3\HDDCameraMonitor.exe
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINDOWS\system32\fuzenofo.dll,c:\windows\system32\jotogeni.dll,avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-02-15 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\jotogeni.dll [2008-11-16 92724]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\jotogeni.dll [2008-11-16 92724]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\WINDOWS\system32\fuzenofo.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSserv.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDSSserv.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0
"ForceClassicControlPanel"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
""=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Starcraft\starcraft.exe"="C:\Program Files\Starcraft\starcraft.exe:*:Enabled:Starcraft"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Morpheus\mldonkey\mlnet.exe"="C:\Program Files\Morpheus\mldonkey\mlnet.exe:*:Enabled:MLdonkey - multiuser P2P daemon"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui"
"C:\Program Files\McAfee.com\VSO\mcvsrte.exe"="C:\Program Files\McAfee.com\VSO\mcvsrte.exe:*:Enabled:mcvsrte"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"E:\Program Files\PhotoshopElementsFileAgent.exe"="E:\Program Files\PhotoshopElementsFileAgent.exe:*:Enabled:PhotoshopElementsFileAgent"
"C:\WINDOWS\system32\lsass.exe"="C:\WINDOWS\system32\lsass.exe:*:Enabled:lsass"
"E:\BitTorrent\bittorrent.exe"="E:\BitTorrent\bittorrent.exe:*:Disabled:BitTorrent"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire"
"C:\Program Files\Morpheus\MorphEXE.exe"="C:\Program Files\Morpheus\MorphEXE.exe:*:Disabled:Morpheus"
"C:\WINDOWS\system32\som8oTyv.exe"="C:\WINDOWS\system32\som8oTyv.exe:*:Enabled:som8oTyv"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\WINDOWS\system32\services.exe"="C:\WINDOWS\system32\services.exe:*:Enabled:services"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b823ec90-7fc2-11d9-9acf-806d6172696f}]
shell\AutoRun\command - D:\install.EXE id= ver=1.0.0.0


======List of files/folders created in the last 1 months======

2008-11-16 13:12:27 ----D---- C:\rsit
2008-11-16 12:03:25 ----D---- C:\Program Files\Trend Micro
2008-11-16 12:00:11 ----HD---- C:\$AVG8.VAULT$
2008-11-16 11:54:25 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2008-11-16 11:54:14 ----D---- C:\Documents and Settings\Max Power\Application Data\AVGTOOLBAR
2008-11-16 11:53:58 ----D---- C:\Program Files\AVG
2008-11-16 11:53:57 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-11-16 10:48:30 ----SH---- C:\WINDOWS\system32\ewumuvip.ini
2008-11-15 20:17:48 ----A---- C:\WINDOWS\system32\som8oTyv.exe.a_a
2008-11-15 04:54:50 ----SH---- C:\WINDOWS\system32\gulobimu.exe
2008-11-14 22:02:04 ----D---- C:\WINDOWS\ERUNT
2008-11-14 22:01:27 ----D---- C:\SDFix
2008-11-14 21:59:39 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-09 11:14:03 ----A---- C:\WINDOWS\system32\cbb76979-.txt
2008-11-09 11:06:13 ----D---- C:\Documents and Settings\Max Power\Application Data\gadcom
2008-10-26 17:56:54 ----D---- C:\Program Files\Common Files\Adobe AIR
2008-10-25 18:34:42 ----D---- C:\Documents and Settings\Max Power\Application Data\Malwarebytes
2008-10-25 18:34:37 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-25 18:34:36 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-25 18:22:53 ----D---- C:\Program Files\Common Files\Download Manager
2008-10-25 17:13:44 ----A---- C:\WINDOWS\system32\uqo5qVbx.dll
2008-10-25 14:41:03 ----D---- C:\Program Files\Citrix
2008-10-25 14:35:51 ----A---- C:\WINDOWS\yradinyfer.bat
2008-10-25 14:35:51 ----A---- C:\Documents and Settings\All Users\Application Data\zegyvesuto.bat
2008-10-25 14:35:51 ----A---- C:\Documents and Settings\All Users\Application Data\hogaxil.dll
2008-10-25 14:11:10 ----A---- C:\WINDOWS\system32\igedoce.bat
2008-10-25 14:11:10 ----A---- C:\WINDOWS\system32\hexexaler.exe
2008-10-25 14:11:10 ----A---- C:\WINDOWS\meralut.com
2008-10-25 14:11:10 ----A---- C:\Program Files\Common Files\wanewa.vbs
2008-10-23 14:22:23 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-19 15:59:30 ----A---- C:\WINDOWS\system32\som8oTyv.exe

======List of files/folders modified in the last 1 months======

2008-11-16 13:13:23 ----D---- C:\WINDOWS\Temp
2008-11-16 12:44:19 ----D---- C:\WINDOWS\system32
2008-11-16 12:20:34 ----D---- C:\Program Files\DIGStream
2008-11-16 12:03:25 ----RD---- C:\Program Files
2008-11-16 11:55:34 ----D---- C:\WINDOWS\Prefetch
2008-11-16 11:54:25 ----D---- C:\WINDOWS\system32\drivers
2008-11-16 11:53:50 ----SHD---- C:\WINDOWS\Installer
2008-11-16 11:53:50 ----D---- C:\WINDOWS\WinSxS
2008-11-16 11:53:50 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-11-16 11:51:54 ----D---- C:\WINDOWS
2008-11-16 11:32:20 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-16 11:15:48 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-16 10:55:01 ----D---- C:\Program Files\Common Files\System
2008-11-16 10:50:39 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-11-16 10:48:27 ----ASH---- C:\WINDOWS\system32\pivumuwe.dll
2008-11-16 10:48:27 ----ASH---- C:\WINDOWS\system32\jotogeni.dll
2008-11-15 19:19:20 ----D---- C:\WINDOWS\security
2008-11-15 18:12:12 ----A---- C:\WINDOWS\imsins.BAK
2008-11-15 18:12:11 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-15 15:13:42 ----A---- C:\WINDOWS\win.ini
2008-11-15 11:12:02 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-14 22:00:13 ----D---- C:\Documents and Settings
2008-11-13 13:44:48 ----ASH---- C:\WINDOWS\system32\defohesi.dll
2008-11-11 13:23:59 ----D---- C:\WINDOWS\network diagnostic
2008-11-10 18:33:17 ----D---- C:\Program Files\Internet Explorer
2008-11-10 13:01:38 ----ASH---- C:\WINDOWS\system32\kesekepe.dll
2008-11-09 12:24:03 ----D---- C:\WINDOWS\SoftwareDistribution
2008-11-09 11:55:46 ----D---- C:\Program Files\Common Files
2008-11-09 11:48:41 ----RSD---- C:\WINDOWS\assembly
2008-11-08 13:51:34 ----ASH---- C:\WINDOWS\system32\higalepo.dll
2008-11-07 15:15:48 ----ASH---- C:\WINDOWS\system32\rahehuvo.dll
2008-10-31 15:06:07 ----D---- C:\WINDOWS\Minidump
2008-10-30 15:15:44 ----D---- C:\WINDOWS\Help
2008-10-27 13:56:14 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2008-10-27 13:56:13 ----D---- C:\Program Files\NOS
2008-10-26 17:57:11 ----D---- C:\Program Files\Adobe
2008-10-26 17:56:31 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-10-26 17:55:47 ----D---- C:\Program Files\Common Files\Adobe
2008-10-26 17:51:19 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-25 14:16:59 ----D---- C:\Program Files\Common Files\DataViz
2008-10-25 14:15:18 ----D---- C:\Program Files\BookSmart
2008-10-23 14:22:33 ----HD---- C:\WINDOWS\inf
2008-10-23 14:21:34 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-19 15:59:30 ----SD---- C:\WINDOWS\Tasks

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-05-12 43672]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-11-16 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-11-16 26824]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 OMCI;OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632]
R2 aslm75;aslm75; \??\C:\WINDOWS\system32\drivers\aslm75.sys []
R2 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-11-16 76040]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\System32\PfModNT.sys []
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l251x86.sys [2007-10-17 30720]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\System32\drivers\ctac32k.sys [2002-07-18 127948]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2002-07-18 837548]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\System32\drivers\ctprxy2k.sys [2002-07-18 11068]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\drivers\ctsfm2k.sys [2002-07-18 213860]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\System32\drivers\emupia2k.sys [2002-07-18 156604]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2005-02-02 14408]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2002-07-24 998004]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-02-15 5854752]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-12 5810]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2002-07-18 195432]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-13 37760]
S1 TDSSserv.sys);TDSSserv.sys); C:\WINDOWS\system32\drivers\TDSSmqlt.sys []
S1 TDSSserv.sys;TDSSserv.sys; C:\WINDOWS\system32\drivers\TDSSpqxt.sys []
S2 F-SECURE AVP;F-SECURE AVP; \??\C:\Program Files\AntiViral Toolkit Pro\FSAVP.SYS []
S3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter; C:\WINDOWS\System32\DRIVERS\AN983.sys [2004-08-03 36224]
S3 ATE_PROCMON;ATE_PROCMON; \??\C:\Program Files\Anti Trojan Elite\ATEPMon.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\MAXPOW~1\LOCALS~1\Temp\catchme.sys []
S3 ctljystk;Creative SBLive! Gameport; C:\WINDOWS\System32\DRIVERS\ctljystk.sys [2001-08-17 3712]
S3 DM9102;DAVICOM 9102(A) PCI Fast Ethernet Based NT Driver; C:\WINDOWS\System32\DRIVERS\DM9PCI5.SYS [2001-08-17 29696]
S3 EUSBMSD;eUSB SmartMedia Driver; C:\WINDOWS\System32\DRIVERS\EUSBMSD.SYS [2001-08-27 50528]
S3 F-SECURE Filter;F-SECURE Filter; \??\C:\Program Files\AntiViral Toolkit Pro\FSFILTER.SYS []
S3 F-SECURE Gatekeeper;F-SECURE Gatekeeper; \??\C:\Program Files\AntiViral Toolkit Pro\FSGK.SYS []
S3 F-SECURE Recognizer;F-SECURE Recognizer; \??\C:\Program Files\AntiViral Toolkit Pro\FSREC.SYS []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [2003-03-09 51024]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [2003-03-09 16080]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [2003-03-09 21456]
S3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
S3 NdUsbMsn;ARESCOM USB Network Adapter; C:\WINDOWS\System32\DRIVERS\NdUsbMsn.sys [2001-10-21 18023]
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-10-29 2826944]
S3 nv4;nv4; C:\WINDOWS\System32\DRIVERS\nv4.sys [2001-08-17 731648]
S3 nvax;Service for NVIDIA® nForce™ Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2002-12-04 13056]
S3 NVENET;NVIDIA nForce MCP Networking Adapter Driver; C:\WINDOWS\System32\DRIVERS\NVENET.sys [2002-09-22 80896]
S3 nvnforce;Service for NVIDIA® nForce™ Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2002-12-04 241664]
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys [2006-06-04 16694]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeActiveFileMonitor4.0;Adobe Active File Monitor V4; E:\Program Files\PhotoshopElementsFileAgent.exe [2005-09-09 102400]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-11-16 875288]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-11-16 231704]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\System32\CTsvcCDA.exe [1999-12-13 44032]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-01-29 66872]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2004-10-29 127043]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe []
S3 iPodService;iPodService; C:\Program Files\iPod\bin\iPodService.exe [2006-02-23 323584]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\HPZipm12.exe [2003-03-09 65795]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------


