Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    Libssh CVE-2018-10933 Scanners & Exploits Released - Apply Updates Now

Featured Deal: Get 95% Off the Certified Information Systems Security Professional Training Course

Photo

POP UPS

Started by obiali1 , Dec 05 2008 02:17 AM

  • This topic is locked This topic is locked
7 replies to this topic

#1 obiali1

obiali1

  • Members
  • 4 posts
  • OFFLINE
    •  
  • Local time:06:32 PM

Posted 05 December 2008 - 02:17 AM

I have these pop ups and I dont know where they are coming from. Tried avg and it wont help. Here are my logs.

Logfile of random's system information tool 1.04 (written by random/random)
Run by onyeka okeke at 2008-12-04 07:28:11
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 16 GB (29%) free of 57 GB
Total RAM: 479 MB (5% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:30:01 AM, on 12/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\onyeka okeke\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\eFax Messenger 4.2\J2GTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\AVG\AVG8\avgscanx.exe
C:\Documents and Settings\onyeka okeke\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Documents and Settings\onyeka okeke\Desktop\RSIT.exe
C:\Program Files\trend micro\onyeka okeke.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - {32341E7E-C319-46DE-91D0-E30BB1A3CABA} - C:\WINDOWS\system32\ddcyxUOh.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: (no name) - {8F46C65E-1353-427A-A943-C6312A960069} - C:\WINDOWS\system32\rqRLfdEv.dll (file missing)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: {648bfa9e-8747-ea89-6c34-7f893da6657b} - {b7566ad3-98f7-43c6-98ae-7478e9afb846} - C:\WINDOWS\system32\xathwp.dll (file missing)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [Vista Sidebar] C:\Program Files\Vista Sidebar\sidebar.exe
O4 - HKLM\..\Run: [Blaero Start Orb] C:\Program Files\Blaero Start Orb\Blaero Start Orb.exe
O4 - HKLM\..\Run: [Styler] C:\Program Files\Styler\Styler.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\onyeka okeke\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: ddcyxUOh - ddcyxUOh.dll (file missing)
O20 - Winlogon Notify: __c002C754 - C:\WINDOWS\system32\__c002C754.dat (file missing)
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Virtual NIC Service (PackethSvc) - Unknown owner - C:\WINDOWS\System32\PackethSvc.exe (file missing)

--
End of file - 4912 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUser.job
C:\WINDOWS\tasks\Registration reminder 1.job
C:\WINDOWS\tasks\Registration reminder 2.job
C:\WINDOWS\tasks\Registration reminder 3.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{32341E7E-C319-46DE-91D0-E30BB1A3CABA}]
C:\WINDOWS\system32\ddcyxUOh.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-06-29 419096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8F46C65E-1353-427A-A943-C6312A960069}]
C:\WINDOWS\system32\rqRLfdEv.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-06 652784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b7566ad3-98f7-43c6-98ae-7478e9afb846}]
C:\WINDOWS\system32\xathwp.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D0943516-5076-4020-A3B5-AEFAF26AB263} - Veoh Browser Plug-in - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll [2008-08-25 352256]
{D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - StylerToolBar - C:\Program Files\Styler\TB\StylerTB.dll [2006-05-02 102400]
{0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - Veoh Web Player Video Finder - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll [2008-11-03 463872]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-06-29 1177368]
"LClock"=C:\Program Files\LClock\LClock.exe [2004-09-20 65536]
"Vista Sidebar"=C:\Program Files\Vista Sidebar\sidebar.exe [2006-12-25 6083072]
"Blaero Start Orb"=C:\Program Files\Blaero Start Orb\Blaero Start Orb.exe [2006-07-30 575488]
"Styler"=C:\Program Files\Styler\Styler.exe [2006-05-03 307200]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360]
"Google Update"=C:\Documents and Settings\onyeka okeke\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-05 133104]
"VeohPlugin"=C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe [2008-11-03 3522296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\onyeka okeke\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-05 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-14 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe [2008-08-25 3660848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VisualTooltip]
C:\DOCUME~1\ONYEKA~1\LOCALS~1\Temp\Rar$EX00.750\VisualToolTip.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"msCMTSrvc"=3
"InCDsrv"=2
"Compaq_RBA"=2
"ERSvc"=2
"SCardSvr"=3
"gusvc"=2
"Fax"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ddcyxUOh]
ddcyxUOh.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c002C754]
C:\WINDOWS\system32\__c002C754.dat []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-03 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{32341E7E-C319-46DE-91D0-E30BB1A3CABA}"=C:\WINDOWS\system32\ddcyxUOh.dll []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\rqRLfdEv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoColorChoice"=0
"NoSizeChoice"=0
"NoDispScrSavPage"=0
"NoDispCPL"=0
"NoVisualStyleChoice"=0
"NoDispSettingsPage"=0
"NoDispAppearancePage"=0
"Wallpaper"=,ôªÈóªtÁ—|O[‘|@

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoThemesTab"=0
"NoActiveDesktop"=0
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktopChanges"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\America's Army\System\ArmyOps.exe"="C:\Program Files\America's Army\System\ArmyOps.exe:*:Enabled:ArmyOps"
"C:\Program Files\EA GAMES\MOHAA\MOHAA.exe"="C:\Program Files\EA GAMES\MOHAA\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Messenger\Msmsgs.exe"="C:\Program Files\Messenger\Msmsgs.exe:*:Disabled:Windows Messenger"
"C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe"="C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Documents and Settings\onyeka okeke\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe"="C:\Documents and Settings\onyeka okeke\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player"
"C:\Documents and Settings\onyeka okeke\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll"="C:\Documents and Settings\onyeka okeke\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin"
"C:\Documents and Settings\onyeka okeke\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe"="C:\Documents and Settings\onyeka okeke\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin"
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"="C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player "
"C:\Documents and Settings\onyeka okeke\Desktop\NES\NES\NESTCL95.EXE"="C:\Documents and Settings\onyeka okeke\Desktop\NES\NES\NESTCL95.EXE:*:Disabled:NESTCL95"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
shell\AutoRun\command - F:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a52b269-e427-11d9-80ee-806d6172696f}]
shell\play\command - "C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a86b0a7-7dda-11dd-8eb1-806d6172696f}]
shell\AutoRun\command - E:\Launch.exe


======List of files/folders created in the last 1 months======

2008-12-04 07:28:29 ----D---- C:\Program Files\trend micro
2008-12-04 07:28:11 ----D---- C:\rsit
2008-11-27 13:27:43 ----D---- C:\Program Files\Free PDF to Word Converter
2008-11-27 12:45:52 ----D---- C:\Program Files\QuickPDF to WORD
2008-11-26 15:28:22 ----D---- C:\WINDOWS\system32\IOSUBSYS
2008-11-12 06:10:05 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 06:08:53 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-11 23:41:23 ----D---- C:\9719dd7171f9eef0d206a22dbbf7ecae

======List of files/folders modified in the last 1 months======

2008-12-04 07:30:10 ----D---- C:\WINDOWS\temp
2008-12-04 07:28:29 ----AD---- C:\Program Files
2008-12-04 07:28:15 ----D---- C:\WINDOWS\Prefetch
2008-12-04 06:49:44 ----D---- C:\WINDOWS
2008-12-04 06:49:36 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-04 01:39:43 ----D---- C:\Program Files\Mozilla Firefox
2008-12-03 22:33:14 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-12-02 19:50:34 ----HD---- C:\Documents and Settings\onyeka okeke\Application Data\Move Networks
2008-11-30 17:54:14 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-28 21:31:10 ----D---- C:\Program Files\Veoh Networks
2008-11-28 04:08:54 ----HD---- C:\$AVG8.VAULT$
2008-11-27 19:03:29 ----AC---- C:\WINDOWS\NeroDigital.ini
2008-11-27 18:13:41 ----A---- C:\WINDOWS\winpoint.ini
2008-11-27 15:32:35 ----D---- C:\WINDOWS\system32
2008-11-27 15:27:12 ----D---- C:\Program Files\Free PDF to Word Doc Converter
2008-11-26 15:28:22 ----HD---- C:\WINDOWS\inf
2008-11-26 15:28:22 ----D---- C:\WINDOWS\system32\drivers
2008-11-26 15:28:06 ----D---- C:\Program Files\Google
2008-11-25 14:08:26 ----SHD---- C:\WINDOWS\Installer
2008-11-25 14:08:26 ----SHD---- C:\Config.Msi
2008-11-25 12:43:22 ----D---- C:\WINDOWS\system32\Restore
2008-11-25 12:43:22 ----D---- C:\Program Files\Windows Media Player
2008-11-25 12:43:22 ----D---- C:\Program Files\Outlook Express
2008-11-25 00:03:47 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-24 22:28:36 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-11-20 13:39:32 ----D---- C:\Documents and Settings\onyeka okeke\Application Data\U3
2008-11-15 17:07:40 ----SD---- C:\WINDOWS\Tasks
2008-11-14 13:30:40 ----D---- C:\WINDOWS\Help
2008-11-12 06:09:48 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-12 06:09:26 ----A---- C:\WINDOWS\imsins.BAK
2008-11-12 06:06:19 ----D---- C:\WINDOWS\WinSxS