And here is info.txt:
info.txt logfile of random's system information tool 1.04 2008-11-16 13:13:31

======Uninstall list======

-->"C:\Program Files\Creative\SBLive\Program\Ctzapxx.EXE" /X /U /S
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->MsiExec.exe /I{C98E5F1B-5C2B-4FD1-BDF9-F3779DCAAA16}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48E3A9E6-FA13-11D5-8CC9-00A0C98192B6}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48E3A9E6-FA13-11D5-8CC9-00A0C98192B6}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58582977-44D2-44A0-A09B-031CC2AE5938}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58582977-44D2-44A0-A09B-031CC2AE5938}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A731533B-B325-4D9C-91A4-D93C8E294C19}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A731533B-B325-4D9C-91A4-D93C8E294C19}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7337A45-3FE5-4392-ABBB-26B794D060C9}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7337A45-3FE5-4392-ABBB-26B794D060C9}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9 /remove
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 2.0-->MsiExec.exe /I{8FFC924C-ED06-44CB-8867-3CA778ECE903}
Adobe Photoshop Elements 4.0-->msiexec /I {EBB7C1C1-D439-4D9B-9FDC-954C10F266B0}
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
ArcSoft Panorama Maker 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5F68DC8-0278-4AD8-B413-861509B5F25B}\Setup.exe" -l0x9
ASUS Probe V2.20.03-->C:\WINDOWS\uninst.exe -f"C:\Program Files\ASUS\Probe\DeIsL1.isu" -c"C:\Program Files\ASUS\Probe\probunis.dll"
Auto Gordian Knot 1.60-->C:\Program Files\AutoGK\uninst.exe
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
BookSmart™ 1.9.2 1.9.2-->C:\Program Files\BookSmart\uninstall.exe
Call of Duty® 2-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D0A05794-48C2-4424-A15A-9F20FCFDD374} /l1033
Cheetah DVD Burner-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{563E2BC8-A0CA-4A81-9DD2-897BB326C679}\Setup.exe"
Citrix Presentation Server Client - Web Only-->MsiExec.exe /X{C49067A8-8212-4A82-A4D9-1519701644F0}
Data Lifeguard Tools-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}\Setup.exe"
DING!-->MsiExec.exe /X{84031A18-BA9A-4156-A74F-E05B52DDFCE2}
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
Documents To Go-->MsiExec.exe /X{EB807EB6-5179-48B7-98D4-7B4934A57A81}
DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
DVDFab HD Decrypter 3.1.5.0-->"C:\Program Files\DVDFab HD Decrypter 3\unins000.exe"
ESPNMotion-->C:\PROGRA~1\ESPNMO~1\UNWISE.EXE /u C:\PROGRA~1\ESPNMO~1\INSTALL.LOG
HighMAT Extension to Microsoft Windows XP CD Writing Wizard-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2-->"C:\Documents and Settings\Tara\Local Settings\Temporary Internet Files\Content.IE5\QV3E68YQ\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HouseCall 6.6-->"C:\Documents and Settings\Tara\Application Data\HouseCall 6.6\uninstaller.exe"
HP Memories Disc-->MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
HP Photo and Imaging 2.0 - All-in-One Drivers-->MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
HP Photo and Imaging 2.0 - All-in-One-->MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
HP Photo and Imaging 2.0 - hp psc 1200 series-->C:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat -forcereboot
hp psc 1200 series-->MsiExec.exe /X{C900EF06-2E76-49C7-8DB0-41F629B21DC5}
ImageMixer3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{751910E3-ECF1-44D0-BF3F-2936A4424514}\setup.exe" -l0x9 UNINSTALL -removeonly
Intel® Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
iPod for Windows 2006-03-23-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB} /l1033
iTunes-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{59C4F14F-7590-45FC-BE9F-A67AB3590709} /l1033
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Java 2 Runtime Environment, SE v1.4.2_05-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142050}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
LDS Gospel Resource-->C:\PROGRA~1\LDSGOS~1\UNWISE.EXE C:\PROGRA~1\LDSGOS~1\INSTALL.LOG
Links LS 1998-->C:\WINDOWS\uninst.exe -f"C:\Program Files\LinksLS98\DeIsL1.isu"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Move Networks Player for Internet Explorer-->"C:\Documents and Settings\Tara\Application Data\Move Networks\ie_bin\unins000.exe"
MSN Music Assistant-->rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
Nikon Message Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\Setup.exe" -l0x9 UNINSTALL
NVIDIA Drivers-->C:\WINDOWS\System32\nvudisp.exe UninstallGUI
NVIDIA Windows 2000/XP nForce Drivers-->rundll32.exe C:\WINDOWS\System32\NVNFINST.DLL,NvUninstallCrush
OpenCASE Media Agent-->MsiExec.exe /I{1771FDC8-D846-4B77-996A-C80DAD42C03F}
Palm-->MsiExec.exe /X{ADAED43C-BBD9-42C5-8B21-F4FBFA81E3C3}
PhotoStreamer 2-->"C:\Documents and Settings\All Users\Application Data\{BA892C10-A262-42D0-B6AD-2ADE4916F871}\PhotoStreamer2Setup.exe" REMOVE=TRUE MODIFY=FALSE
PictureProject-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF3999BE-1A7B-4738-88AA-97BF14094A4A}\Setup.exe" -l0x9 UNINSTALL
QuickTime-->MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953155)-->"C:\WINDOWS\$NtUninstallKB953155$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
SopCast 3.0.0-->C:\Program Files\SopCast\uninst.exe
Sound Blaster Live!-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9115E7DB-3B29-445A-802D-11E0AA945B7F}\SETUP.EXE" -l0x9
Theorica Divx ;-) Codecs (remove only)-->C:\Program Files\Theorica Divx ;-) Codecs\Uninstall.exe
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Virtools 3D Life Player-->C:\Program Files\Virtools\3D Life Player\WebplayerConfig.exe -u
VobSub v2.23 (Remove Only)-->"C:\Program Files\Gabest\VobSub\uninstall.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
XviD MPEG-4 Video Codec-->"C:\Program Files\XviD\unins000.exe"

======Security center information======

AV: AVG Anti-Virus Free (outdated)

======Environment variables======

"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=2
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0f0d
"QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"windir"=%SystemRoot%

-----------------EOF-----------------



Thanks for your help.

#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:46 PM

Posted 16 November 2008 - 03:01 PM

Download this program:

submit files packer

Highlight the files listed below in bold and right-click and selecting copy.

C:\WINDOWS\system32\som8oTyv.exe.a_a
C:\WINDOWS\system32\gulobimu.exe
C:\WINDOWS\yradinyfer.bat
C:\WINDOWS\system32\hexexaler.exe
C:\WINDOWS\meralut.com
C:\Program Files\Common Files\wanewa.vbs



Then start the file packer program and right click in the white box and select paste to paste the copied file names in the field.

Then press the Continue button.

I will create an archive with these files and a small log on your Desktop that starts with a name like requested-file[date].cab.

Rename this file to samples.

Click Here to upload the files please.
================
Download ComboFix from one of these locations:

Link 1
Link 2
Link 3


* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 kennethlindley

kennethlindley
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 16 November 2008 - 03:57 PM

I submitted the "samples" file that you requested, so hopefully you can find it.

Here is the log.txt from running ComboFix:


ComboFix 08-11-14.01 - Max Power 2008-11-16 15:39:56.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502 [GMT -5:00]
Running from: c:\documents and settings\Max Power\Desktop\ComboFix.exe
* Created a new restore point
.
The following files were disabled during the run:
c:\windows\system32\fuzenofo.dll
c:\windows\system32\jotogeni.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Max Power\Application Data\gadcom
c:\documents and settings\Tara\Cookies\howo.db
c:\documents and settings\Tara\Cookies\ihepazy.dat
c:\documents and settings\Tara\Local Settings\Temporary Internet Files\busiv.inf
c:\documents and settings\Tara\Local Settings\Temporary Internet Files\opalo.dll
c:\windows\Downloaded Program Files\setup.inf
c:\windows\IE4 Error Log.txt
c:\windows\system32\ewumuvip.ini
c:\windows\system32\som8oTyv.exe.a_a
c:\windows\system32\TDSSorvd.dat
c:\windows\system32\uqo5qVbx.dll
c:\windows\system32\wnscpsu.exe
c:\windows\system32\x64
c:\windows\wiaserviv.log

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV.SYS)
-------\Service_TDSSserv.sys
-------\Service_TDSSserv.sys)


((((((((((((((((((((((((( Files Created from 2008-10-16 to 2008-11-16 )))))))))))))))))))))))))))))))
.

2008-11-16 13:12 . 2008-11-16 13:13 <DIR> d-------- C:\rsit
2008-11-16 12:03 . 2008-11-16 12:03 <DIR> d-------- c:\program files\Trend Micro
2008-11-16 12:00 . 2008-11-16 12:00 <DIR> d-------- c:\documents and settings\NetworkService\Application Data\AVGTOOLBAR
2008-11-16 12:00 . 2008-11-16 13:20 <DIR> d--h----- C:\$AVG8.VAULT$
2008-11-16 11:54 . 2008-11-16 11:54 <DIR> d-------- c:\windows\system32\drivers\Avg
2008-11-16 11:54 . 2008-11-16 11:56 <DIR> d-------- c:\documents and settings\Max Power\Application Data\AVGTOOLBAR
2008-11-16 11:54 . 2008-11-16 11:54 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2008-11-16 11:54 . 2008-11-16 11:54 76,040 --a------ c:\windows\system32\drivers\avgtdix.sys
2008-11-16 11:54 . 2008-11-16 11:54 10,520 --a------ c:\windows\system32\avgrsstx.dll
2008-11-16 11:53 . 2008-11-16 11:53 <DIR> d-------- c:\program files\AVG
2008-11-16 11:53 . 2008-11-16 11:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2008-11-15 19:23 . 2007-12-24 17:37 138,384 --a------ c:\windows\system32\drivers\tmcomm.sys
2008-11-15 19:22 . 2008-11-15 21:35 <DIR> d-------- c:\documents and settings\Tara\Application Data\HouseCall 6.6
2008-11-15 12:12 . 2008-11-15 12:12 54,156 --ah----- c:\windows\QTFont.qfn
2008-11-15 12:12 . 2008-11-15 12:12 1,409 --a------ c:\windows\QTFont.for
2008-11-15 04:54 . 2008-11-15 04:54 6,537 ---hs---- c:\windows\system32\gulobimu.exe
2008-11-14 22:02 . 2008-11-14 22:02 <DIR> d-------- c:\windows\ERUNT
2008-11-14 22:01 . 2008-11-16 11:19 <DIR> d-------- C:\SDFix
2008-11-14 22:00 . 2008-11-16 11:54 <DIR> d-------- c:\documents and settings\Administrator
2008-11-11 19:33 . 2008-11-11 19:33 <DIR> d-------- c:\documents and settings\Tara\Application Data\Malwarebytes
2008-11-09 11:55 . 2008-11-09 11:55 18,810 --a------ c:\windows\system32\vesix.sys
2008-11-09 11:55 . 2008-11-09 11:55 17,909 --a------ c:\windows\system32\yqerevek.db
2008-11-09 11:55 . 2008-11-09 11:55 12,077 --a------ c:\windows\system32\gevinyrage._dl
2008-11-09 11:55 . 2008-11-09 11:55 11,455 --a------ c:\windows\system32\bimycuzi.dat
2008-10-26 17:56 . 2008-10-26 17:56 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2008-10-25 18:34 . 2008-10-25 18:34 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-10-25 18:34 . 2008-10-25 18:34 <DIR> d-------- c:\documents and settings\Max Power\Application Data\Malwarebytes
2008-10-25 18:34 . 2008-10-25 18:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-10-25 18:34 . 2008-10-22 15:27 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-25 18:34 . 2008-10-22 15:27 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-10-25 18:23 . 2008-10-25 18:23 1,152 --a------ c:\windows\system32\windrv.sys
2008-10-25 18:22 . 2008-10-25 18:22 <DIR> d-------- c:\program files\Common Files\Download Manager
2008-10-25 14:41 . 2008-10-25 14:41 <DIR> d-------- c:\program files\Citrix
2008-10-25 14:35 . 2008-10-25 14:35 19,932 --a------ c:\windows\yradinyfer.bat
2008-10-25 14:35 . 2008-10-25 14:35 18,659 --a------ c:\documents and settings\All Users\Application Data\hogaxil.dll
2008-10-25 14:35 . 2008-10-25 14:35 18,142 --a------ c:\documents and settings\All Users\Application Data\tyruw.scr
2008-10-25 14:35 . 2008-10-25 14:35 18,030 --a------ c:\documents and settings\All Users\Application Data\xiwesazaza.pif
2008-10-25 14:35 . 2008-10-25 14:35 17,389 --a------ c:\windows\system32\pebacafyr.db
2008-10-25 14:35 . 2008-10-25 14:35 15,053 --a------ c:\windows\ixesagy._sy
2008-10-25 14:35 . 2008-10-25 14:35 13,105 --a------ c:\documents and settings\All Users\Application Data\zegyvesuto.bat
2008-10-25 14:35 . 2008-10-25 14:35 11,812 --a------ c:\program files\Common Files\ycafu.bin
2008-10-25 14:22 . 2008-10-25 18:23 <DIR> d-------- c:\documents and settings\Max Power\.housecall6.6
2008-10-25 14:11 . 2008-10-25 14:11 19,713 --a------ c:\windows\yqiwuqygo.sys
2008-10-25 14:11 . 2008-10-25 14:11 19,584 --a------ c:\windows\meralut.com
2008-10-25 14:11 . 2008-10-25 14:11 18,620 --a------ c:\windows\lulowovo.sys
2008-10-25 14:11 . 2008-10-25 14:11 16,850 --a------ c:\program files\Common Files\wanewa.vbs
2008-10-25 14:11 . 2008-10-25 14:11 16,622 --a------ c:\documents and settings\All Users\Application Data\tyxul.bin
2008-10-25 14:11 . 2008-10-25 14:11 14,395 --a------ c:\windows\system32\hexexaler.exe
2008-10-25 14:11 . 2008-10-25 14:11 14,265 --a------ c:\documents and settings\Tara\Application Data\uxulymexer.reg
2008-10-25 14:11 . 2008-10-25 14:11 11,858 --a------ c:\documents and settings\All Users\Application Data\qyqu.reg
2008-10-25 14:11 . 2008-10-25 14:11 10,525 --a------ c:\windows\system32\igedoce.bat
2008-10-23 13:08 . 2008-10-15 11:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-10-19 15:59 . 2008-11-16 11:14 40,962 --a------ c:\windows\system32\som8oTyv.exe
2008-10-16 12:46 . 2008-10-16 12:46 <DIR> d-------- c:\documents and settings\Tara\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-10-16 07:20 . 2008-09-08 05:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-10-16 07:19 . 2008-08-14 05:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-16 07:19 . 2008-08-14 05:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-16 07:19 . 2008-08-14 04:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-16 07:19 . 2008-08-14 04:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-16 07:19 . 2008-09-15 07:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-16 17:20 --------- d-----w c:\program files\DIGStream
2008-11-16 15:50 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee.com
2008-11-16 15:48 92,724 ----a-w c:\windows\system32\jotogeni.dll.vir
2008-11-16 15:48 85,044 --sha-w c:\windows\system32\pivumuwe.dll
2008-11-13 18:44 92,724 --sha-w c:\windows\system32\defohesi.dll
2008-11-10 18:01 92,212 --sha-w c:\windows\system32\kesekepe.dll
2008-11-09 16:55 12,572 ----a-w c:\program files\Common Files\ipib.ban
2008-11-08 18:51 92,212 --sha-w c:\windows\system32\higalepo.dll
2008-11-07 20:15 92,212 --sha-w c:\windows\system32\rahehuvo.dll
2008-10-30 15:21 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLec.DAT
2008-10-27 18:56 --------- d-----w c:\program files\NOS
2008-10-27 18:56 --------- d-----w c:\documents and settings\All Users\Application Data\NOS
2008-10-26 22:55 --------- d-----w c:\program files\Common Files\Adobe
2008-10-25 19:35 15,529 ----a-w c:\program files\Common Files\etetoteb.lib
2008-10-25 19:16 --------- d-----w c:\program files\Common Files\DataViz
2008-10-25 19:15 --------- d-----w c:\program files\BookSmart
2008-10-25 19:11 19,375 ----a-w c:\program files\Common Files\xogebacid.lib
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-08-28 07:46 74,752 ----a-w c:\windows\system32\msw3prt.dll
2008-08-28 07:46 104,960 ----a-w c:\windows\system32\win32spl.dll
2008-08-26 07:24 826,368 ----a-w c:\windows\system32\wininet.dll
2008-03-27 13:47 104,288 ----a-w c:\documents and settings\Tara\Application Data\GDIPFONTCACHEV1.DAT
2007-10-02 23:16 0 ---ha-w c:\documents and settings\Max Power\hpothb07.dat
2007-03-10 02:13 3,072 --sha-w c:\program files\Thumbs.db
2006-03-14 02:46 98,624 ----a-w c:\documents and settings\Max Power\Application Data\GDIPFONTCACHEV1.DAT
2005-06-23 13:40 259 ---ha-w c:\program files\hpothb07.tif
2005-06-23 13:40 151 ---ha-w c:\program files\hpothb07.dat
2003-11-05 19:16 5,313,488 ------w c:\program files\DivX51Bundle.exe
2005-06-22 13:34 56 --sha-r c:\windows\system32\74F6A32BB9.sys
2006-03-06 17:44 12,418 --sha-w c:\windows\system32\KGyGaAvL.sys
2008-07-22 07:29 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008072220080723\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Wlcgdaj"="c:\windows\system32\w?nlogon.exe" [?]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Photo Downloader"="e:\program files\apdproxy.exe" [2005-09-09 57344]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-10-29 4620288]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"c094ad07"="c:\windows\system32\pivumuwe.dll" [2008-11-16 85044]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-16 1234712]

c:\documents and settings\Tara\Start Menu\Programs\Startup\
DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [2006-06-22 462848]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
DataViz Inc Messenger.lnk - c:\program files\Common Files\DataViz\DvzIncMsgr.exe [2006-06-04 28672]
HOTSYNCSHORTCUTNAME.lnk - c:\program files\Palm\Hotsync.exe [2004-06-09 471040]
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 28672]
ImageMixer HDD Camera Monitor.lnk - c:\program files\PIXELA\ImageMixer3\HDDCameraMonitor.exe [2007-11-24 2117632]
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2007-09-07 118784]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2004-04-20 106560]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv41"= ir41_32.dll
"msacm.ctmp3"= c:\windows\System32\ctmp3.acm
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"VIDC.HFYU"= huffyuv.dll
"vidc.ffds"= c:\program files\Theorica Divx ;-) Codecs\ffdshow.ax
"vidc.i263"= c:\windows\System32\i263_32.drv
"vidc.i420"= c:\windows\System32\i263_32.drv
"msacm.imc"= c:\windows\System32\imc32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\logonui.exe"=
"c:\\WINDOWS\\system32\\winlogon.exe"=
"e:\\Program Files\\PhotoshopElementsFileAgent.exe"=
"c:\\WINDOWS\\system32\\lsass.exe"=
"e:\\BitTorrent\\bittorrent.exe"=
"c:\\WINDOWS\\system32\\som8oTyv.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\WINDOWS\\system32\\services.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-11-16 97928]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-16 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-11-16 76040]
R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\system32\DRIVERS\l251x86.sys [2008-07-22 30720]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-11-16 875288]
S2 F-SECURE AVP;F-SECURE AVP;\??\c:\program files\AntiViral Toolkit Pro\FSAVP.SYS []
S3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;c:\windows\system32\DRIVERS\AN983.sys [2004-04-13 36224]
S3 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\Anti Trojan Elite\ATEPMon.sys []
S3 F-SECURE Filter;F-SECURE Filter;\??\c:\program files\AntiViral Toolkit Pro\FSFILTER.SYS []
S3 F-SECURE Gatekeeper;F-SECURE Gatekeeper;\??\c:\program files\AntiViral Toolkit Pro\FSGK.SYS []
S3 F-SECURE Recognizer;F-SECURE Recognizer;\??\c:\program files\AntiViral Toolkit Pro\FSREC.SYS []
S3 NdUsbMsn;ARESCOM USB Network Adapter;c:\windows\system32\DRIVERS\NdUsbMsn.sys [2004-05-12 18023]
S4 hpt3xx;hpt3xx; []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b823ec90-7fc2-11d9-9acf-806d6172696f}]
\Shell\AutoRun\command - D:\install.EXE id= ver=1.0.0.0
.
Contents of the 'Scheduled Tasks' folder