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-06-29 96520]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-06-29 26184]
R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2008-02-27 3840]
R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2004-03-08 13567]
R1 cdrbsvsd;cdrbsvsd; C:\WINDOWS\system32\drivers\cdrbsvsd.sys [2003-12-03 13566]
R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2004-03-24 27664]
R1 incdrm;InCD EasyWrite Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2003-12-29 28080]
R1 SAVRKBootTasks;Boot Tasks Driver; \??\C:\WINDOWS\system32\SAVRKBootTasks.sys []
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225920]
R2 Fallback;Fallback; C:\WINDOWS\System32\DRIVERS\fallback.sys [2002-01-02 303171]
R2 Fsks;Fsks; C:\WINDOWS\System32\DRIVERS\fsksnt.sys [2002-01-02 124701]
R2 K56;K56; C:\WINDOWS\System32\DRIVERS\k56nt.sys [2002-01-02 428431]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2001-09-17 17744]
R2 SoftFax;SoftFax; C:\WINDOWS\System32\DRIVERS\faxnt.sys [2002-01-02 212491]
R2 StreamDispatcher;StreamDispatcher; C:\WINDOWS\System32\DRIVERS\strmdisp.sys [2002-01-02 33548]
R2 Tones;Tones; C:\WINDOWS\System32\DRIVERS\tonesnt.sys [2002-01-02 59663]
R2 V124;V124; C:\WINDOWS\System32\DRIVERS\v124nt.sys [2002-01-02 541981]
R3 basic2;basic2; C:\WINDOWS\System32\DRIVERS\basic2.sys [2002-01-02 84786]
R3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\System32\Drivers\BrScnUsb.sys [2003-12-19 15263]
R3 eaps2kbd;Compaq Easy Access PS2 Internet Keyboard (Win2K); C:\WINDOWS\System32\DRIVERS\eaps2kbd.sys [2001-12-28 24035]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2002-03-09 909501]
R3 NVENET;NVIDIA nForce MCP Networking Adapter Driver; C:\WINDOWS\System32\DRIVERS\NVENET.sys [2002-03-19 96768]
R3 RimUsb;BlackBerry Device; C:\WINDOWS\System32\Drivers\RimUsb.sys [2005-07-05 20608]
R3 Rksample;Rksample; C:\WINDOWS\System32\DRIVERS\rksample.sys [2002-01-02 62422]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2002-01-16 415400]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2004-08-03 12416]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2004-08-03 17024]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-03 25856]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2002-01-02 591520]
R3 ZD1211U(ZyDAS);ZyDAS ZD1211 IEEE 802.11b+g Wireless LAN Driver (USB)(ZyDAS); C:\WINDOWS\System32\DRIVERS\zd1211u.sys [2005-08-02 278016]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2004-03-24 99568]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2004-08-03 42496]
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2004-08-03 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2004-08-03 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2004-08-03 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2004-08-03 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2004-08-03 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2004-08-03 19455]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2004-08-03 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2004-08-03 19551]
S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys []
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2004-08-03 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2004-08-03 23615]
S3 IPSECSHM;Nortel IPSECSHM Adapter; C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys []
S3 MEMSWEEP2;MEMSWEEP2; \??\C:\WINDOWS\system32\181.tmp []
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2004-08-03 40320]
S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\System32\PCAMPR5.SYS []
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 wandrv;WAN Network Driver; C:\WINDOWS\System32\DRIVERS\wandrv.sys [2001-08-09 22608]
S3 ZDBRGSYS;ZDBRGSYS NDIS Protocol Driver; \??\C:\WINDOWS\System32\ZDBRGSYS.SYS []
S3 ZDPNDIS5;ZDPNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\ZDPNDIS5.SYS []
S3 ZDPSp50;ZDPSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\ZDPSp50.sys [2004-10-25 17664]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2004-08-03 5504]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-17 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2004-08-03 14336]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-29 282904]
R2 brmfrmps;Brother Popup Suspend service for Resource manager; C:\WINDOWS\system32\Brmfrmps.exe [2003-05-05 65536]
R2 Brother XP spl Service;BrSplService; C:\WINDOWS\System32\brsvc01a.exe [2002-04-12 57344]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-06 168432]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-19 322120]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\System32\nvsvc32.exe [2002-03-09 61440]
R2 SimpTcp;Simple TCP/IP Services; C:\WINDOWS\System32\tcpsvcs.exe [2001-08-17 19456]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2005-01-28 38912]
S2 PackethSvc;Virtual NIC Service; C:\WINDOWS\System32\PackethSvc.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 p2pgasvc;Peer Networking Group Authentication; C:\WINDOWS\System32\svchost.exe [2004-08-03 14336]
S3 p2pimsvc;Peer Networking Identity Manager; C:\WINDOWS\System32\svchost.exe [2004-08-03 14336]
S3 p2psvc;Peer Networking; C:\WINDOWS\System32\svchost.exe [2004-08-03 14336]
S3 PNRPSvc;Peer Name Resolution Protocol; C:\WINDOWS\System32\svchost.exe [2004-08-03 14336]
S4 Compaq_RBA;Compaq Advisor; C:\Program Files\COMPAQ\Compaq Advisor\bin\compaq-rba.exe []
S4 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-03 267776]
S4 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2004-03-24 876656]
S4 msCMTSrvc;Content Monitoring Tool; C:\WINDOWS\system32\msCMTSrvc.exe []
S4 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2007-08-05 66872]

-----------------EOF-----------------


Logfile of random's system information tool 1.04 (written by random/random)
Run by onyeka okeke at 2008-12-04 07:28:11
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 16 GB (29%) free of 57 GB
Total RAM: 479 MB (5% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:30:01 AM, on 12/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\onyeka okeke\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\eFax Messenger 4.2\J2GTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\AVG\AVG8\avgscanx.exe
C:\Documents and Settings\onyeka okeke\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Documents and Settings\onyeka okeke\Desktop\RSIT.exe
C:\Program Files\trend micro\onyeka okeke.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - {32341E7E-C319-46DE-91D0-E30BB1A3CABA} - C:\WINDOWS\system32\ddcyxUOh.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: (no name) - {8F46C65E-1353-427A-A943-C6312A960069} - C:\WINDOWS\system32\rqRLfdEv.dll (file missing)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: {648bfa9e-8747-ea89-6c34-7f893da6657b} - {b7566ad3-98f7-43c6-98ae-7478e9afb846} - C:\WINDOWS\system32\xathwp.dll (file missing)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [Vista Sidebar] C:\Program Files\Vista Sidebar\sidebar.exe
O4 - HKLM\..\Run: [Blaero Start Orb] C:\Program Files\Blaero Start Orb\Blaero Start Orb.exe
O4 - HKLM\..\Run: [Styler] C:\Program Files\Styler\Styler.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\onyeka okeke\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: ddcyxUOh - ddcyxUOh.dll (file missing)
O20 - Winlogon Notify: __c002C754 - C:\WINDOWS\system32\__c002C754.dat (file missing)
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Virtual NIC Service (PackethSvc) - Unknown owner - C:\WINDOWS\System32\PackethSvc.exe (file missing)

--
End of file - 4912 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUser.job
C:\WINDOWS\tasks\Registration reminder 1.job
C:\WINDOWS\tasks\Registration reminder 2.job
C:\WINDOWS\tasks\Registration reminder 3.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{32341E7E-C319-46DE-91D0-E30BB1A3CABA}]
C:\WINDOWS\system32\ddcyxUOh.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-06-29 419096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8F46C65E-1353-427A-A943-C6312A960069}]
C:\WINDOWS\system32\rqRLfdEv.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-06 652784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b7566ad3-98f7-43c6-98ae-7478e9afb846}]
C:\WINDOWS\system32\xathwp.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D0943516-5076-4020-A3B5-AEFAF26AB263} - Veoh Browser Plug-in - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll [2008-08-25 352256]
{D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - StylerToolBar - C:\Program Files\Styler\TB\StylerTB.dll [2006-05-02 102400]
{0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - Veoh Web Player Video Finder - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll [2008-11-03 463872]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-06-29 1177368]
"LClock"=C:\Program Files\LClock\LClock.exe [2004-09-20 65536]
"Vista Sidebar"=C:\Program Files\Vista Sidebar\sidebar.exe [2006-12-25 6083072]
"Blaero Start Orb"=C:\Program Files\Blaero Start Orb\Blaero Start Orb.exe [2006-07-30 575488]
"Styler"=C:\Program Files\Styler\Styler.exe [2006-05-03 307200]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360]
"Google Update"=C:\Documents and Settings\onyeka okeke\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-05 133104]
"VeohPlugin"=C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe [2008-11-03 3522296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\onyeka okeke\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-05 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-14 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe [2008-08-25 3660848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VisualTooltip]
C:\DOCUME~1\ONYEKA~1\LOCALS~1\Temp\Rar$EX00.750\VisualToolTip.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"msCMTSrvc"=3
"InCDsrv"=2
"Compaq_RBA"=2
"ERSvc"=2
"SCardSvr"=3
"gusvc"=2
"Fax"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ddcyxUOh]
ddcyxUOh.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c002C754]
C:\WINDOWS\system32\__c002C754.dat []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-03 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{32341E7E-C319-46DE-91D0-E30BB1A3CABA}"=C:\WINDOWS\system32\ddcyxUOh.dll []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\rqRLfdEv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoColorChoice"=0
"NoSizeChoice"=0
"NoDispScrSavPage"=0
"NoDispCPL"=0
"NoVisualStyleChoice"=0
"NoDispSettingsPage"=0
"NoDispAppearancePage"=0
"Wallpaper"=,ôªÈóªtÁ—|O[‘|@

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoThemesTab"=0
"NoActiveDesktop"=0
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktopChanges"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\America's Army\System\ArmyOps.exe"="C:\Program Files\America's Army\System\ArmyOps.exe:*:Enabled:ArmyOps"
"C:\Program Files\EA GAMES\MOHAA\MOHAA.exe"="C:\Program Files\EA GAMES\MOHAA\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Messenger\Msmsgs.exe"="C:\Program Files\Messenger\Msmsgs.exe:*:Disabled:Windows Messenger"
"C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe"="C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Documents and Settings\onyeka okeke\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe"="C:\Documents and Settings\onyeka okeke\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player"
"C:\Documents and Settings\onyeka okeke\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll"="C:\Documents and Settings\onyeka okeke\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin"
"C:\Documents and Settings\onyeka okeke\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe"="C:\Documents and Settings\onyeka okeke\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin"
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"="C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player "
"C:\Documents and Settings\onyeka okeke\Desktop\NES\NES\NESTCL95.EXE"="C:\Documents and Settings\onyeka okeke\Desktop\NES\NES\NESTCL95.EXE:*:Disabled:NESTCL95"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
shell\AutoRun\command - F:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a52b269-e427-11d9-80ee-806d6172696f}]
shell\play\command - "C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a86b0a7-7dda-11dd-8eb1-806d6172696f}]
shell\AutoRun\command - E:\Launch.exe


======List of files/folders created in the last 1 months======

2008-12-04 07:28:29 ----D---- C:\Program Files\trend micro
2008-12-04 07:28:11 ----D---- C:\rsit
2008-11-27 13:27:43 ----D---- C:\Program Files\Free PDF to Word Converter
2008-11-27 12:45:52 ----D---- C:\Program Files\QuickPDF to WORD
2008-11-26 15:28:22 ----D---- C:\WINDOWS\system32\IOSUBSYS
2008-11-12 06:10:05 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 06:08:53 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-11 23:41:23 ----D---- C:\9719dd7171f9eef0d206a22dbbf7ecae

======List of files/folders modified in the last 1 months======

2008-12-04 07:30:10 ----D---- C:\WINDOWS\temp
2008-12-04 07:28:29 ----AD---- C:\Program Files
2008-12-04 07:28:15 ----D---- C:\WINDOWS\Prefetch
2008-12-04 06:49:44 ----D---- C:\WINDOWS
2008-12-04 06:49:36 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-04 01:39:43 ----D---- C:\Program Files\Mozilla Firefox
2008-12-03 22:33:14 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-12-02 19:50:34 ----HD---- C:\Documents and Settings\onyeka okeke\Application Data\Move Networks
2008-11-30 17:54:14 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-28 21:31:10 ----D---- C:\Program Files\Veoh Networks
2008-11-28 04:08:54 ----HD---- C:\$AVG8.VAULT$
2008-11-27 19:03:29 ----AC---- C:\WINDOWS\NeroDigital.ini
2008-11-27 18:13:41 ----A---- C:\WINDOWS\winpoint.ini
2008-11-27 15:32:35 ----D---- C:\WINDOWS\system32
2008-11-27 15:27:12 ----D---- C:\Program Files\Free PDF to Word Doc Converter
2008-11-26 15:28:22 ----HD---- C:\WINDOWS\inf
2008-11-26 15:28:22 ----D---- C:\WINDOWS\system32\drivers
2008-11-26 15:28:06 ----D---- C:\Program Files\Google
2008-11-25 14:08:26 ----SHD---- C:\WINDOWS\Installer
2008-11-25 14:08:26 ----SHD---- C:\Config.Msi
2008-11-25 12:43:22 ----D---- C:\WINDOWS\system32\Restore
2008-11-25 12:43:22 ----D---- C:\Program Files\Windows Media Player
2008-11-25 12:43:22 ----D---- C:\Program Files\Outlook Express
2008-11-25 00:03:47 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-24 22:28:36 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-11-20 13:39:32 ----D---- C:\Documents and Settings\onyeka okeke\Application Data\U3
2008-11-15 17:07:40 ----SD---- C:\WINDOWS\Tasks
2008-11-14 13:30:40 ----D---- C:\WINDOWS\Help
2008-11-12 06:09:48 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-12 06:09:26 ----A---- C:\WINDOWS\imsins.BAK
2008-11-12 06:06:19 ----D---- C:\WINDOWS\WinSxS