2008-10-19 c:\windows\Tasks\At1.job
- c:\windows\system32\3bq4prB0.exe []

2008-11-15 c:\windows\Tasks\At10.job
- c:\windows\system32\3bq4prB0.exe []

2008-11-15 c:\windows\Tasks\At11.job
- c:\windows\system32\3bq4prB0.exe []

2008-11-16 c:\windows\Tasks\At12.job
- c:\windows\system32\3bq4prB0.exe []

2008-11-16 c:\windows\Tasks\At13.job
- c:\windows\system32\3bq4prB0.exe []

2008-11-16 c:\windows\Tasks\At14.job
- c:\windows\system32\3bq4prB0.exe []

2008-11-16 c:\windows\Tasks\At15.job
- c:\windows\system32\3bq4prB0.exe []

2008-11-16 c:\windows\Tasks\At16.job
- c:\windows\system32\3bq4prB0.exe []

2008-11-15 c:\windows\Tasks\At17.job
- c:\windows\system32\3bq4prB0.exe []

2008-11-15 c:\windows\Tasks\At18.job
- c:\windows\system32\3bq4prB0.exe []

2008-11-15 c:\windows\Tasks\At19.job
- c:\windows\system32\3bq4prB0.exe []

2008-10-19 c:\windows\Tasks\At2.job
- c:\windows\system32\3bq4prB0.exe []

2008-11-16 c:\windows\Tasks\At20.job
- c:\windows\system32\3bq4prB0.exe []

2008-11-16 c:\windows\Tasks\At21.job
- c:\windows\system32\3bq4prB0.exe []

2008-11-16 c:\windows\Tasks\At22.job
- c:\windows\system32\3bq4prB0.exe []

2008-11-02 c:\windows\Tasks\At23.job
- c:\windows\system32\3bq4prB0.exe []

2008-11-16 c:\windows\Tasks\At24.job
- c:\windows\system32\3bq4prB0.exe []

2008-10-19 c:\windows\Tasks\At25.job
- c:\windows\system32\som8oTyv.exe [2008-11-16 11:14]

2008-10-19 c:\windows\Tasks\At26.job
- c:\windows\system32\som8oTyv.exe [2008-11-16 11:14]

2008-10-19 c:\windows\Tasks\At27.job
- c:\windows\system32\som8oTyv.exe [2008-11-16 11:14]

2008-10-19 c:\windows\Tasks\At28.job
- c:\windows\system32\som8oTyv.exe [2008-11-16 11:14]

2008-10-19 c:\windows\Tasks\At29.job
- c:\windows\system32\som8oTyv.exe [2008-11-16 11:14]

2008-10-19 c:\windows\Tasks\At3.job
- c:\windows\system32\3bq4prB0.exe []

2008-10-19 c:\windows\Tasks\At30.job
- c:\windows\system32\som8oTyv.exe [2008-11-16 11:14]

2008-10-19 c:\windows\Tasks\At31.job
- c:\windows\system32\som8oTyv.exe [2008-11-16 11:14]

2008-10-19 c:\windows\Tasks\At32.job
- c:\windows\system32\som8oTyv.exe [2008-11-16 11:14]

2008-11-16 c:\windows\Tasks\At33.job
- c:\windows\system32\som8oTyv.exe [2008-11-16 11:14]

2008-11-15 c:\windows\Tasks\At34.job
- c:\windows\system32\som8oTyv.exe [2008-11-16 11:14]

2008-11-15 c:\windows\Tasks\At35.job
- c:\windows\system32\som8oTyv.exe [2008-11-16 11:14]

2008-11-16 c:\windows\Tasks\At36.job
- c:\windows\system32\som8oTyv.exe [2008-11-16 11:14]

2008-11-16 c:\windows\Tasks\At37.job
- c:\windows\system32\som8oTyv.exe [2008-11-16 11:14]

2008-11-16 c:\windows\Tasks\At38.job
- c:\windows\system32\som8oTyv.exe [2008-11-16 11:14]

2008-11-16 c:\windows\Tasks\At39.job
- c:\windows\system32\som8oTyv.exe [2008-11-16 11:14]

2008-10-19 c:\windows\Tasks\At4.job
- c:\windows\system32\3bq4prB0.exe []

2008-11-16 c:\windows\Tasks\At40.job
- c:\windows\system32\som8oTyv.exe [2008-11-16 11:14]

2008-11-15 c:\windows\Tasks\At41.job
- c:\windows\system32\som8oTyv.exe [2008-11-16 11:14]

2008-11-15 c:\windows\Tasks\At42.job
- c:\windows\system32\som8oTyv.exe [2008-11-16 11:14]

2008-11-15 c:\windows\Tasks\At43.job
- c:\windows\system32\som8oTyv.exe [2008-11-16 11:14]

2008-11-16 c:\windows\Tasks\At44.job
- c:\windows\system32\som8oTyv.exe [2008-11-16 11:14]

2008-11-16 c:\windows\Tasks\At45.job
- c:\windows\system32\som8oTyv.exe [2008-11-16 11:14]

2008-11-16 c:\windows\Tasks\At46.job
- c:\windows\system32\som8oTyv.exe [2008-11-16 11:14]

2008-11-02 c:\windows\Tasks\At47.job
- c:\windows\system32\som8oTyv.exe [2008-11-16 11:14]

2008-11-16 c:\windows\Tasks\At48.job
- c:\windows\system32\som8oTyv.exe [2008-11-16 11:14]

2008-10-19 c:\windows\Tasks\At5.job
- c:\windows\system32\3bq4prB0.exe []

2008-10-19 c:\windows\Tasks\At6.job
- c:\windows\system32\3bq4prB0.exe []

2008-10-19 c:\windows\Tasks\At7.job
- c:\windows\system32\3bq4prB0.exe []

2008-10-19 c:\windows\Tasks\At8.job
- c:\windows\system32\3bq4prB0.exe []

2008-11-15 c:\windows\Tasks\At9.job
- c:\windows\system32\3bq4prB0.exe []

2004-08-16 c:\windows\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1081998092.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 01:52]

2008-06-28 c:\windows\Tasks\WebReg 20040828011535.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe [2003-04-06 02:01]
.
- - - - ORPHANS REMOVED - - - -

BHO-{084FBE50-EB88-452A-8E57-6D0F8C17322d} - c:\windows\system32\cwkpfhjq.dll
BHO-{0F838DA3-061B-4976-B0F2-95E2DDDFE65e} - c:\windows\system32\cwkpfhjq.dll
BHO-{109F7CA0-EB88-452A-8E57-6D0F8C17322d} - c:\windows\system32\cwkpfhjq.dll
BHO-{1F071B46-061B-4976-B0F2-95E2DDDFE65e} - c:\windows\system32\cwkpfhjq.dll
BHO-{476346D2-C808-43B6-A7B9-919417852968} - c:\windows\system32\rqRLfeBQ.dll
BHO-{c4961c38-b939-4af4-8f8c-8908176705e3} - c:\windows\system32\fegopuyi.dll
HKCU-Run-Aepp - c:\documents and settings\Max Power\Application Data\mwpe.exe
HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
HKLM-Run-SNM - c:\program files\SpyNoMore\SNM.exe
HKLM-Run-judevagope - c:\windows\system32\dijepahu.dll
HKLM-Run-CPMc3a79e9b - c:\windows\system32\jotogeni.dll
SharedTaskScheduler-{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\jotogeni.dll
SSODL-SSODL-{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\jotogeni.dll



**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-16 15:44:42
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\system32\ewumuvip.ini 1564309 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
e:\program files\PhotoshopElementsFileAgent.exe
c:\windows\system32\CTSVCCDA.EXE
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\rundll32.exe
c:\progra~1\WinZip\WZQKPICK.EXE
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
.
**************************************************************************
.
Completion time: 2008-11-16 15:53:25 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-16 20:53:21

Pre-Run: 7,674,408,960 bytes free
Post-Run: 8,512,888,832 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

361 --- E O F --- 2008-10-23 19:22:33



Thanks again for all of your help. I'm anxiously awaiting the next step.

#6 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:46 PM

Posted 16 November 2008 - 05:17 PM

You are welcome :thumbsup:
==============
Please download the OTMoveIt3 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :processes
    explorer.exe
    
    :files
    c:\windows\system32\fuzenofo.dll
    c:\windows\system32\jotogeni.dll
    C:\WINDOWS\tasks\At1.job
    C:\WINDOWS\tasks\At10.job
    C:\WINDOWS\tasks\At11.job
    C:\WINDOWS\tasks\At12.job
    C:\WINDOWS\tasks\At13.job
    C:\WINDOWS\tasks\At14.job
    C:\WINDOWS\tasks\At15.job
    C:\WINDOWS\tasks\At16.job
    C:\WINDOWS\tasks\At17.job
    C:\WINDOWS\tasks\At18.job
    C:\WINDOWS\tasks\At19.job
    C:\WINDOWS\tasks\At2.job
    C:\WINDOWS\tasks\At20.job
    C:\WINDOWS\tasks\At21.job
    C:\WINDOWS\tasks\At22.job
    C:\WINDOWS\tasks\At23.job
    C:\WINDOWS\tasks\At24.job
    C:\WINDOWS\tasks\At25.job
    C:\WINDOWS\tasks\At26.job
    C:\WINDOWS\tasks\At27.job
    C:\WINDOWS\tasks\At28.job
    C:\WINDOWS\tasks\At29.job
    C:\WINDOWS\tasks\At3.job
    C:\WINDOWS\tasks\At30.job
    C:\WINDOWS\tasks\At31.job
    C:\WINDOWS\tasks\At32.job
    C:\WINDOWS\tasks\At33.job
    C:\WINDOWS\tasks\At34.job
    C:\WINDOWS\tasks\At35.job
    C:\WINDOWS\tasks\At36.job
    C:\WINDOWS\tasks\At37.job
    C:\WINDOWS\tasks\At38.job
    C:\WINDOWS\tasks\At39.job
    C:\WINDOWS\tasks\At4.job
    C:\WINDOWS\tasks\At40.job
    C:\WINDOWS\tasks\At41.job
    C:\WINDOWS\tasks\At42.job
    C:\WINDOWS\tasks\At43.job
    C:\WINDOWS\tasks\At44.job
    C:\WINDOWS\tasks\At45.job
    C:\WINDOWS\tasks\At46.job
    C:\WINDOWS\tasks\At47.job
    C:\WINDOWS\tasks\At48.job
    C:\WINDOWS\tasks\At5.job
    C:\WINDOWS\tasks\At6.job
    C:\WINDOWS\tasks\At7.job
    C:\WINDOWS\tasks\At8.job
    C:\WINDOWS\tasks\At9.job
    c:\windows\system32\gulobimu.exe
    c:\windows\system32\vesix.sys
    c:\windows\system32\yqerevek.db
    c:\windows\system32\gevinyrage._dl
    c:\windows\system32\bimycuzi.dat
    c:\windows\yradinyfer.bat
    c:\documents and settings\All Users\Application Data\hogaxil.dll
    c:\documents and settings\All Users\Application Data\tyruw.scr
    c:\documents and settings\All Users\Application Data\xiwesazaza.pif
    c:\windows\system32\pebacafyr.db
    c:\windows\ixesagy._sy
    c:\documents and settings\All Users\Application Data\zegyvesuto.bat
    c:\program files\Common Files\ycafu.bin
    c:\documents and settings\Max Power\.housecall6.6
    c:\windows\yqiwuqygo.sys
    c:\windows\meralut.com
    c:\windows\lulowovo.sys
    c:\program files\Common Files\wanewa.vbs
    c:\documents and settings\All Users\Application Data\tyxul.bin
    c:\windows\system32\hexexaler.exe
    c:\documents and settings\Tara\Application Data\uxulymexer.reg
    c:\documents and settings\All Users\Application Data\qyqu.reg
    c:\windows\system32\igedoce.bat
    c:\windows\system32\som8oTyv.exe
    C:\windows\system32\jotogeni.dll.vir
    c:\windows\system32\pivumuwe.dll
    c:\windows\system32\defohesi.dll
    c:\windows\system32\kesekepe.dll
    c:\program files\Common Files\ipib.ban
    c:\windows\system32\higalepo.dll
    c:\windows\system32\rahehuvo.dll
    c:\program files\Common Files\etetoteb.lib
    c:\windows\system32\pivumuwe.dll
    c:\windows\system32\ewumuvip.ini 
    