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-06-29 96520]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-06-29 26184]
R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2008-02-27 3840]
R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2004-03-08 13567]
R1 cdrbsvsd;cdrbsvsd; C:\WINDOWS\system32\drivers\cdrbsvsd.sys [2003-12-03 13566]
R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2004-03-24 27664]
R1 incdrm;InCD EasyWrite Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2003-12-29 28080]
R1 SAVRKBootTasks;Boot Tasks Driver; \??\C:\WINDOWS\system32\SAVRKBootTasks.sys []
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225920]
R2 Fallback;Fallback; C:\WINDOWS\System32\DRIVERS\fallback.sys [2002-01-02 303171]
R2 Fsks;Fsks; C:\WINDOWS\System32\DRIVERS\fsksnt.sys [2002-01-02 124701]
R2 K56;K56; C:\WINDOWS\System32\DRIVERS\k56nt.sys [2002-01-02 428431]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2001-09-17 17744]
R2 SoftFax;SoftFax; C:\WINDOWS\System32\DRIVERS\faxnt.sys [2002-01-02 212491]
R2 StreamDispatcher;StreamDispatcher; C:\WINDOWS\System32\DRIVERS\strmdisp.sys [2002-01-02 33548]
R2 Tones;Tones; C:\WINDOWS\System32\DRIVERS\tonesnt.sys [2002-01-02 59663]
R2 V124;V124; C:\WINDOWS\System32\DRIVERS\v124nt.sys [2002-01-02 541981]
R3 basic2;basic2; C:\WINDOWS\System32\DRIVERS\basic2.sys [2002-01-02 84786]
R3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\System32\Drivers\BrScnUsb.sys [2003-12-19 15263]
R3 eaps2kbd;Compaq Easy Access PS2 Internet Keyboard (Win2K); C:\WINDOWS\System32\DRIVERS\eaps2kbd.sys [2001-12-28 24035]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2002-03-09 909501]
R3 NVENET;NVIDIA nForce MCP Networking Adapter Driver; C:\WINDOWS\System32\DRIVERS\NVENET.sys [2002-03-19 96768]
R3 RimUsb;BlackBerry Device; C:\WINDOWS\System32\Drivers\RimUsb.sys [2005-07-05 20608]
R3 Rksample;Rksample; C:\WINDOWS\System32\DRIVERS\rksample.sys [2002-01-02 62422]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2002-01-16 415400]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2004-08-03 12416]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2004-08-03 17024]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-03 25856]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2002-01-02 591520]
R3 ZD1211U(ZyDAS);ZyDAS ZD1211 IEEE 802.11b+g Wireless LAN Driver (USB)(ZyDAS); C:\WINDOWS\System32\DRIVERS\zd1211u.sys [2005-08-02 278016]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2004-03-24 99568]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2004-08-03 42496]
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2004-08-03 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2004-08-03 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2004-08-03 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2004-08-03 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2004-08-03 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2004-08-03 19455]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2004-08-03 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2004-08-03 19551]
S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys []
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2004-08-03 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2004-08-03 23615]
S3 IPSECSHM;Nortel IPSECSHM Adapter; C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys []
S3 MEMSWEEP2;MEMSWEEP2; \??\C:\WINDOWS\system32\181.tmp []
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2004-08-03 40320]
S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\System32\PCAMPR5.SYS []
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 wandrv;WAN Network Driver; C:\WINDOWS\System32\DRIVERS\wandrv.sys [2001-08-09 22608]
S3 ZDBRGSYS;ZDBRGSYS NDIS Protocol Driver; \??\C:\WINDOWS\System32\ZDBRGSYS.SYS []
S3 ZDPNDIS5;ZDPNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\ZDPNDIS5.SYS []
S3 ZDPSp50;ZDPSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\ZDPSp50.sys [2004-10-25 17664]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2004-08-03 5504]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-17 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2004-08-03 14336]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-29 282904]
R2 brmfrmps;Brother Popup Suspend service for Resource manager; C:\WINDOWS\system32\Brmfrmps.exe [2003-05-05 65536]
R2 Brother XP spl Service;BrSplService; C:\WINDOWS\System32\brsvc01a.exe [2002-04-12 57344]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-06 168432]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-19 322120]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\System32\nvsvc32.exe [2002-03-09 61440]
R2 SimpTcp;Simple TCP/IP Services; C:\WINDOWS\System32\tcpsvcs.exe [2001-08-17 19456]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2005-01-28 38912]
S2 PackethSvc;Virtual NIC Service; C:\WINDOWS\System32\PackethSvc.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 p2pgasvc;Peer Networking Group Authentication; C:\WINDOWS\System32\svchost.exe [2004-08-03 14336]
S3 p2pimsvc;Peer Networking Identity Manager; C:\WINDOWS\System32\svchost.exe [2004-08-03 14336]
S3 p2psvc;Peer Networking; C:\WINDOWS\System32\svchost.exe [2004-08-03 14336]
S3 PNRPSvc;Peer Name Resolution Protocol; C:\WINDOWS\System32\svchost.exe [2004-08-03 14336]
S4 Compaq_RBA;Compaq Advisor; C:\Program Files\COMPAQ\Compaq Advisor\bin\compaq-rba.exe []
S4 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-03 267776]
S4 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2004-03-24 876656]
S4 msCMTSrvc;Content Monitoring Tool; C:\WINDOWS\system32\msCMTSrvc.exe []
S4 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2007-08-05 66872]

-----------------EOF-----------------

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, December 4, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, December 04, 2008 16:03:39
Records in database: 1436568
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
H:\

Scan statistics:
Files scanned: 97611
Threat name: 3
Infected objects: 6
Suspicious objects: 0
Duration of the scan: 07:17:40


File name / Threat name / Threats count
C:\i386\vimc.ex_ Infected: not-a-virus:RiskTool.Win32.CloseApp.e 1
C:\i386\vivp.ex_ Infected: Trojan-Spy.Win32.Agent.ehl 1
C:\Program Files\Blaero Start Orb\Blaero Start Orb.exe Infected: Trojan-Spy.Win32.Agent.ehl 1
C:\Program Files\Mozilla Firefox\plugins\npclntax_ZangoSA.dll Infected: not-a-virus:AdTool.Win32.Zango.aq 1
C:\WINDOWS\system32\closeapp.exe Infected: not-a-virus:RiskTool.Win32.CloseApp.e 1
C:\WINDOWS\system32\vimc.exe Infected: not-a-virus:RiskTool.Win32.CloseApp.e 1

The selected area was scanned.

BC AdBot (Login to Remove)

 

#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
    •  
  • Local time:07:32 AM

Posted 06 December 2008 - 04:10 PM

Hello, my name is fenzodahl512 and welcome to BC.. Please do the following....


Please download SDFix by Andy Manchesta and save it to your desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please reboot into Safe Mode
  • In Safe Mode, right click the SDFix.zip folder and choose Extract All,
  • A new folder will be extracted to your %systemdrive%, typically C:\SDFix
  • Open the extracted folder and double click RunThis.bat to start the script.
  • Type Y to begin the script.
  • It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • Your system will take longer that normal to restart as the fixtool will be running and removing files.
  • When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
  • Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt along with any other requested logs at the end of these instructions.



NEXT


Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DO NOT mouseclick combofix's window while its running. That may cause it to stall




Post me these logs in your next reply..


1. SDFix
2. ComboFix
3. A fresh HijackThis log (after ComboFix step)

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive

#3 obiali1

obiali1
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
    •  
  • Local time:06:32 PM

Posted 07 December 2008 - 06:17 PM

Here are the reports.


SDFix: Version 1.240
Run by onyeka okeke on Sun 12/07/2008 at 02:13 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\SYSTEM32\BDD0DD~1.EXE - Deleted
C:\WINDOWS\BDD0DD~1.EXE - Deleted
C:\Documents and Settings\onyeka okeke\Application Data\Install.dat - Deleted
C:\Program Files\SAV\sav0.dat - Deleted
C:\Program Files\SAV\sav1.dat - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-07 14:28:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\America's Army\\System\\ArmyOps.exe"="C:\\Program Files\\America's Army\\System\\ArmyOps.exe:*:Enabled:ArmyOps"
"C:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe"="C:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Messenger\\Msmsgs.exe"="C:\\Program Files\\Messenger\\Msmsgs.exe:*:Disabled:Windows Messenger"
"C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\ttax.exe"="C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\updatemgr.exe"="C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Documents and Settings\\onyeka okeke\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"="C:\\Documents and Settings\\onyeka okeke\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player"
"C:\\Documents and Settings\\onyeka okeke\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"="C:\\Documents and Settings\\onyeka okeke\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll:*:Enabled:Google Talk Plugin"
"C:\\Documents and Settings\\onyeka okeke\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"="C:\\Documents and Settings\\onyeka okeke\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe:*:Enabled:Google Talk Plugin"
"C:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"="C:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe:*:Enabled:Veoh Web Player "
"C:\\Documents and Settings\\onyeka okeke\\Desktop\\NES\\NES\\NESTCL95.EXE"="C:\\Documents and Settings\\onyeka okeke\\Desktop\\NES\\NES\\NESTCL95.EXE:*:Disabled:NESTCL95"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Tue 23 Mar 1999 16,062 ..SHR --- "C:\LOGO.SYS"
Fri 22 Aug 2008 635,848 A.SH. --- "C:\Program Files\Internet Explorer\iexplore.exe"
Mon 9 May 2005 1,658,080 ..SH. --- "C:\Program Files\Messenger\Msmsgs.exe"
Sun 10 Jul 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 6 Oct 2008 25,600 ...H. --- "C:\Documents and Settings\onyeka okeke\My Documents\~WRL0996.tmp"
Fri 28 Nov 2008 26,624 ...H. --- "C:\Documents and Settings\onyeka okeke\My Documents\~WRL2872.tmp"
Wed 26 Nov 2008 7,829,056 A..H. --- "C:\Program Files\Google\Picasa3\setup.exe"
Mon 6 Oct 2008 54,272 ...H. --- "C:\Documents and Settings\onyeka okeke\Desktop\Whateva\~WRL0005.tmp"
Tue 4 Nov 2008 54,784 ...H. --- "C:\Documents and Settings\onyeka okeke\Desktop\Whateva\~WRL0411.tmp"
Sat 25 Aug 2007 45,814 ...H. --- "C:\Documents and Settings\onyeka okeke\My Documents\eFax Messenger 4.2\J2GPlus.exe-BarState"
Mon 27 Oct 2008 29,696 ...H. --- "C:\Documents and Settings\onyeka okeke\Application Data\Microsoft\Word\~WRL0002.tmp"
Mon 5 Mar 2007 41,472 ...H. --- "C:\Documents and Settings\onyeka okeke\Application Data\Microsoft\Word\~WRL3100.tmp"
Sun 28 Aug 2005 488 A.SH. --- "C:\Documents and Settings\onyeka okeke\My Documents\My Music\License Backup\drmv2key.bak"

Finished!

ComboFix 08-12-06.06 - onyeka okeke 2008-12-07 14:47:31.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.135 [GMT -8:00]
Running from: c:\documents and settings\onyeka okeke\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Guest\Application Data\ShoppingReport
c:\documents and settings\Guest\Application Data\ShoppingReport\cs\Config.xml
c:\documents and settings\Guest\Application Data\ShoppingReport\cs\db\Aliases.dbs
c:\documents and settings\Guest\Application Data\ShoppingReport\cs\db\Sites.dbs
c:\documents and settings\Guest\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
c:\documents and settings\Guest\Application Data\ShoppingReport\cs\report\aggr_storage.xml
c:\documents and settings\Guest\Application Data\ShoppingReport\cs\report\send_storage.xml
c:\documents and settings\Guest\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
c:\documents and settings\Guest\Application Data\Zango
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\1.sdf
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\3893642.sdf
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\domains.txt
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\dynamic\ustat\36d1.dat
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\1\avatar.res
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\1\btntrans.idx
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\1\btntrans1.dat
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\1\buttondir.txt
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\1\components.cdf
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\1\cursors.res
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_1000.res
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_2000.res
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_3000.res
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_bar.res
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_bbar1.res
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_logos.res
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_other.res
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\1\d_icons_weather.res
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\1\default.cdf
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\1\Default_511745-514279.mnu
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\1\Default_bidzC_ZT_IE-ca.mnu
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\1\Default_bidzC_ZT_IE-us.mnu
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\1\Default_categorize.mnu
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\1\Default_comparison.mnu
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\1\Default_explorer-Mails.mnu
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\1\Default_explorer-people.mnu
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\1\Default_favorites.mnu
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\1\Default_Games.mnu
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\1\Default_Hide.mnu
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\1\Default_hotbarcom.mnu
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\1\Default_Hotmail.mnu
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\1\Default_hsskin.mnu
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\1\Default_jemster.mnu
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\1\Default_jemsterie.mnu
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\1\Default_jemsteruk.mnu
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\1\Default_jobsearch.mnu
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\1\Default_Mails.mnu
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\1\Default_MobileSidewalk.mnu
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\1\Default_new.mnu
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\1\Default_premium.mnu
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\1\Default_reun.mnu
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\1\Default_ringtones.mnu
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\1\Default_SearchBoxTrapper.mnu
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\1\Default_searchfor.mnu
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\1\Default_searchgo.mnu
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\1\Default_weather.mnu
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\1\Default_yellowpages.mnu
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\1\editblbuttons.res
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\1\email-def-511724-548964.mnu
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\1\email-def-511724-9595.mnu
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\1\email-t1-bg.res
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\1\icons2.res
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\1\ie_games_icon.res
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\1\ie_video.res
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\1\keywords.idx
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\1\keywords1.dat
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\1\layout.cdf
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\1\linkpathlegal.txt
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\1\progress.res
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\1\s_icons_buttons.res
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\1\sales_buttons.res
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\1\sdfmodifier.xml
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\1\t2_bg.res
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\1\theweb.mnu
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\1\top7.cdf
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\1\Top7_theweb.mnu
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\1\tsd_bg.res
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\1\zango_btn.res
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\1\zango_ie_menu.res
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\DownLoad\avatar.xip
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\DownLoad\BtnTrans.xip
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\DownLoad\BtnTrans1.xip
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\DownLoad\buttondir.xip
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\DownLoad\cursors.xip
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_1000.xip
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_2000.xip
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_3000.xip
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_bar.xip
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_bbar1.xip
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_logos.xip
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_other.xip
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_weather.xip
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\DownLoad\default.xip
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\DownLoad\editblbuttons.xip
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\DownLoad\email-t1-bg.xip
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\DownLoad\icons2.xip
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\DownLoad\ie_games_icon.xip
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\DownLoad\ie_video.xip
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\DownLoad\keywords.xip
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\DownLoad\keywords1.xip
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\DownLoad\layout.xip
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\DownLoad\linkpathlegal.xip
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\DownLoad\progress.xip
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\DownLoad\s_icons_buttons.xip
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\DownLoad\sales_buttons.xip
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\DownLoad\samplegroups2reg.txt
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\DownLoad\samplegroups2reg.xip
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\DownLoad\sdfmodifier.xip
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\DownLoad\t2_bg.xip
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\DownLoad\top7.xip
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\DownLoad\tsd_bg.xip
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\DownLoad\zango_btn.xip
c:\documents and settings\Guest\Application Data\Zango\v3.0\Zango\static\DownLoad\zango_ie_menu.xip
c:\documents and settings\onyeka okeke\Application Data\WeatherDPA
c:\program files\SAV
c:\windows\BM33dae20f.txt
c:\windows\cookies.ini
c:\windows\system32\bmqpmbir.ini
c:\windows\system32\dudtwnrk.ini
c:\windows\system32\edwxvbbk.ini
c:\windows\system32\emqpiplk.ini
c:\windows\system32\fskoyknk.ini
c:\windows\system32\fyevgffl.ini
c:\windows\system32\hwtpvtjk.ini
c:\windows\system32\hwxqwytr.ini
c:\windows\system32\ifuxfywj.ini
c:\windows\system32\kjissodq.ini
c:\windows\system32\kviiwctu.ini
c:\windows\system32\lpkgommu.ini
c:\windows\system32\lxveccpw.ini
c:\windows\system32\mcrh.tmp
c:\windows\system32\okwgfgrg.ini
c:\windows\system32\omsuksin.ini
c:\windows\system32\uibnsmmc.ini
c:\windows\system32\vEdfLRqr.ini
c:\windows\system32\vEdfLRqr.ini2
c:\windows\system32\xcxrtgvk.ini
C:\xcrashdump.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_VFILT


((((((((((((((((((((((((( Files Created from 2008-11-07 to 2008-12-07 )))))))))))))))))))))))))))))))
.

2008-12-07 14:11 . 2008-12-07 14:11 577,536 --a------ c:\windows\system32\dllcache\user32.dll
2008-12-07 14:06 . 2008-12-07 14:06 <DIR> d-------- c:\windows\ERUNT
2008-12-07 13:54 . 2008-12-07 13:54 <DIR> d-------- c:\documents and settings\Administrator
2008-12-07 13:50 . 2008-12-07 14:32 <DIR> d-------- C:\SDFix
2008-12-06 21:58 . 2008-12-06 21:58 <DIR> d-------- c:\program files\iPod
2008-12-06 21:58 . 2008-04-17 13:12 107,368 --a------ c:\windows\system32\GEARAspi.dll
2008-12-06 21:58 . 2008-04-17 13:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
2008-12-06 21:57 . 2008-12-06 22:54 <DIR> d-------- c:\program files\iTunes
2008-12-06 21:57 . 2008-12-06 21:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-06 21:56 . 2008-12-06 21:56 <DIR> d-------- c:\program files\Bonjour
2008-12-06 21:53 . 2008-12-06 21:55 <DIR> d-------- c:\program files\QuickTime
2008-12-06 21:51 . 2008-12-06 21:51 <DIR> d-------- c:\program files\Apple Software Update
2008-12-06 21:50 . 2008-12-06 21:57 <DIR> d-------- c:\program files\Common Files\Apple
2008-12-06 21:50 . 2008-12-06 21:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple
2008-12-04 07:28 . 2008-12-04 07:30 <DIR> d-------- C:\rsit
2008-12-04 07:28 . 2008-12-04 07:30 <DIR> d-------- c:\program files\trend micro
2008-11-28 16:23 . 2008-11-28 16:23 <DIR> d-------- c:\documents and settings\onyeka okeke\kaylani
2008-11-27 13:27 . 2008-11-27 15:09 <DIR> d-------- c:\program files\Free PDF to Word Converter
2008-11-27 12:45 . 2008-11-27 12:45 <DIR> d-------- c:\program files\QuickPDF to WORD
2008-11-26 15:28 . 2008-11-26 15:28 <DIR> d-------- c:\windows\system32\IOSUBSYS
2008-11-17 12:04 . 2008-11-17 12:04 2,306,113 --a------ c:\windows\system32\GPhotos.scr
2008-11-11 23:41 . 2008-11-11 23:41 <DIR> d-------- C:\9719dd7171f9eef0d206a22dbbf7ecae
2008-11-11 20:05 . 2008-10-24 03:10 453,632 --------- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-11 20:03 . 2008-09-04 08:42 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-07 09:29 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-12-07 05:53 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-12-03 03:50 --------- d--h--w c:\documents and settings\onyeka okeke\Application Data\Move Networks
2008-11-29 05:31 --------- d-----w c:\program files\Veoh Networks
2008-11-27 23:27 --------- d-----w c:\program files\Free PDF to Word Doc Converter
2008-11-26 23:28 --------- d-----w c:\program files\Google
2008-11-20 21:39 --------- d-----w c:\documents and settings\onyeka okeke\Application Data\U3
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 07:02 --------- d-----w c:\program files\DivX
2008-10-22 13:01 --------- d-----w c:\program files\MSXML 4.0
2008-10-21 18:00 --------- d-----w c:\program files\Microsoft WSE
2008-10-21 17:56 --------- d--h--w c:\program files\InstallShield Installation Information
2008-09-27 04:35 796,672 -c--a-w c:\windows\GPInstall.exe
2008-09-17 18:44 34,264 -c--a-w c:\documents and settings\onyeka okeke\Application Data\GDIPFONTCACHEV1.DAT
2006-05-17 19:42 284 -c--a-w c:\documents and settings\onyeka okeke\Application Data\ViewerApp.dat
2005-07-18 21:48 784 -c--a-w c:\documents and settings\onyeka okeke\Application Data\mpauth.dat
2004-08-04 07:56 4,096 -csha-w c:\windows\system32\1112.dat
.

------- Sigcheck -------

2007-06-13 02:23 1423360 e4368d08c22012b357bef3ba239ac667 c:\windows\explorer.exe
2007-06-13 03:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
2001-08-17 21:36 1000960 5a26fc6010886d25b3e412493dd95ed8 c:\windows\$NtServicePackUninstall$\explorer.exe
2004-08-03 23:56 1032192 a0732187050030ae399b241436565e64 c:\windows\ServicePackFiles\i386\explorer.exe
2008-04-13 16:12 1033728 12896823fb95bfb3dc9b46bcaedc9923 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe
2007-06-13 02:23 1033216 97bd6515465659ff8f3b7be375b2ea87 c:\windows\system32\VITrans\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"Google Update"="c:\documents and settings\onyeka okeke\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-10-05 133104]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2008-11-03 3522296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-06-29 1177368]
"LClock"="c:\program files\LClock\LClock.exe" [2004-09-20 65536]
"Vista Sidebar"="c:\program files\Vista Sidebar\sidebar.exe" [2006-12-25 6083072]
"Blaero Start Orb"="c:\program files\Blaero Start Orb\Blaero Start Orb.exe" [2006-07-30 575488]
"Styler"="c:\program files\Styler\Styler.exe" [2006-05-03 307200]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):76,69,73,74,61,75,69,2e,65,78,65,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-03 23:56 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-10-05 00:15 133104 c:\documents and settings\onyeka okeke\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a--c--- 2007-06-14 12:58 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-08-25 14:19 3660848 c:\program files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"msCMTSrvc"=3 (0x3)
"InCDsrv"=2 (0x2)
"Compaq_RBA"=2 (0x2)
"ERSvc"=2 (0x2)
"SCardSvr"=3 (0x3)
"gusvc"=2 (0x2)
"Fax"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\America's Army\\System\\ArmyOps.exe"=
"c:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Messenger\\Msmsgs.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\onyeka okeke\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Documents and Settings\\onyeka okeke\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\onyeka okeke\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Documents and Settings\\onyeka okeke\\Desktop\\NES\\NES\\NESTCL95.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-06-29 96520]
R1 SAVRKBootTasks;Boot Tasks Driver;\??\c:\windows\system32\SAVRKBootTasks.sys [2007-09-12 18816]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-06-29 282904]
S2 PackethSvc;Virtual NIC Service;c:\windows\System32\PackethSvc.exe []
S3 IPSECSHM;Nortel IPSECSHM Adapter;c:\windows\system32\DRIVERS\ipsecw2k.sys []
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\181.tmp []
S3 ZDBRGSYS;ZDBRGSYS NDIS Protocol Driver;\??\c:\windows\System32\ZDBRGSYS.SYS [2005-11-21 19200]
S4 msCMTSrvc;Content Monitoring Tool;c:\windows\system32\msCMTSrvc.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a52b269-e427-11d9-80ee-806d6172696f}]
\shell\play\command - "c:\program files\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L"
.
Contents of the 'Scheduled Tasks' folder