    :reg
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Wlcgdaj"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "c094ad07"=-
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\WINDOWS\system32\som8oTyv.exe"=-
    
    
    :commands
    [purity]
    [emptytemp]
    [start explorer]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
===================================
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
=========================
Please post these logs in your next reply:
  • Ot Move it log
  • Malware Bytes log
  • New Rsit log

Edited by kahdah, 16 November 2008 - 05:18 PM.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#7 kennethlindley

kennethlindley
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 16 November 2008 - 06:11 PM

Here is the OTMoveIt log file:

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
DllUnregisterServer procedure not found in c:\windows\system32\fuzenofo.dll
c:\windows\system32\fuzenofo.dll NOT unregistered.
c:\windows\system32\fuzenofo.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\jotogeni.dll
c:\windows\system32\jotogeni.dll NOT unregistered.
c:\windows\system32\jotogeni.dll moved successfully.
C:\WINDOWS\tasks\At1.job moved successfully.
C:\WINDOWS\tasks\At10.job moved successfully.
C:\WINDOWS\tasks\At11.job moved successfully.
C:\WINDOWS\tasks\At12.job moved successfully.
C:\WINDOWS\tasks\At13.job moved successfully.
C:\WINDOWS\tasks\At14.job moved successfully.
C:\WINDOWS\tasks\At15.job moved successfully.
C:\WINDOWS\tasks\At16.job moved successfully.
C:\WINDOWS\tasks\At17.job moved successfully.
C:\WINDOWS\tasks\At18.job moved successfully.
C:\WINDOWS\tasks\At19.job moved successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
C:\WINDOWS\tasks\At20.job moved successfully.
C:\WINDOWS\tasks\At21.job moved successfully.
C:\WINDOWS\tasks\At22.job moved successfully.
C:\WINDOWS\tasks\At23.job moved successfully.
C:\WINDOWS\tasks\At24.job moved successfully.
C:\WINDOWS\tasks\At25.job moved successfully.
C:\WINDOWS\tasks\At26.job moved successfully.
C:\WINDOWS\tasks\At27.job moved successfully.
C:\WINDOWS\tasks\At28.job moved successfully.
C:\WINDOWS\tasks\At29.job moved successfully.
C:\WINDOWS\tasks\At3.job moved successfully.
C:\WINDOWS\tasks\At30.job moved successfully.
C:\WINDOWS\tasks\At31.job moved successfully.
C:\WINDOWS\tasks\At32.job moved successfully.
C:\WINDOWS\tasks\At33.job moved successfully.
C:\WINDOWS\tasks\At34.job moved successfully.
C:\WINDOWS\tasks\At35.job moved successfully.
C:\WINDOWS\tasks\At36.job moved successfully.
C:\WINDOWS\tasks\At37.job moved successfully.
C:\WINDOWS\tasks\At38.job moved successfully.
C:\WINDOWS\tasks\At39.job moved successfully.
C:\WINDOWS\tasks\At4.job moved successfully.
C:\WINDOWS\tasks\At40.job moved successfully.
C:\WINDOWS\tasks\At41.job moved successfully.
C:\WINDOWS\tasks\At42.job moved successfully.
C:\WINDOWS\tasks\At43.job moved successfully.
C:\WINDOWS\tasks\At44.job moved successfully.
C:\WINDOWS\tasks\At45.job moved successfully.
C:\WINDOWS\tasks\At46.job moved successfully.
C:\WINDOWS\tasks\At47.job moved successfully.
C:\WINDOWS\tasks\At48.job moved successfully.
C:\WINDOWS\tasks\At5.job moved successfully.
C:\WINDOWS\tasks\At6.job moved successfully.
C:\WINDOWS\tasks\At7.job moved successfully.
C:\WINDOWS\tasks\At8.job moved successfully.
C:\WINDOWS\tasks\At9.job moved successfully.
c:\windows\system32\gulobimu.exe moved successfully.
c:\windows\system32\vesix.sys moved successfully.
c:\windows\system32\yqerevek.db moved successfully.
c:\windows\system32\gevinyrage._dl moved successfully.
c:\windows\system32\bimycuzi.dat moved successfully.
c:\windows\yradinyfer.bat moved successfully.
LoadLibrary failed for c:\documents and settings\All Users\Application Data\hogaxil.dll
c:\documents and settings\All Users\Application Data\hogaxil.dll NOT unregistered.
c:\documents and settings\All Users\Application Data\hogaxil.dll moved successfully.
c:\documents and settings\All Users\Application Data\tyruw.scr moved successfully.
c:\documents and settings\All Users\Application Data\xiwesazaza.pif moved successfully.
c:\windows\system32\pebacafyr.db moved successfully.
c:\windows\ixesagy._sy moved successfully.
c:\documents and settings\All Users\Application Data\zegyvesuto.bat moved successfully.
c:\program files\Common Files\ycafu.bin moved successfully.
c:\documents and settings\Max Power\.housecall6.6\Update\AU_Cache\housecall65.trendmicro.com moved successfully.
c:\documents and settings\Max Power\.housecall6.6\Update\AU_Cache moved successfully.
c:\documents and settings\Max Power\.housecall6.6\Update moved successfully.
c:\documents and settings\Max Power\.housecall6.6\Quarantine moved successfully.
c:\documents and settings\Max Power\.housecall6.6\Pattern moved successfully.
c:\documents and settings\Max Power\.housecall6.6\log moved successfully.
c:\documents and settings\Max Power\.housecall6.6\Licences moved successfully.
c:\documents and settings\Max Power\.housecall6.6\jars moved successfully.
c:\documents and settings\Max Power\.housecall6.6\AU_Temp moved successfully.
c:\documents and settings\Max Power\.housecall6.6\AU_Log moved successfully.
c:\documents and settings\Max Power\.housecall6.6\AU_Backup\2\4 moved successfully.
c:\documents and settings\Max Power\.housecall6.6\AU_Backup\2 moved successfully.
c:\documents and settings\Max Power\.housecall6.6\AU_Backup moved successfully.
c:\documents and settings\Max Power\.housecall6.6 moved successfully.
c:\windows\yqiwuqygo.sys moved successfully.
c:\windows\meralut.com moved successfully.
c:\windows\lulowovo.sys moved successfully.
c:\program files\Common Files\wanewa.vbs moved successfully.
c:\documents and settings\All Users\Application Data\tyxul.bin moved successfully.
c:\windows\system32\hexexaler.exe moved successfully.
c:\documents and settings\Tara\Application Data\uxulymexer.reg moved successfully.
c:\documents and settings\All Users\Application Data\qyqu.reg moved successfully.
c:\windows\system32\igedoce.bat moved successfully.
c:\windows\system32\som8oTyv.exe moved successfully.
File/Folder C:\windows\system32\jotogeni.dll.vir not found.
File/Folder c:\windows\system32\pivumuwe.dll not found.
DllUnregisterServer procedure not found in c:\windows\system32\defohesi.dll
c:\windows\system32\defohesi.dll NOT unregistered.
c:\windows\system32\defohesi.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\kesekepe.dll
c:\windows\system32\kesekepe.dll NOT unregistered.
c:\windows\system32\kesekepe.dll moved successfully.
c:\program files\Common Files\ipib.ban moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\higalepo.dll
c:\windows\system32\higalepo.dll NOT unregistered.
c:\windows\system32\higalepo.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\rahehuvo.dll
c:\windows\system32\rahehuvo.dll NOT unregistered.
c:\windows\system32\rahehuvo.dll moved successfully.
c:\program files\Common Files\etetoteb.lib moved successfully.
File/Folder c:\windows\system32\pivumuwe.dll not found.
File/Folder c:\windows\system32\ewumuvip.ini not found.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Wlcgdaj deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\c094ad07 not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\system32\som8oTyv.exe deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\MAXPOW~1\LOCALS~1\Temp\~DF92B7.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\MAXPOW~1\LOCALS~1\Temp\~DF92BC.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11162008_174820

Files moved on Reboot...
File C:\DOCUME~1\MAXPOW~1\LOCALS~1\Temp\~DF92B7.tmp not found!
File C:\DOCUME~1\MAXPOW~1\LOCALS~1\Temp\~DF92BC.tmp not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.