2008-12-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-12-07 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\onyeka okeke\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-05 00:15]

2005-06-29 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\System32\OOBE\oobebaln.exe [2004-08-03 23:56]

2005-07-04 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\System32\OOBE\oobebaln.exe [2004-08-03 23:56]

2005-07-09 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\System32\OOBE\oobebaln.exe [2004-08-03 23:56]
.
- - - - ORPHANS REMOVED - - - -

BHO-{8F46C65E-1353-427A-A943-C6312A960069} - c:\windows\system32\rqRLfdEv.dll
BHO-{b7566ad3-98f7-43c6-98ae-7478e9afb846} - c:\windows\system32\xathwp.dll
HKU-Default-Run-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe
Notify-__c002C754 - c:\windows\system32\__c002C754.dat
MSConfigStartUp-VisualTooltip - c:\docume~1\ONYEKA~1\LOCALS~1\Temp\Rar$EX00.750\VisualToolTip.exe


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
FireFox -: Profile - c:\documents and settings\onyeka okeke\Application Data\Mozilla\Firefox\Profiles\ncpaifih.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - msn.com
FF -: plugin - c:\documents and settings\onyeka okeke\Application Data\Mozilla\Firefox\Profiles\ncpaifih.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF -: plugin - c:\documents and settings\onyeka okeke\Application Data\Mozilla\plugins\npgoogletalk.dll
FF -: plugin - c:\documents and settings\onyeka okeke\Local Settings\Application Data\Google\Update\1.2.131.27\npGoogleOneClick6.dll
FF -: plugin - c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF -: plugin - c:\program files\Google\Picasa3\npPicasa2.dll
FF -: plugin - c:\program files\Google\Picasa3\npPicasa3.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npclntax_ZangoSA.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF -: plugin - c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF -: plugin - c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF -: plugin - c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-07 14:52:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\docume~1\ONYEKA~1\LOCALS~1\Temp\DX9.tmp 466545 bytes

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\181.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1052)
c:\windows\system32\cscui.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\brss01a.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\Brmfrmps.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\system32\wdfmgr.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\windows\system32\wscntfy.exe
c:\docume~1\ONYEKA~1\LOCALS~1\Temp\{6AF99B5F-C1B3-4EEC-841E-9C7F935BCAE1}\Blaero Start Orb.exe
c:\program files\iPod\bin\iPodService.exe
c:\docume~1\ONYEKA~1\LOCALS~1\Temp\{B75C5A5D-E355-4BD3-82B3-CF755B342EEA}\sidebar.exe
.
**************************************************************************
.
Completion time: 2008-12-07 14:59:54 - machine was rebooted [onyeka okeke]
ComboFix-quarantined-files.txt 2008-12-07 22:59:32
ComboFix2.txt 2007-05-12 15:05:21

Pre-Run: 18,307,436,544 bytes free
Post-Run: 18,249,097,216 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn /noguiboot

368 --- E O F --- 2008-11-12 14:10:25

Logfile of random's system information tool 1.04 (written by random/random)
Run by onyeka okeke at 2008-12-07 15:15:00
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 17 GB (30%) free of 57 GB
Total RAM: 479 MB (23% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:15:06 PM, on 12/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\LClock\LClock.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Styler\Styler.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\onyeka okeke\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\DOCUME~1\ONYEKA~1\LOCALS~1\Temp\{6AF99B5F-C1B3-4EEC-841E-9C7F935BCAE1}\Blaero Start Orb.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\DOCUME~1\ONYEKA~1\LOCALS~1\Temp\{B75C5A5D-E355-4BD3-82B3-CF755B342EEA}\sidebar.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\onyeka okeke\Desktop\RSIT.exe
C:\Program Files\trend micro\onyeka okeke.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [Vista Sidebar] C:\Program Files\Vista Sidebar\sidebar.exe
O4 - HKLM\..\Run: [Blaero Start Orb] C:\Program Files\Blaero Start Orb\Blaero Start Orb.exe
O4 - HKLM\..\Run: [Styler] C:\Program Files\Styler\Styler.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\onyeka okeke\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Virtual NIC Service (PackethSvc) - Unknown owner - C:\WINDOWS\System32\PackethSvc.exe (file missing)

--
End of file - 5455 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskUser.job
C:\WINDOWS\tasks\Registration reminder 1.job
C:\WINDOWS\tasks\Registration reminder 2.job
C:\WINDOWS\tasks\Registration reminder 3.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-06-29 419096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-06 652784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D0943516-5076-4020-A3B5-AEFAF26AB263} - Veoh Browser Plug-in - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll [2008-08-25 352256]
{D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - StylerToolBar - C:\Program Files\Styler\TB\StylerTB.dll [2006-05-02 102400]
{0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - Veoh Web Player Video Finder - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll [2008-11-03 463872]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-06-29 1177368]
"LClock"=C:\Program Files\LClock\LClock.exe [2004-09-20 65536]
"Vista Sidebar"=C:\Program Files\Vista Sidebar\sidebar.exe [2006-12-25 6083072]
"Blaero Start Orb"=C:\Program Files\Blaero Start Orb\Blaero Start Orb.exe [2006-07-30 575488]
"Styler"=C:\Program Files\Styler\Styler.exe [2006-05-03 307200]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360]
"Google Update"=C:\Documents and Settings\onyeka okeke\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-05 133104]
"VeohPlugin"=C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe [2008-11-03 3522296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\onyeka okeke\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-05 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-14 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe [2008-08-25 3660848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"msCMTSrvc"=3
"InCDsrv"=2
"Compaq_RBA"=2
"ERSvc"=2
"SCardSvr"=3
"gusvc"=2
"Fax"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-03 239616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\America's Army\System\ArmyOps.exe"="C:\Program Files\America's Army\System\ArmyOps.exe:*:Enabled:ArmyOps"
"C:\Program Files\EA GAMES\MOHAA\MOHAA.exe"="C:\Program Files\EA GAMES\MOHAA\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Messenger\Msmsgs.exe"="C:\Program Files\Messenger\Msmsgs.exe:*:Disabled:Windows Messenger"
"C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe"="C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Documents and Settings\onyeka okeke\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe"="C:\Documents and Settings\onyeka okeke\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player"
"C:\Documents and Settings\onyeka okeke\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll"="C:\Documents and Settings\onyeka okeke\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin"
"C:\Documents and Settings\onyeka okeke\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe"="C:\Documents and Settings\onyeka okeke\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin"
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"="C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player "
"C:\Documents and Settings\onyeka okeke\Desktop\NES\NES\NESTCL95.EXE"="C:\Documents and Settings\onyeka okeke\Desktop\NES\NES\NESTCL95.EXE:*:Disabled:NESTCL95"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
shell\AutoRun\command - F:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a52b269-e427-11d9-80ee-806d6172696f}]
shell\play\command - "C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L"


======List of files/folders created in the last 1 months======

2008-12-07 15:00:02 ----D---- C:\WINDOWS\temp
2008-12-07 14:59:55 ----A---- C:\ComboFix.txt
2008-12-07 14:46:24 ----A---- C:\Boot.bak
2008-12-07 14:46:14 ----RASHD---- C:\cmdcons
2008-12-07 14:44:42 ----A---- C:\WINDOWS\zip.exe
2008-12-07 14:44:42 ----A---- C:\WINDOWS\VFIND.exe
2008-12-07 14:44:42 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-07 14:44:42 ----A---- C:\WINDOWS\SWSC.exe
2008-12-07 14:44:42 ----A---- C:\WINDOWS\SWREG.exe
2008-12-07 14:44:42 ----A---- C:\WINDOWS\sed.exe
2008-12-07 14:44:42 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-07 14:44:42 ----A---- C:\WINDOWS\grep.exe
2008-12-07 14:44:42 ----A---- C:\WINDOWS\fdsv.exe
2008-12-07 14:25:33 ----D---- C:\Documents and Settings\onyeka okeke\Application Data\WinRAR
2008-12-07 14:06:25 ----D---- C:\WINDOWS\ERUNT
2008-12-07 13:53:54 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-07 13:50:29 ----D---- C:\SDFix
2008-12-06 21:58:47 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2008-12-06 21:58:00 ----D---- C:\Program Files\iPod
2008-12-06 21:57:44 ----D---- C:\Program Files\iTunes
2008-12-06 21:57:44 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-06 21:56:57 ----D---- C:\Program Files\Bonjour
2008-12-06 21:53:04 ----D---- C:\Program Files\QuickTime
2008-12-06 21:51:32 ----D---- C:\Program Files\Apple Software Update
2008-12-06 21:50:18 ----D---- C:\Program Files\Common Files\Apple
2008-12-06 21:50:16 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2008-12-04 07:28:29 ----D---- C:\Program Files\trend micro
2008-12-04 07:28:11 ----D---- C:\rsit
2008-11-27 13:27:43 ----D---- C:\Program Files\Free PDF to Word Converter
2008-11-27 12:45:52 ----D---- C:\Program Files\QuickPDF to WORD
2008-11-26 15:28:22 ----D---- C:\WINDOWS\system32\IOSUBSYS
2008-11-12 06:10:05 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 06:08:53 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-11 23:41:23 ----D---- C:\9719dd7171f9eef0d206a22dbbf7ecae