Here is the Malwarebyte's Log File:
Malwarebytes' Anti-Malware 1.30
Database version: 1402
Windows 5.1.2600 Service Pack 3

11/16/2008 6:08:40 PM
mbam-log-2008-11-16 (18-08-40).txt

Scan type: Quick Scan
Objects scanned: 54380
Time elapsed: 7 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpmc3a79e9b (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\judevagope (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




Here is the latest RSIT log:
Logfile of random's system information tool 1.04 (written by random/random)
Run by Max Power at 2008-11-16 18:09:35
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 8 GB (29%) free of 29 GB
Total RAM: 1015 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:09:41 PM, on 11/16/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
E:\Program Files\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
E:\Program Files\apdproxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\PIXELA\ImageMixer3\HDDCameraMonitor.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Documents and Settings\Max Power\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Max Power.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://espn.go.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://espn.go.com/
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: (no name) - {c4961c38-b939-4af4-8f8c-8908176705e3} - C:\WINDOWS\system32\fegopuyi.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Adobe Photo Downloader] "E:\Program Files\apdproxy.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [judevagope] Rundll32.exe "C:\WINDOWS\system32\dijepahu.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [judevagope] Rundll32.exe "C:\WINDOWS\system32\dijepahu.dll",s (User 'NETWORK SERVICE')
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: ImageMixer HDD Camera Monitor.lnk = ?
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} - http://s3.photoparade.com/autoinstall/phpsetup.cab
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/contr...vex/TmHcmsX.CAB
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://www.viidoo.tv/TVUAx.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://meijer.lifepics.com/net/Uploader/ImageUploader3.cab
O16 - DPF: {AE6C4705-0F11-4ACB-BDD4-37F138BEF289} (Image Uploader Control) - http://meijer.lifepics.com/net/Uploader/LPUploader41.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://unmcnotes02.unmc.edu/dwa7W.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://xlonhcld.xlontech.net/100348/qmpbet...2ie06011811.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...410/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0CFFD435-C521-44B4-A8A7-4A06AB390050}: NameServer = 206.141.195.204,206.141.192.60
O17 - HKLM\System\CCS\Services\Tcpip\..\{AC18D94D-1007-448C-B708-BD9EC5E82638}: NameServer = 206.141.195.204,206.141.192.60
O17 - HKLM\System\CS1\Services\Tcpip\..\{0CFFD435-C521-44B4-A8A7-4A06AB390050}: NameServer = 206.141.195.204,206.141.192.60
O17 - HKLM\System\CS2\Services\Tcpip\..\{0CFFD435-C521-44B4-A8A7-4A06AB390050}: NameServer = 206.141.195.204,206.141.192.60
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: c:\windows\system32\jotogeni.dll,C:\WINDOWS\system32\fuzenofo.dll
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - E:\Program Files\PhotoshopElementsFileAgent.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 8840 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1081998092.job
C:\WINDOWS\tasks\WebReg 20040828011535.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-11-16 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-11-16 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c4961c38-b939-4af4-8f8c-8908176705e3}]
C:\WINDOWS\system32\fegopuyi.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BA52B914-B692-46c4-B683-905236F6F655}
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-11-16 2055960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Photo Downloader"=E:\Program Files\apdproxy.exe [2005-09-09 57344]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2004-10-29 4620288]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-09-01 282624]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-02-15 135168]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-02-15 159744]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-02-15 131072]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-11-16 1234712]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
DataViz Inc Messenger.lnk - C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
HOTSYNCSHORTCUTNAME.lnk - C:\Program Files\Palm\Hotsync.exe
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
ImageMixer HDD Camera Monitor.lnk - C:\Program Files\PIXELA\ImageMixer3\HDDCameraMonitor.exe
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="c:\windows\system32\jotogeni.dll,C:\WINDOWS\system32\fuzenofo.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-02-15 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\WINDOWS\system32\fuzenofo.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"ForceClassicControlPanel"=1
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
""=
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"E:\Program Files\PhotoshopElementsFileAgent.exe"="E:\Program Files\PhotoshopElementsFileAgent.exe:*:Enabled:PhotoshopElementsFileAgent"
"C:\WINDOWS\system32\lsass.exe"="C:\WINDOWS\system32\lsass.exe:*:Enabled:lsass"
"E:\BitTorrent\bittorrent.exe"="E:\BitTorrent\bittorrent.exe:*:Disabled:BitTorrent"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\WINDOWS\system32\services.exe"="C:\WINDOWS\system32\services.exe:*:Enabled:services"
"C:\Documents and Settings\Max Power\Desktop\OTMoveIt3.exe"="C:\Documents and Settings\Max Power\Desktop\OTMoveIt3.exe:*:Enabled:OTMoveIt3"
"C:\Program Files\PIXELA\ImageMixer3\HDDCameraMonitor.exe"="C:\Program Files\PIXELA\ImageMixer3\HDDCameraMonitor.exe:*:Enabled:HDDCameraMonitor"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b823ec90-7fc2-11d9-9acf-806d6172696f}]
shell\AutoRun\command - D:\install.EXE id= ver=1.0.0.0


======List of files/folders created in the last 1 months======

2008-11-16 17:48:46 ----SHD---- C:\RECYCLER
2008-11-16 17:48:20 ----D---- C:\_OTMoveIt
2008-11-16 15:53:26 ----A---- C:\ComboFix.txt
2008-11-16 15:37:57 ----A---- C:\Boot.bak
2008-11-16 15:37:51 ----RASHD---- C:\cmdcons
2008-11-16 15:36:46 ----A---- C:\WINDOWS\zip.exe
2008-11-16 15:36:46 ----A---- C:\WINDOWS\VFIND.exe
2008-11-16 15:36:46 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-11-16 15:36:46 ----A---- C:\WINDOWS\SWSC.exe
2008-11-16 15:36:46 ----A---- C:\WINDOWS\SWREG.exe
2008-11-16 15:36:46 ----A---- C:\WINDOWS\sed.exe
2008-11-16 15:36:46 ----A---- C:\WINDOWS\NIRCMD.exe
2008-11-16 15:36:46 ----A---- C:\WINDOWS\grep.exe
2008-11-16 15:36:46 ----A---- C:\WINDOWS\fdsv.exe
2008-11-16 15:36:40 ----D---- C:\WINDOWS\ERDNT
2008-11-16 15:36:40 ----D---- C:\Qoobox
2008-11-16 13:12:27 ----D---- C:\rsit
2008-11-16 12:03:25 ----D---- C:\Program Files\Trend Micro
2008-11-16 12:00:11 ----HD---- C:\$AVG8.VAULT$
2008-11-16 11:54:25 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2008-11-16 11:54:14 ----D---- C:\Documents and Settings\Max Power\Application Data\AVGTOOLBAR
2008-11-16 11:53:58 ----D---- C:\Program Files\AVG
2008-11-16 11:53:57 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-11-14 22:02:04 ----D---- C:\WINDOWS\ERUNT
2008-11-14 22:01:27 ----D---- C:\SDFix
2008-11-14 21:59:39 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-09 11:14:03 ----A---- C:\WINDOWS\system32\cbb76979-.txt
2008-10-26 17:56:54 ----D---- C:\Program Files\Common Files\Adobe AIR
2008-10-25 18:34:42 ----D---- C:\Documents and Settings\Max Power\Application Data\Malwarebytes
2008-10-25 18:34:37 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-25 18:34:36 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-25 18:22:53 ----D---- C:\Program Files\Common Files\Download Manager
2008-10-25 14:41:03 ----D---- C:\Program Files\Citrix
2008-10-23 14:22:23 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$

======List of files/folders modified in the last 1 months======

2008-11-16 18:09:41 ----D---- C:\WINDOWS\Temp
2008-11-16 18:00:34 ----D---- C:\WINDOWS\Prefetch
2008-11-16 17:55:35 ----D---- C:\WINDOWS\system32
2008-11-16 17:55:35 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-16 17:50:14 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-16 17:48:36 ----D---- C:\Program Files\Common Files
2008-11-16 17:48:34 ----D---- C:\WINDOWS
2008-11-16 17:48:21 ----SD---- C:\WINDOWS\Tasks
2008-11-16 16:16:17 ----D---- C:\WINDOWS\system32\drivers
2008-11-16 15:53:17 ----HD---- C:\WINDOWS\inf
2008-11-16 15:52:34 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-16 15:52:28 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-16 15:44:30 ----A---- C:\WINDOWS\system.ini
2008-11-16 15:42:29 ----D---- C:\WINDOWS\system32\config
2008-11-16 15:40:44 ----D---- C:\WINDOWS\AppPatch
2008-11-16 15:40:00 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-16 15:37:57 ----RASH---- C:\boot.ini
2008-11-16 15:25:02 ----D---- C:\unzipped
2008-11-16 12:20:34 ----D---- C:\Program Files\DIGStream
2008-11-16 12:03:25 ----RD---- C:\Program Files
2008-11-16 11:53:50 ----SHD---- C:\WINDOWS\Installer
2008-11-16 11:53:50 ----D---- C:\WINDOWS\WinSxS
2008-11-16 11:53:50 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-11-16 10:55:01 ----D---- C:\Program Files\Common Files\System
2008-11-16 10:50:39 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-11-15 19:19:20 ----D---- C:\WINDOWS\security
2008-11-15 18:12:12 ----A---- C:\WINDOWS\imsins.BAK
2008-11-15 18:12:11 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-15 15:13:42 ----A---- C:\WINDOWS\win.ini
2008-11-14 22:00:13 ----D---- C:\Documents and Settings
2008-11-11 13:23:59 ----D---- C:\WINDOWS\network diagnostic
2008-11-10 18:33:17 ----D---- C:\Program Files\Internet Explorer
2008-11-09 12:24:03 ----D---- C:\WINDOWS\SoftwareDistribution
2008-11-09 11:48:41 ----RSD---- C:\WINDOWS\assembly
2008-10-31 15:06:07 ----D---- C:\WINDOWS\Minidump
2008-10-30 15:15:44 ----D---- C:\WINDOWS\Help
2008-10-27 13:56:14 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2008-10-27 13:56:13 ----D---- C:\Program Files\NOS
2008-10-26 17:57:11 ----D---- C:\Program Files\Adobe
2008-10-26 17:56:31 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-10-26 17:55:47 ----D---- C:\Program Files\Common Files\Adobe
2008-10-25 14:16:59 ----D---- C:\Program Files\Common Files\DataViz
2008-10-25 14:15:18 ----D---- C:\Program Files\BookSmart