======List of files/folders modified in the last 1 months======

2008-12-07 15:08:02 ----D---- C:\Program Files\Mozilla Firefox
2008-12-07 15:00:05 ----D---- C:\WINDOWS\system32\drivers
2008-12-07 15:00:05 ----D---- C:\WINDOWS\system32
2008-12-07 15:00:05 ----D---- C:\WINDOWS\Prefetch
2008-12-07 15:00:02 ----D---- C:\WINDOWS
2008-12-07 14:59:32 ----D---- C:\QooBox
2008-12-07 14:59:08 ----D---- C:\WINDOWS\erdnt
2008-12-07 14:58:19 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-07 14:52:27 ----A---- C:\WINDOWS\system.ini
2008-12-07 14:50:25 ----D---- C:\WINDOWS\system32\config
2008-12-07 14:49:04 ----D---- C:\WINDOWS\AppPatch
2008-12-07 14:49:04 ----D---- C:\Program Files\Common Files
2008-12-07 14:48:04 ----AD---- C:\Program Files
2008-12-07 14:46:24 ----RASH---- C:\boot.ini
2008-12-07 14:45:08 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-07 14:11:10 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-12-07 13:54:35 ----D---- C:\Documents and Settings
2008-12-07 04:13:07 ----HD---- C:\$AVG8.VAULT$
2008-12-07 01:29:13 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-12-06 21:59:38 ----SHD---- C:\WINDOWS\Installer
2008-12-06 21:59:37 ----SHD---- C:\Config.Msi
2008-12-06 21:58:53 ----HD---- C:\WINDOWS\inf
2008-12-06 21:58:46 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-12-06 21:53:01 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-12-06 21:52:14 ----SD---- C:\WINDOWS\Tasks
2008-12-04 21:36:15 ----D---- C:\Documents and Settings\onyeka okeke\Application Data\Mozilla
2008-12-02 19:50:34 ----HD---- C:\Documents and Settings\onyeka okeke\Application Data\Move Networks
2008-11-28 21:31:10 ----D---- C:\Program Files\Veoh Networks
2008-11-27 19:03:29 ----AC---- C:\WINDOWS\NeroDigital.ini
2008-11-27 18:13:41 ----A---- C:\WINDOWS\winpoint.ini
2008-11-27 15:27:12 ----D---- C:\Program Files\Free PDF to Word Doc Converter
2008-11-26 15:28:06 ----D---- C:\Program Files\Google
2008-11-25 12:43:22 ----D---- C:\WINDOWS\system32\Restore
2008-11-25 12:43:22 ----D---- C:\Program Files\Windows Media Player
2008-11-25 12:43:22 ----D---- C:\Program Files\Outlook Express
2008-11-25 00:03:47 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-20 13:39:32 ----D---- C:\Documents and Settings\onyeka okeke\Application Data\U3
2008-11-14 13:30:40 ----D---- C:\WINDOWS\Help
2008-11-12 06:09:48 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-12 06:09:26 ----A---- C:\WINDOWS\imsins.BAK
2008-11-12 06:06:19 ----D---- C:\WINDOWS\WinSxS

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-06-29 96520]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-06-29 26184]
R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2008-02-27 3840]
R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2004-03-08 13567]
R1 cdrbsvsd;cdrbsvsd; C:\WINDOWS\system32\drivers\cdrbsvsd.sys [2003-12-03 13566]
R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2004-03-24 27664]
R1 incdrm;InCD EasyWrite Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2003-12-29 28080]
R1 SAVRKBootTasks;Boot Tasks Driver; \??\C:\WINDOWS\system32\SAVRKBootTasks.sys []
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225920]
R2 Fallback;Fallback; C:\WINDOWS\System32\DRIVERS\fallback.sys [2002-01-02 303171]
R2 Fsks;Fsks; C:\WINDOWS\System32\DRIVERS\fsksnt.sys [2002-01-02 124701]
R2 K56;K56; C:\WINDOWS\System32\DRIVERS\k56nt.sys [2002-01-02 428431]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2001-09-17 17744]
R2 SoftFax;SoftFax; C:\WINDOWS\System32\DRIVERS\faxnt.sys [2002-01-02 212491]
R2 StreamDispatcher;StreamDispatcher; C:\WINDOWS\System32\DRIVERS\strmdisp.sys [2002-01-02 33548]
R2 Tones;Tones; C:\WINDOWS\System32\DRIVERS\tonesnt.sys [2002-01-02 59663]
R2 V124;V124; C:\WINDOWS\System32\DRIVERS\v124nt.sys [2002-01-02 541981]
R3 basic2;basic2; C:\WINDOWS\System32\DRIVERS\basic2.sys [2002-01-02 84786]
R3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\System32\Drivers\BrScnUsb.sys [2003-12-19 15263]
R3 eaps2kbd;Compaq Easy Access PS2 Internet Keyboard (Win2K); C:\WINDOWS\System32\DRIVERS\eaps2kbd.sys [2001-12-28 24035]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2002-03-09 909501]
R3 NVENET;NVIDIA nForce MCP Networking Adapter Driver; C:\WINDOWS\System32\DRIVERS\NVENET.sys [2002-03-19 96768]
R3 Rksample;Rksample; C:\WINDOWS\System32\DRIVERS\rksample.sys [2002-01-02 62422]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2002-01-16 415400]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2004-08-03 12416]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2004-08-03 17024]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-03 25856]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2002-01-02 591520]
R3 ZD1211U(ZyDAS);ZyDAS ZD1211 IEEE 802.11b+g Wireless LAN Driver (USB)(ZyDAS); C:\WINDOWS\System32\DRIVERS\zd1211u.sys [2005-08-02 278016]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2004-03-24 99568]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2004-08-03 42496]
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2004-08-03 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2004-08-03 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2004-08-03 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2004-08-03 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2004-08-03 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2004-08-03 19455]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2004-08-03 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2004-08-03 19551]
S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys []
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2004-08-03 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2004-08-03 23615]
S3 IPSECSHM;Nortel IPSECSHM Adapter; C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys []
S3 MEMSWEEP2;MEMSWEEP2; \??\C:\WINDOWS\system32\181.tmp []
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2004-08-03 40320]
S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\System32\PCAMPR5.SYS []
S3 RimUsb;BlackBerry Device; C:\WINDOWS\System32\Drivers\RimUsb.sys [2005-07-05 20608]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 wandrv;WAN Network Driver; C:\WINDOWS\System32\DRIVERS\wandrv.sys [2001-08-09 22608]
S3 ZDBRGSYS;ZDBRGSYS NDIS Protocol Driver; \??\C:\WINDOWS\System32\ZDBRGSYS.SYS []
S3 ZDPNDIS5;ZDPNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\ZDPNDIS5.SYS []
S3 ZDPSp50;ZDPSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\ZDPSp50.sys [2004-10-25 17664]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2004-08-03 5504]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-17 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2004-08-03 14336]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-29 282904]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 brmfrmps;Brother Popup Suspend service for Resource manager; C:\WINDOWS\system32\Brmfrmps.exe [2003-05-05 65536]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-06 168432]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-19 322120]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\System32\nvsvc32.exe [2002-03-09 61440]
R2 SimpTcp;Simple TCP/IP Services; C:\WINDOWS\System32\tcpsvcs.exe [2001-08-17 19456]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2005-01-28 38912]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S2 Brother XP spl Service;BrSplService; C:\WINDOWS\System32\brsvc01a.exe [2002-04-12 57344]
S2 PackethSvc;Virtual NIC Service; C:\WINDOWS\System32\PackethSvc.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 p2pgasvc;Peer Networking Group Authentication; C:\WINDOWS\System32\svchost.exe [2004-08-03 14336]
S3 p2pimsvc;Peer Networking Identity Manager; C:\WINDOWS\System32\svchost.exe [2004-08-03 14336]
S3 p2psvc;Peer Networking; C:\WINDOWS\System32\svchost.exe [2004-08-03 14336]
S3 PNRPSvc;Peer Name Resolution Protocol; C:\WINDOWS\System32\svchost.exe [2004-08-03 14336]
S4 Compaq_RBA;Compaq Advisor; C:\Program Files\COMPAQ\Compaq Advisor\bin\compaq-rba.exe []
S4 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-03 267776]
S4 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2004-03-24 876656]
S4 msCMTSrvc;Content Monitoring Tool; C:\WINDOWS\system32\msCMTSrvc.exe []
S4 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2007-08-05 66872]

-----------------EOF-----------------

#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
    •  
  • Local time:07:32 AM

Posted 07 December 2008 - 09:33 PM

The steps that I am about to suggest involve modifying the registry. Modfying the registry can be dangerous so we will make a backup of the registry first.
Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing so follow the steps that are listed below EXACTLY. if you cannot perform some of these steps or if you have ANY questions please ask BEFORE proceeding.

Backing Up Your Registry
  • Go HERE and download ERUNT
    (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
  • Install ERUNT by following the prompts
    (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
  • Start ERUNT
    (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
  • Choose a location for the backup
    (the default location is C:\WINDOWS\ERDNT which is acceptable).
  • Make sure that at least the first two check boxes are ticked
  • Press OK
  • Press YES to create the folder.
For detailed instruction on how to back-up registry via ERUNT, please visit HERE




NEXT


Please download the OTMoveIt3 by OldTimer
  • Save it to your Desktop.
  • Please double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Let the Unregister Dll's and Ocx's remain ticked and Zip Files After Moves remain unticked..
  • Copy the codebox contents and paste it to the "Paste List of Files/Folders to Move" window (under the light Yellow bar)

    :processes
explorer.exe

:services
MEMSWEEP2

:files
c:\windows\system32\181.tmp
c:\windows\system32\1112.dat

:commands
[purity]
[emptytemp]
[start explorer]
[reboot]
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.




NEXT


Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.



Run RSIT again.. Post these logs in your next reply..

1. OTMoveIt3
2. Malwarebytes'
3. RSIT log.txt
4. Tell me, how is the computer now?

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive

#5 obiali1

obiali1
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
    •  
  • Local time:06:32 PM

Posted 08 December 2008 - 02:39 PM

here are the logs

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
Service MEMSWEEP2 stopped successfully.
Service MEMSWEEP2 deleted successfully.
========== FILES ==========
File/Folder c:\windows\system32\181.tmp not found.
c:\windows\system32\1112.dat moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\ONYEKA~1\LOCALS~1\Temp\etilqs_0QLHrAToh1YCTro03gWQ scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ONYEKA~1\LOCALS~1\Temp\etilqs_0QLHrAToh1YCTro03gWQ-journal scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ONYEKA~1\LOCALS~1\Temp\etilqs_w0ymAobBZLfqbq6eSacL scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ONYEKA~1\LOCALS~1\Temp\GLC6.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ONYEKA~1\LOCALS~1\Temp\GLG9.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ONYEKA~1\LOCALS~1\Temp\Perflib_Perfdata_c38.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ONYEKA~1\LOCALS~1\Temp\~DFFDCA.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\onyeka okeke\Local Settings\Application Data\Mozilla\Firefox\Profiles\ncpaifih.default\OfflineCache\index.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\onyeka okeke\Local Settings\Application Data\Mozilla\Firefox\Profiles\ncpaifih.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\onyeka okeke\Local Settings\Application Data\Mozilla\Firefox\Profiles\ncpaifih.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\onyeka okeke\Local Settings\Application Data\Mozilla\Firefox\Profiles\ncpaifih.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\onyeka okeke\Local Settings\Application Data\Mozilla\Firefox\Profiles\ncpaifih.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\onyeka okeke\Local Settings\Application Data\Mozilla\Firefox\Profiles\ncpaifih.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\onyeka okeke\Local Settings\Application Data\Mozilla\Firefox\Profiles\ncpaifih.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12072008_211831

Files moved on Reboot...
File C:\DOCUME~1\ONYEKA~1\LOCALS~1\Temp\etilqs_0QLHrAToh1YCTro03gWQ not found!
File C:\DOCUME~1\ONYEKA~1\LOCALS~1\Temp\etilqs_0QLHrAToh1YCTro03gWQ-journal not found!
File C:\DOCUME~1\ONYEKA~1\LOCALS~1\Temp\etilqs_w0ymAobBZLfqbq6eSacL not found!
C:\DOCUME~1\ONYEKA~1\LOCALS~1\Temp\GLC6.tmp moved successfully.
C:\DOCUME~1\ONYEKA~1\LOCALS~1\Temp\GLG9.tmp moved successfully.
File C:\DOCUME~1\ONYEKA~1\LOCALS~1\Temp\Perflib_Perfdata_c38.dat not found!
C:\DOCUME~1\ONYEKA~1\LOCALS~1\Temp\~DFFDCA.tmp moved successfully.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
C:\Documents and Settings\onyeka okeke\Local Settings\Application Data\Mozilla\Firefox\Profiles\ncpaifih.default\OfflineCache\index.sqlite moved successfully.
C:\Documents and Settings\onyeka okeke\Local Settings\Application Data\Mozilla\Firefox\Profiles\ncpaifih.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\onyeka okeke\Local Settings\Application Data\Mozilla\Firefox\Profiles\ncpaifih.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\onyeka okeke\Local Settings\Application Data\Mozilla\Firefox\Profiles\ncpaifih.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\onyeka okeke\Local Settings\Application Data\Mozilla\Firefox\Profiles\ncpaifih.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\onyeka okeke\Local Settings\Application Data\Mozilla\Firefox\Profiles\ncpaifih.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\onyeka okeke\Local Settings\Application Data\Mozilla\Firefox\Profiles\ncpaifih.default\XUL.mfl moved successfully.


========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
Service MEMSWEEP2 stopped successfully.
Service MEMSWEEP2 deleted successfully.
========== FILES ==========
File/Folder c:\windows\system32\181.tmp not found.
c:\windows\system32\1112.dat moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\ONYEKA~1\LOCALS~1\Temp\etilqs_0QLHrAToh1YCTro03gWQ scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ONYEKA~1\LOCALS~1\Temp\etilqs_0QLHrAToh1YCTro03gWQ-journal scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ONYEKA~1\LOCALS~1\Temp\etilqs_w0ymAobBZLfqbq6eSacL scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ONYEKA~1\LOCALS~1\Temp\GLC6.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ONYEKA~1\LOCALS~1\Temp\GLG9.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ONYEKA~1\LOCALS~1\Temp\Perflib_Perfdata_c38.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ONYEKA~1\LOCALS~1\Temp\~DFFDCA.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\onyeka okeke\Local Settings\Application Data\Mozilla\Firefox\Profiles\ncpaifih.default\OfflineCache\index.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\onyeka okeke\Local Settings\Application Data\Mozilla\Firefox\Profiles\ncpaifih.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\onyeka okeke\Local Settings\Application Data\Mozilla\Firefox\Profiles\ncpaifih.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\onyeka okeke\Local Settings\Application Data\Mozilla\Firefox\Profiles\ncpaifih.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\onyeka okeke\Local Settings\Application Data\Mozilla\Firefox\Profiles\ncpaifih.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\onyeka okeke\Local Settings\Application Data\Mozilla\Firefox\Profiles\ncpaifih.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\onyeka okeke\Local Settings\Application Data\Mozilla\Firefox\Profiles\ncpaifih.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12072008_211831

Files moved on Reboot...
File C:\DOCUME~1\ONYEKA~1\LOCALS~1\Temp\etilqs_0QLHrAToh1YCTro03gWQ not found!
File C:\DOCUME~1\ONYEKA~1\LOCALS~1\Temp\etilqs_0QLHrAToh1YCTro03gWQ-journal not found!
File C:\DOCUME~1\ONYEKA~1\LOCALS~1\Temp\etilqs_w0ymAobBZLfqbq6eSacL not found!
C:\DOCUME~1\ONYEKA~1\LOCALS~1\Temp\GLC6.tmp moved successfully.
C:\DOCUME~1\ONYEKA~1\LOCALS~1\Temp\GLG9.tmp moved successfully.
File C:\DOCUME~1\ONYEKA~1\LOCALS~1\Temp\Perflib_Perfdata_c38.dat not found!
C:\DOCUME~1\ONYEKA~1\LOCALS~1\Temp\~DFFDCA.tmp moved successfully.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
C:\Documents and Settings\onyeka okeke\Local Settings\Application Data\Mozilla\Firefox\Profiles\ncpaifih.default\OfflineCache\index.sqlite moved successfully.
C:\Documents and Settings\onyeka okeke\Local Settings\Application Data\Mozilla\Firefox\Profiles\ncpaifih.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\onyeka okeke\Local Settings\Application Data\Mozilla\Firefox\Profiles\ncpaifih.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\onyeka okeke\Local Settings\Application Data\Mozilla\Firefox\Profiles\ncpaifih.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\onyeka okeke\Local Settings\Application Data\Mozilla\Firefox\Profiles\ncpaifih.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\onyeka okeke\Local Settings\Application Data\Mozilla\Firefox\Profiles\ncpaifih.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\onyeka okeke\Local Settings\Application Data\Mozilla\Firefox\Profiles\ncpaifih.default\XUL.mfl moved successfully.


Logfile of random's system information tool 1.04 (written by random/random)
Run by onyeka okeke at 2008-12-08 11:35:12
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 27 GB (48%) free of 57 GB
Total RAM: 479 MB (21% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:35:18 AM, on 12/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\Vista Drive Icon\DrvIcon.exe
C:\Program Files\VisualTooltip\VisualToolTip.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\onyeka okeke\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\Vista Rainbar\launcher.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ViStart\ViStart.exe
C:\Program Files\VisualTooltip\VisualToolTip.exe
C:\Program Files\ViOrb\ViOrb.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\VISTAR~1\Rainbar.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\onyeka okeke\Desktop\SPYWARE TOOLS\RSIT.exe
C:\Program Files\trend micro\onyeka okeke.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe
O4 - HKLM\..\Run: [VisualTooltip] C:\Program Files\VisualTooltip\VisualToolTip.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\onyeka okeke\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKCU\..\Run: [Vista Rainbar] C:\Program Files\Vista Rainbar\launcher.exe
O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe
O4 - HKCU\..\Run: [VisualTooltip] C:\Program Files\VisualTooltip\VisualToolTip.exe
O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Virtual NIC Service (PackethSvc) - Unknown owner - C:\WINDOWS\System32\PackethSvc.exe (file missing)

--
End of file - 5481 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUser.job
C:\WINDOWS\tasks\Registration reminder 1.job
C:\WINDOWS\tasks\Registration reminder 2.job
C:\WINDOWS\tasks\Registration reminder 3.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-06-29 419096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-06 652784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D0943516-5076-4020-A3B5-AEFAF26AB263} - Veoh Browser Plug-in - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll [2008-08-25 352256]
{0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - Veoh Web Player Video Finder - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll [2008-11-03 463872]
{D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - StylerToolBar - C:\Program Files\Styler\TB\StylerTB.dll [2006-05-02 102400]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-06-29 1177368]
"LClock"=C:\Program Files\LClock\LClock.exe [2004-09-20 65536]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe -atboottime []
"DrvIcon"=C:\Program Files\Vista Drive Icon\DrvIcon.exe [2008-04-13 49152]
"VisualTooltip"=C:\Program Files\VisualTooltip\VisualToolTip.exe [2007-04-25 956928]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360]
"Google Update"=C:\Documents and Settings\onyeka okeke\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-05 133104]
"VeohPlugin"=C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe [2008-11-03 3522296]
"LClock"=C:\Program Files\LClock\LClock.exe [2004-09-20 65536]
"Vista Rainbar"=C:\Program Files\Vista Rainbar\launcher.exe [2008-11-14 131778]
"ViStart"=C:\Program Files\ViStart\ViStart.exe [2008-11-12 602112]
"VisualTooltip"=C:\Program Files\VisualTooltip\VisualToolTip.exe [2007-04-25 956928]
"ViOrb"=C:\Program Files\ViOrb\ViOrb.exe [2008-11-14 69632]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-14 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\onyeka okeke\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-05 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-14 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe [2008-08-25 3660848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"msCMTSrvc"=3
"InCDsrv"=2
"Compaq_RBA"=2
"ERSvc"=2
"SCardSvr"=3
"gusvc"=2
"Fax"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-03 239616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\America's Army\System\ArmyOps.exe"="C:\Program Files\America's Army\System\ArmyOps.exe:*:Enabled:ArmyOps"
"C:\Program Files\EA GAMES\MOHAA\MOHAA.exe"="C:\Program Files\EA GAMES\MOHAA\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Messenger\Msmsgs.exe"="C:\Program Files\Messenger\Msmsgs.exe:*:Disabled:Windows Messenger"
"C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe"="C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Documents and Settings\onyeka okeke\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe"="C:\Documents and Settings\onyeka okeke\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player"
"C:\Documents and Settings\onyeka okeke\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll"="C:\Documents and Settings\onyeka okeke\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin"
"C:\Documents and Settings\onyeka okeke\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe"="C:\Documents and Settings\onyeka okeke\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin"
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"="C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player "
"C:\Documents and Settings\onyeka okeke\Desktop\NES\NES\NESTCL95.EXE"="C:\Documents and Settings\onyeka okeke\Desktop\NES\NES\NESTCL95.EXE:*:Disabled:NESTCL95"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
shell\AutoRun\command - F:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a52b269-e427-11d9-80ee-806d6172696f}]
shell\play\command - "C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L"


======List of files/folders created in the last 1 months======

2008-12-07 21:30:32 ----D---- C:\Documents and Settings\onyeka okeke\Application Data\Malwarebytes
2008-12-07 21:30:22 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-07 21:30:22 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-07 21:18:31 ----D---- C:\_OTMoveIt
2008-12-07 21:14:02 ----D---- C:\Program Files\ERUNT
2008-12-07 19:12:43 ----SHD---- C:\RECYCLER
2008-12-07 18:50:02 ----D---- C:\Documents and Settings\onyeka okeke\Application Data\ViStart
2008-12-07 18:49:42 ----D---- C:\WINDOWS\system32\VIRepair
2008-12-07 18:42:03 ----A---- C:\WINDOWS\system32\viwc.exe
2008-12-07 18:42:02 ----D---- C:\Program Files\ViSplore
2008-12-07 18:41:59 ----D---- C:\Program Files\TrueTransparency
2008-12-07 18:41:58 ----D---- C:\Program Files\WinFlip
2008-12-07 18:41:57 ----D---- C:\Program Files\ViStart
2008-12-07 18:41:56 ----D---- C:\Program Files\VisualTooltip
2008-12-07 18:41:56 ----D---- C:\Program Files\ViOrb
2008-12-07 18:41:48 ----D---- C:\Program Files\Styler
2008-12-07 18:41:47 ----D---- C:\Program Files\Vista Rainbar
2008-12-07 18:41:46 ----D---- C:\Program Files\LClock
2008-12-07 18:41:45 ----D---- C:\Program Files\Vista Drive Icon
2008-12-07 18:41:44 ----A---- C:\WINDOWS\system32\vistaui.exe
2008-12-07 18:36:26 ----D---- C:\WINDOWS\system32\VITrans
2008-12-07 18:36:22 ----A---- C:\WINDOWS\system32\pskill.exe
2008-12-07 18:33:41 ----A---- C:\WINDOWS\system32\scrnrdr.exe
2008-12-07 15:00:02 ----D---- C:\WINDOWS\temp
2008-12-07 14:59:55 ----A---- C:\ComboFix.txt
2008-12-07 14:46:24 ----A---- C:\Boot.bak
2008-12-07 14:46:14 ----RASHD---- C:\cmdcons
2008-12-07 14:44:42 ----A---- C:\WINDOWS\zip.exe
2008-12-07 14:44:42 ----A---- C:\WINDOWS\VFIND.exe
2008-12-07 14:44:42 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-07 14:44:42 ----A---- C:\WINDOWS\SWSC.exe
2008-12-07 14:44:42 ----A---- C:\WINDOWS\SWREG.exe
2008-12-07 14:44:42 ----A---- C:\WINDOWS\sed.exe
2008-12-07 14:44:42 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-07 14:44:42 ----A---- C:\WINDOWS\grep.exe
2008-12-07 14:44:42 ----A---- C:\WINDOWS\fdsv.exe
2008-12-07 14:25:33 ----D---- C:\Documents and Settings\onyeka okeke\Application Data\WinRAR
2008-12-07 14:06:25 ----D---- C:\WINDOWS\ERUNT
2008-12-07 13:53:54 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-07 13:50:29 ----D---- C:\SDFix
2008-12-06 21:56:57 ----D---- C:\Program Files\Bonjour
2008-12-06 21:50:16 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2008-12-04 07:28:29 ----D---- C:\Program Files\trend micro
2008-12-04 07:28:11 ----D---- C:\rsit
2008-11-27 13:27:43 ----D---- C:\Program Files\Free PDF to Word Converter
2008-11-27 12:45:52 ----D---- C:\Program Files\QuickPDF to WORD
2008-11-26 15:28:22 ----D---- C:\WINDOWS\system32\IOSUBSYS
2008-11-12 06:10:05 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 06:08:53 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-11 23:41:23 ----D---- C:\9719dd7171f9eef0d206a22dbbf7ecae