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-05-12 43672]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-11-16 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-11-16 26824]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 OMCI;OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632]
R2 aslm75;aslm75; \??\C:\WINDOWS\system32\drivers\aslm75.sys []
R2 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-11-16 76040]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\System32\PfModNT.sys []
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l251x86.sys [2007-10-17 30720]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\System32\drivers\ctac32k.sys [2002-07-18 127948]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2002-07-18 837548]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\System32\drivers\ctprxy2k.sys [2002-07-18 11068]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\drivers\ctsfm2k.sys [2002-07-18 213860]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\System32\drivers\emupia2k.sys [2002-07-18 156604]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2005-02-02 14408]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2002-07-24 998004]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-02-15 5854752]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-12 5810]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2002-07-18 195432]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-13 37760]
S2 F-SECURE AVP;F-SECURE AVP; \??\C:\Program Files\AntiViral Toolkit Pro\FSAVP.SYS []
S3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter; C:\WINDOWS\System32\DRIVERS\AN983.sys [2004-08-03 36224]
S3 ATE_PROCMON;ATE_PROCMON; \??\C:\Program Files\Anti Trojan Elite\ATEPMon.sys []
S3 ctljystk;Creative SBLive! Gameport; C:\WINDOWS\System32\DRIVERS\ctljystk.sys [2001-08-17 3712]
S3 DM9102;DAVICOM 9102(A) PCI Fast Ethernet Based NT Driver; C:\WINDOWS\System32\DRIVERS\DM9PCI5.SYS [2001-08-17 29696]
S3 EUSBMSD;eUSB SmartMedia Driver; C:\WINDOWS\System32\DRIVERS\EUSBMSD.SYS [2001-08-27 50528]
S3 F-SECURE Filter;F-SECURE Filter; \??\C:\Program Files\AntiViral Toolkit Pro\FSFILTER.SYS []
S3 F-SECURE Gatekeeper;F-SECURE Gatekeeper; \??\C:\Program Files\AntiViral Toolkit Pro\FSGK.SYS []
S3 F-SECURE Recognizer;F-SECURE Recognizer; \??\C:\Program Files\AntiViral Toolkit Pro\FSREC.SYS []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [2003-03-09 51024]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [2003-03-09 16080]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [2003-03-09 21456]
S3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
S3 NdUsbMsn;ARESCOM USB Network Adapter; C:\WINDOWS\System32\DRIVERS\NdUsbMsn.sys [2001-10-21 18023]
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-10-29 2826944]
S3 nv4;nv4; C:\WINDOWS\System32\DRIVERS\nv4.sys [2001-08-17 731648]
S3 nvax;Service for NVIDIA® nForce™ Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2002-12-04 13056]
S3 NVENET;NVIDIA nForce MCP Networking Adapter Driver; C:\WINDOWS\System32\DRIVERS\NVENET.sys [2002-09-22 80896]
S3 nvnforce;Service for NVIDIA® nForce™ Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2002-12-04 241664]
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys [2006-06-04 16694]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeActiveFileMonitor4.0;Adobe Active File Monitor V4; E:\Program Files\PhotoshopElementsFileAgent.exe [2005-09-09 102400]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-11-16 875288]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-11-16 231704]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\System32\CTsvcCDA.exe [1999-12-13 44032]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-01-29 66872]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2004-10-29 127043]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe []
S3 iPodService;iPodService; C:\Program Files\iPod\bin\iPodService.exe [2006-02-23 323584]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\HPZipm12.exe [2003-03-09 65795]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------



Thanks again for your help. Hopefully everything is working.

#8 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:46 PM

Posted 16 November 2008 - 06:56 PM

PLease go to Start then Run then paste in this: C:\Program Files\Trend Micro\HijackThis\Max Power.exe then hit ok
this will open Hijackthis.
Click on "Do a system scan only"
Then place a check mark next to these entries below:

O4 - HKUS\S-1-5-19\..\Run: [judevagope] Rundll32.exe "C:\WINDOWS\system32\dijepahu.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [judevagope] Rundll32.exe "C:\WINDOWS\system32\dijepahu.dll",s (User 'NETWORK SERVICE')



Now click on Fix Checked and then close Hijackthis.
=========
  • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :files
    c:\windows\system32\jotogeni.dll
    C:\WINDOWS\system32\fuzenofo.dll
    
    :reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "notification packages"=hex(7):"scecli"
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c4961c38-b939-4af4-8f8c-8908176705e3}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
===================================
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#9 kennethlindley

kennethlindley
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 16 November 2008 - 07:23 PM

Here is the OTMoveIt log:

========== FILES ==========
File/Folder c:\windows\system32\jotogeni.dll not found.
File/Folder C:\WINDOWS\system32\fuzenofo.dll not found.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\"notification packages"|hex(7):"scecli" /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c4961c38-b939-4af4-8f8c-8908176705e3}\\ deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_DLLs"|"" /E : value set successfully!

OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11162008_191502


Thank you.

#10 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:46 PM

Posted 17 November 2008 - 07:26 AM

Great can I see a new Rsit log and let me know hpw things are running?
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#11 kennethlindley

kennethlindley
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 18 November 2008 - 08:14 PM

Here is the latest RSIT log:


Logfile of random's system information tool 1.04 (written by random/random)
Run by Tara at 2008-11-18 20:11:06
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 3 GB (10%) free of 29 GB
Total RAM: 1015 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:11:17 PM, on 11/18/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
E:\Program Files\apdproxy.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\PIXELA\ImageMixer3\HDDCameraMonitor.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Southwest Airlines\Ding\Ding.exe
E:\Program Files\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Program Files\Citrix\ICA Client\wfica32.exe
C:\Documents and Settings\Max Power\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Tara.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Adobe Photo Downloader] "E:\Program Files\apdproxy.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [McAfee QuickClean Imonitor] C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe /START
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [DelayShred] "C:\Program Files\McAfee\McAfee Shared Components\Shredder 5\SHRED32.EXE" /q C:\DOCUME~1\Tara\LOCALS~1\TEMPOR~1\Content.IE5\NVHFFX0W\ATRANS~1.SH! C:\DOCUME~1\Tara\LOCALS~1\TEMPOR~1\Content.IE5\NVHFFX0W\MCFREE~1.SH! C:\DOCUME~1\Tara\LOCALS~1\TEMPOR~1\Content.IE5\07JZEO5T\HOVER_~1.SH! C:\DOCUME~1\Tara\LOCALS~1\TEMPOR~1\Content.IE5\6TWBYH4D\618951~1.SH! C:\DOCUME~1\Tara\LOCALS~1\TEMPOR~1\Content.IE5\M178L0ZA\RUNAPP~1.SH!
O4 - Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: ImageMixer HDD Camera Monitor.lnk = ?
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} - http://s3.photoparade.com/autoinstall/phpsetup.cab
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/contr...vex/TmHcmsX.CAB
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://www.viidoo.tv/TVUAx.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://meijer.lifepics.com/net/Uploader/ImageUploader3.cab
O16 - DPF: {AE6C4705-0F11-4ACB-BDD4-37F138BEF289} (Image Uploader Control) - http://meijer.lifepics.com/net/Uploader/LPUploader41.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://unmcnotes02.unmc.edu/dwa7W.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://xlonhcld.xlontech.net/100348/qmpbet...2ie06011811.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...410/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0CFFD435-C521-44B4-A8A7-4A06AB390050}: NameServer = 206.141.195.204,206.141.192.60
O17 - HKLM\System\CCS\Services\Tcpip\..\{AC18D94D-1007-448C-B708-BD9EC5E82638}: NameServer = 206.141.195.204,206.141.192.60
O17 - HKLM\System\CS1\Services\Tcpip\..\{0CFFD435-C521-44B4-A8A7-4A06AB390050}: NameServer = 206.141.195.204,206.141.192.60
O17 - HKLM\System\CS2\Services\Tcpip\..\{0CFFD435-C521-44B4-A8A7-4A06AB390050}: NameServer = 206.141.195.204,206.141.192.60
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - E:\Program Files\PhotoshopElementsFileAgent.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 8645 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1081998092.job
C:\WINDOWS\tasks\WebReg 20040828011535.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-11-16 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-11-16 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BA52B914-B692-46c4-B683-905236F6F655}
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-11-16 2055960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Photo Downloader"=E:\Program Files\apdproxy.exe [2005-09-09 57344]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2004-10-29 4620288]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-09-01 282624]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-02-15 135168]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-02-15 159744]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-02-15 131072]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-11-16 1234712]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"McAfee QuickClean Imonitor"=C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe /START []
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"DelayShred"=C:\Program Files\McAfee\McAfee Shared Components\Shredder 5\SHRED32.EXE /q C:\DOCUME~1\Tara\LOCALS~1\TEMPOR~1\Content.IE5\NVHFFX0W\ATRANS~1.SH! C:\DOCUME~1\Tara\LOCALS~1\TEMPOR~1\Content.IE5\NVHFFX0W\MCFREE~1.SH! C:\DOCUME~1\Tara\LOCALS~1\TEMPOR~1\Content.IE5\07JZEO5T\HOVER_~1.SH! C:\DOCUME~1\Tara\LOCALS~1\TEMPOR~1\Content.IE5\6TWBYH4D\618951~1.SH! C:\DOCUME~1\Tara\LOCALS~1\TEMPOR~1\Content.IE5\M178L0ZA\RUNAPP~1.SH! []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
DataViz Inc Messenger.lnk - C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
HOTSYNCSHORTCUTNAME.lnk - C:\Program Files\Palm\Hotsync.exe
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
ImageMixer HDD Camera Monitor.lnk - C:\Program Files\PIXELA\ImageMixer3\HDDCameraMonitor.exe
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE

C:\Documents and Settings\Tara\Start Menu\Programs\Startup
DING!.lnk - C:\Program Files\Southwest Airlines\Ding\Ding.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-02-15 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"ForceClassicControlPanel"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
""=
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"E:\Program Files\PhotoshopElementsFileAgent.exe"="E:\Program Files\PhotoshopElementsFileAgent.exe:*:Enabled:PhotoshopElementsFileAgent"
"C:\WINDOWS\system32\lsass.exe"="C:\WINDOWS\system32\lsass.exe:*:Enabled:lsass"
"E:\BitTorrent\bittorrent.exe"="E:\BitTorrent\bittorrent.exe:*:Disabled:BitTorrent"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\WINDOWS\system32\services.exe"="C:\WINDOWS\system32\services.exe:*:Enabled:services"
"C:\Documents and Settings\Max Power\Desktop\OTMoveIt3.exe"="C:\Documents and Settings\Max Power\Desktop\OTMoveIt3.exe:*:Enabled:OTMoveIt3"
"C:\Program Files\PIXELA\ImageMixer3\HDDCameraMonitor.exe"="C:\Program Files\PIXELA\ImageMixer3\HDDCameraMonitor.exe:*:Enabled:HDDCameraMonitor"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{459852de-3590-11dd-9156-0008a179b18c}]
shell\AutoRun\command - F:\wd_windows_tools\WDSetup.exe