======List of files/folders modified in the last 1 months======

2008-12-08 11:24:42 ----D---- C:\Program Files\Mozilla Firefox
2008-12-08 11:20:03 ----D---- C:\WINDOWS\Prefetch
2008-12-08 10:27:52 ----D---- C:\WINDOWS\system32\drivers
2008-12-08 10:27:17 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-08 10:25:59 ----D---- C:\WINDOWS\system32
2008-12-08 10:25:59 ----D---- C:\WINDOWS
2008-12-08 09:11:11 ----AD---- C:\Program Files
2008-12-08 06:02:10 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-12-08 06:02:10 ----HD---- C:\WINDOWS\inf
2008-12-08 06:02:10 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-08 06:02:04 ----D---- C:\Program Files\Internet Explorer
2008-12-08 06:02:01 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-08 02:29:22 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-12-07 22:02:24 ----HD---- C:\$AVG8.VAULT$
2008-12-07 21:15:51 ----D---- C:\WINDOWS\erdnt
2008-12-07 20:12:27 ----HD---- C:\Documents and Settings\onyeka okeke\Application Data\Move Networks
2008-12-07 19:44:39 ----AC---- C:\WINDOWS\NeroDigital.ini
2008-12-07 19:41:09 ----D---- C:\Temp
2008-12-07 19:40:23 ----D---- C:\My Downloads
2008-12-07 19:35:19 ----D---- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-12-07 18:47:52 ----D---- C:\WINDOWS\system32\Restore
2008-12-07 18:47:52 ----D---- C:\VTPFiles
2008-12-07 18:47:52 ----D---- C:\Program Files\Windows Media Player
2008-12-07 18:47:51 ----D---- C:\Program Files\Outlook Express
2008-12-07 18:42:03 ----RSD---- C:\WINDOWS\Fonts
2008-12-07 18:41:44 ----D---- C:\WINDOWS\Cursors
2008-12-07 18:41:16 ----D---- C:\WINDOWS\Media
2008-12-07 17:25:32 ----SHD---- C:\WINDOWS\Installer
2008-12-07 17:25:27 ----SHD---- C:\Config.Msi
2008-12-07 17:25:08 ----D---- C:\Program Files\Common Files
2008-12-07 17:24:23 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-12-07 17:19:11 ----SD---- C:\WINDOWS\Tasks
2008-12-07 15:00:05 ----D---- C:\QooBox
2008-12-07 14:52:27 ----A---- C:\WINDOWS\system.ini
2008-12-07 14:50:25 ----D---- C:\WINDOWS\system32\config
2008-12-07 14:49:04 ----D---- C:\WINDOWS\AppPatch
2008-12-07 14:46:24 ----RASH---- C:\boot.ini
2008-12-07 13:54:35 ----D---- C:\Documents and Settings
2008-12-06 21:53:01 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-12-04 21:36:15 ----D---- C:\Documents and Settings\onyeka okeke\Application Data\Mozilla
2008-11-28 21:31:10 ----D---- C:\Program Files\Veoh Networks
2008-11-27 18:13:41 ----A---- C:\WINDOWS\winpoint.ini
2008-11-27 15:27:12 ----D---- C:\Program Files\Free PDF to Word Doc Converter
2008-11-26 15:28:06 ----D---- C:\Program Files\Google
2008-11-25 00:03:47 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-20 13:39:32 ----D---- C:\Documents and Settings\onyeka okeke\Application Data\U3
2008-11-14 13:30:40 ----D---- C:\WINDOWS\Help
2008-11-12 06:09:48 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-12 06:09:26 ----A---- C:\WINDOWS\imsins.BAK
2008-11-12 06:06:19 ----D---- C:\WINDOWS\WinSxS

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-06-29 96520]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-06-29 26184]
R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2004-03-08 13567]
R1 cdrbsvsd;cdrbsvsd; C:\WINDOWS\system32\drivers\cdrbsvsd.sys [2003-12-03 13566]
R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2004-03-24 27664]
R1 incdrm;InCD EasyWrite Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2003-12-29 28080]
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225920]
R2 Fallback;Fallback; C:\WINDOWS\System32\DRIVERS\fallback.sys [2002-01-02 303171]
R2 Fsks;Fsks; C:\WINDOWS\System32\DRIVERS\fsksnt.sys [2002-01-02 124701]
R2 K56;K56; C:\WINDOWS\System32\DRIVERS\k56nt.sys [2002-01-02 428431]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2001-09-17 17744]
R2 SoftFax;SoftFax; C:\WINDOWS\System32\DRIVERS\faxnt.sys [2002-01-02 212491]
R2 StreamDispatcher;StreamDispatcher; C:\WINDOWS\System32\DRIVERS\strmdisp.sys [2002-01-02 33548]
R2 Tones;Tones; C:\WINDOWS\System32\DRIVERS\tonesnt.sys [2002-01-02 59663]
R2 V124;V124; C:\WINDOWS\System32\DRIVERS\v124nt.sys [2002-01-02 541981]
R3 basic2;basic2; C:\WINDOWS\System32\DRIVERS\basic2.sys [2002-01-02 84786]
R3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\System32\Drivers\BrScnUsb.sys [2003-12-19 15263]
R3 eaps2kbd;Compaq Easy Access PS2 Internet Keyboard (Win2K); C:\WINDOWS\System32\DRIVERS\eaps2kbd.sys [2001-12-28 24035]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2002-03-09 909501]
R3 NVENET;NVIDIA nForce MCP Networking Adapter Driver; C:\WINDOWS\System32\DRIVERS\NVENET.sys [2002-03-19 96768]
R3 Rksample;Rksample; C:\WINDOWS\System32\DRIVERS\rksample.sys [2002-01-02 62422]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2002-01-16 415400]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2004-08-03 12416]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2004-08-03 17024]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-03 25856]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2002-01-02 591520]
R3 ZD1211U(ZyDAS);ZyDAS ZD1211 IEEE 802.11b+g Wireless LAN Driver (USB)(ZyDAS); C:\WINDOWS\System32\DRIVERS\zd1211u.sys [2005-08-02 278016]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2004-03-24 99568]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2004-08-03 42496]
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2004-08-03 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2004-08-03 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2004-08-03 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2004-08-03 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2004-08-03 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2004-08-03 19455]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2004-08-03 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2004-08-03 19551]
S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys []
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2004-08-03 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2004-08-03 23615]
S3 IPSECSHM;Nortel IPSECSHM Adapter; C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys []
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2004-08-03 40320]
S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\System32\PCAMPR5.SYS []
S3 RimUsb;BlackBerry Device; C:\WINDOWS\System32\Drivers\RimUsb.sys [2005-07-05 20608]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 wandrv;WAN Network Driver; C:\WINDOWS\System32\DRIVERS\wandrv.sys [2001-08-09 22608]
S3 ZDBRGSYS;ZDBRGSYS NDIS Protocol Driver; \??\C:\WINDOWS\System32\ZDBRGSYS.SYS []
S3 ZDPNDIS5;ZDPNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\ZDPNDIS5.SYS []
S3 ZDPSp50;ZDPSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\ZDPSp50.sys [2004-10-25 17664]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2004-08-03 5504]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-17 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2004-08-03 14336]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-29 282904]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 brmfrmps;Brother Popup Suspend service for Resource manager; C:\WINDOWS\system32\Brmfrmps.exe [2003-05-05 65536]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-06 168432]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-19 322120]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\System32\nvsvc32.exe [2002-03-09 61440]
R2 SimpTcp;Simple TCP/IP Services; C:\WINDOWS\System32\tcpsvcs.exe [2001-08-17 19456]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2005-01-28 38912]
S2 Brother XP spl Service;BrSplService; C:\WINDOWS\System32\brsvc01a.exe [2002-04-12 57344]
S2 PackethSvc;Virtual NIC Service; C:\WINDOWS\System32\PackethSvc.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 p2pgasvc;Peer Networking Group Authentication; C:\WINDOWS\System32\svchost.exe [2004-08-03 14336]
S3 p2pimsvc;Peer Networking Identity Manager; C:\WINDOWS\System32\svchost.exe [2004-08-03 14336]
S3 p2psvc;Peer Networking; C:\WINDOWS\System32\svchost.exe [2004-08-03 14336]
S3 PNRPSvc;Peer Name Resolution Protocol; C:\WINDOWS\System32\svchost.exe [2004-08-03 14336]
S4 Compaq_RBA;Compaq Advisor; C:\Program Files\COMPAQ\Compaq Advisor\bin\compaq-rba.exe []
S4 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-03 267776]
S4 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2004-03-24 876656]
S4 msCMTSrvc;Content Monitoring Tool; C:\WINDOWS\system32\msCMTSrvc.exe []
S4 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2007-08-05 66872]

-----------------EOF-----------------

#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
    •  
  • Local time:07:32 AM

Posted 08 December 2008 - 02:56 PM

Err.. Where's Malwarebytes' log? You've posted OTMoveIt3 log twice.. Please open Malwarebytes' >> Go to "Logs" tab >> post the most recent log here..


How is the computer now? :thumbsup:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive

#7 obiali1

obiali1
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
    •  
  • Local time:06:32 PM

Posted 08 December 2008 - 06:29 PM

Sorry, Here it is. And the system seems to be fine now. What do I do with the tools i downloaded. shld I stack em in a file for future use? Thanx a lot btw.

Malwarebytes' Anti-Malware 1.31
Database version: 1472
Windows 5.1.2600 Service Pack 2

12/8/2008 10:25:59 AM
mbam-log-2008-12-08 (10-25-59).txt

Scan type: Full Scan (C:\|)
Objects scanned: 125261
Time elapsed: 1 hour(s), 0 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 14
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\videoegg.activexloader (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\videoegg.activexloader.1 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bfb5f154-9212-46f3-b547-ac6106030a54} (Adware.DosPopToolbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a0899bf0-5f7f-4ad8-bb34-e7a7f8c02b63} (Adware.DosPopToolbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videoegg.com/publisher,version=1.5 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MozillaPlugins\@videoegg.com/publisher,version=1.5 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\BM33dae20f.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

#8 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
    •  
  • Local time:07:32 AM

Posted 08 December 2008 - 10:00 PM

Everything looks good to me, lets do some clean-up...


Now for some cleanup..
  • Make sure you have an Internet Connection.
  • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OtMoveit2 to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.


Please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware

And another excellent article by CastleCops Malware Prevention: Prevent Re-infection

Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :thumbsup:



Have a safe and happy computing day!


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive

Back to Virus, Trojan, Spyware, and Malware Removal Help


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Help
  4. Privacy Policy
  5. Rules ·