======List of files/folders created in the last 1 months======

2008-11-17 10:48:57 ----D---- C:\Documents and Settings\Tara\Application Data\AVGTOOLBAR
2008-11-16 22:15:27 ----A---- C:\WINDOWS\system32\MRT.exe
2008-11-16 22:15:21 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-16 22:15:14 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-16 22:15:05 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-16 21:50:38 ----A---- C:\WINDOWS\system32\voltoCDX.dll
2008-11-16 21:50:38 ----A---- C:\WINDOWS\system32\SmartMenuXP.dll
2008-11-16 21:50:38 ----A---- C:\WINDOWS\system32\msvcr70.dll
2008-11-16 21:50:38 ----A---- C:\WINDOWS\system32\MP3EncX.dll
2008-11-16 21:50:38 ----A---- C:\WINDOWS\system32\DVDProX2.dll
2008-11-16 21:50:37 ----D---- C:\Program Files\Cheetah Burner
2008-11-16 21:50:05 ----D---- C:\Program Files\Common Files\InstallShield
2008-11-16 17:48:46 ----SHD---- C:\RECYCLER
2008-11-16 17:48:20 ----D---- C:\_OTMoveIt
2008-11-16 15:53:26 ----A---- C:\ComboFix.txt
2008-11-16 15:37:57 ----A---- C:\Boot.bak
2008-11-16 15:37:51 ----RASHD---- C:\cmdcons
2008-11-16 15:36:46 ----A---- C:\WINDOWS\zip.exe
2008-11-16 15:36:46 ----A---- C:\WINDOWS\VFIND.exe
2008-11-16 15:36:46 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-11-16 15:36:46 ----A---- C:\WINDOWS\SWSC.exe
2008-11-16 15:36:46 ----A---- C:\WINDOWS\SWREG.exe
2008-11-16 15:36:46 ----A---- C:\WINDOWS\sed.exe
2008-11-16 15:36:46 ----A---- C:\WINDOWS\NIRCMD.exe
2008-11-16 15:36:46 ----A---- C:\WINDOWS\grep.exe
2008-11-16 15:36:46 ----A---- C:\WINDOWS\fdsv.exe
2008-11-16 15:36:40 ----D---- C:\WINDOWS\ERDNT
2008-11-16 15:36:40 ----D---- C:\Qoobox
2008-11-16 13:12:27 ----D---- C:\rsit
2008-11-16 12:03:25 ----D---- C:\Program Files\Trend Micro
2008-11-16 12:00:11 ----HD---- C:\$AVG8.VAULT$
2008-11-16 11:54:25 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2008-11-16 11:53:58 ----D---- C:\Program Files\AVG
2008-11-16 11:53:57 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-11-15 19:22:34 ----D---- C:\Documents and Settings\Tara\Application Data\HouseCall 6.6
2008-11-14 22:02:04 ----D---- C:\WINDOWS\ERUNT
2008-11-14 22:01:27 ----D---- C:\SDFix
2008-11-14 21:59:39 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-11 19:33:59 ----D---- C:\Documents and Settings\Tara\Application Data\Malwarebytes
2008-11-09 11:14:03 ----A---- C:\WINDOWS\system32\cbb76979-.txt
2008-10-26 17:56:54 ----D---- C:\Program Files\Common Files\Adobe AIR
2008-10-25 18:34:37 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-25 18:34:36 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-25 18:22:53 ----D---- C:\Program Files\Common Files\Download Manager
2008-10-25 14:41:03 ----D---- C:\Program Files\Citrix
2008-10-23 14:22:23 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$

======List of files/folders modified in the last 1 months======

2008-11-18 20:11:17 ----D---- C:\WINDOWS\Temp
2008-11-18 19:21:39 ----D---- C:\WINDOWS\Prefetch
2008-11-18 15:32:11 ----D---- C:\WINDOWS\system32
2008-11-18 15:32:11 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-18 09:27:05 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-17 21:03:56 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-17 21:03:49 ----D---- C:\WINDOWS
2008-11-17 21:03:44 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-17 17:23:48 ----HD---- C:\WINDOWS\inf
2008-11-17 17:23:48 ----D---- C:\WINDOWS\Help
2008-11-16 22:16:51 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-16 22:15:23 ----D---- C:\WINDOWS\system32\drivers
2008-11-16 22:15:19 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-16 22:15:17 ----A---- C:\WINDOWS\imsins.BAK
2008-11-16 22:14:02 ----SHD---- C:\WINDOWS\Installer
2008-11-16 22:14:02 ----D---- C:\WINDOWS\WinSxS
2008-11-16 21:50:37 ----RD---- C:\Program Files
2008-11-16 21:50:37 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-16 21:50:05 ----D---- C:\Program Files\Common Files
2008-11-16 20:19:28 ----A---- C:\WINDOWS\win.ini
2008-11-16 17:48:21 ----SD---- C:\WINDOWS\Tasks
2008-11-16 15:44:30 ----A---- C:\WINDOWS\system.ini
2008-11-16 15:42:29 ----D---- C:\WINDOWS\system32\config
2008-11-16 15:40:44 ----D---- C:\WINDOWS\AppPatch
2008-11-16 15:40:00 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-16 15:37:57 ----RASH---- C:\boot.ini
2008-11-16 15:25:02 ----D---- C:\unzipped
2008-11-16 12:20:34 ----D---- C:\Program Files\DIGStream
2008-11-16 11:53:50 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-11-16 10:55:01 ----D---- C:\Program Files\Common Files\System
2008-11-16 10:50:39 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-11-15 19:19:20 ----D---- C:\WINDOWS\security
2008-11-14 22:00:13 ----D---- C:\Documents and Settings
2008-11-11 13:23:59 ----D---- C:\WINDOWS\network diagnostic
2008-11-10 18:33:17 ----D---- C:\Program Files\Internet Explorer
2008-11-09 12:24:03 ----D---- C:\WINDOWS\SoftwareDistribution
2008-11-09 11:48:41 ----RSD---- C:\WINDOWS\assembly
2008-10-31 15:06:07 ----D---- C:\WINDOWS\Minidump
2008-10-27 13:56:14 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2008-10-27 13:56:13 ----D---- C:\Program Files\NOS
2008-10-26 17:57:11 ----D---- C:\Program Files\Adobe
2008-10-26 17:56:31 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-10-26 17:55:47 ----D---- C:\Program Files\Common Files\Adobe
2008-10-25 14:16:59 ----D---- C:\Program Files\Common Files\DataViz
2008-10-25 14:15:18 ----D---- C:\Program Files\BookSmart

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-05-12 43672]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-11-16 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-11-16 26824]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 OMCI;OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632]
R2 aslm75;aslm75; \??\C:\WINDOWS\system32\drivers\aslm75.sys []
R2 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-11-16 76040]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\System32\PfModNT.sys []
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l251x86.sys [2007-10-17 30720]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\System32\drivers\ctac32k.sys [2002-07-18 127948]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2002-07-18 837548]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\System32\drivers\ctprxy2k.sys [2002-07-18 11068]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\drivers\ctsfm2k.sys [2002-07-18 213860]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\System32\drivers\emupia2k.sys [2002-07-18 156604]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2005-02-02 14408]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2002-07-24 998004]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-02-15 5854752]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-12 5810]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2002-07-18 195432]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-13 37760]
S2 F-SECURE AVP;F-SECURE AVP; \??\C:\Program Files\AntiViral Toolkit Pro\FSAVP.SYS []
S3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter; C:\WINDOWS\System32\DRIVERS\AN983.sys [2004-08-03 36224]
S3 ATE_PROCMON;ATE_PROCMON; \??\C:\Program Files\Anti Trojan Elite\ATEPMon.sys []
S3 ctljystk;Creative SBLive! Gameport; C:\WINDOWS\System32\DRIVERS\ctljystk.sys [2001-08-17 3712]
S3 DM9102;DAVICOM 9102(A) PCI Fast Ethernet Based NT Driver; C:\WINDOWS\System32\DRIVERS\DM9PCI5.SYS [2001-08-17 29696]
S3 EUSBMSD;eUSB SmartMedia Driver; C:\WINDOWS\System32\DRIVERS\EUSBMSD.SYS [2001-08-27 50528]
S3 F-SECURE Filter;F-SECURE Filter; \??\C:\Program Files\AntiViral Toolkit Pro\FSFILTER.SYS []
S3 F-SECURE Gatekeeper;F-SECURE Gatekeeper; \??\C:\Program Files\AntiViral Toolkit Pro\FSGK.SYS []
S3 F-SECURE Recognizer;F-SECURE Recognizer; \??\C:\Program Files\AntiViral Toolkit Pro\FSREC.SYS []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [2003-03-09 51024]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [2003-03-09 16080]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [2003-03-09 21456]
S3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
S3 NdUsbMsn;ARESCOM USB Network Adapter; C:\WINDOWS\System32\DRIVERS\NdUsbMsn.sys [2001-10-21 18023]
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-10-29 2826944]
S3 nv4;nv4; C:\WINDOWS\System32\DRIVERS\nv4.sys [2001-08-17 731648]
S3 nvax;Service for NVIDIA® nForce™ Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2002-12-04 13056]
S3 NVENET;NVIDIA nForce MCP Networking Adapter Driver; C:\WINDOWS\System32\DRIVERS\NVENET.sys [2002-09-22 80896]
S3 nvnforce;Service for NVIDIA® nForce™ Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2002-12-04 241664]
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys [2006-06-04 16694]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeActiveFileMonitor4.0;Adobe Active File Monitor V4; E:\Program Files\PhotoshopElementsFileAgent.exe [2005-09-09 102400]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-11-16 875288]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-11-16 231704]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\System32\CTsvcCDA.exe [1999-12-13 44032]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-01-29 66872]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2004-10-29 127043]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe []
S3 iPodService;iPodService; C:\Program Files\iPod\bin\iPodService.exe [2006-02-23 323584]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\HPZipm12.exe [2003-03-09 65795]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------


Everything seems to be running well. I haven't had any new problems with popups, so it looks like you cured me! Thank you so much for all of your help--I'll definitely be donating to the fight against Malware.

By the way, how would you advise me to prevent this from happening in the future? I'm already very cautious about which websites I visit, what e-mails I open, and I never download executable files from the internet. Are there any further steps or programs you recommend to prevent this from happening again?

Thank you again.

#12 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:46 PM

Posted 18 November 2008 - 08:30 PM

You are welcome :)
==============
Prevention steps are listed in my ending speech at the very bottom. :)
================
Cleanup:

Please download OT CLeanit from Here save it to your desktop.
Double click on OT Clean it to run it.
Then click on Clean up.
Restart your computer when prompted.
This will remove what tools we used.
===============
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java SE Runtime Environment (JRE) 6 Update 10...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u10-windows-i586-p.exe to install the newest version.
======================
Use a Firewall:

Install and use a firewall with outbound protection
While the firewall built into Windows XP is adequate to protect you from incoming attacks, it will not be much help in alerting you to programs already on your PC attempting to connect to remote servers
I therefore strongly recommend that you install one of the following free firewalls: Sunbelt Free Firewall or Zonealarm
See Bleepingcomputer's excellent tutorial to help using and understanding a firewall here
Note: You should only have one firewall installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as seriously impairing the performance of your PC.


=============================
Delete\uninstall anything else that we have used.

System Restore
Then I will need you to reset your System Restore points.
The link below shows how to create a clean restore point.
How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/kb/310405/en-us

If you are using Vista then see this link > http://www.bleepingcomputer.com/tutorials/...143.html#manual
=====================================
After that your log is clean. :thumbsup:

The following is a list of tools and utilities that I like to suggest to people.
You do not have to have all or any of them they are only suggestions.
This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

Spybot Search & Destroy-Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.

Spyware Blaster - Great prevention tool to keep nasties from installing on your system.

Spywareguard-Works as a Spyware "Shield" to protect your computer from getting malware in the first place.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users