Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help: Darksma? Vundo? ... pop-ups on both browsers


  • This topic is locked This topic is locked
10 replies to this topic

#1 srs178

srs178

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 28 December 2008 - 07:16 PM

Greetings,

I'm hoping I can get some help. I seem to have picked up a some form of malware that continues to open web pages in both IE/Firefox. I run the Anti-spy tool in the Yahoo! toolbar and it continues to show 'Darksma'. Also, it seems to trigger the popups when I use the search boxes on either yahoo/google. I've run SUPERAntiSpyware and that found a few 'vundo like' items and removed them. However, I cannot seem to shake the pop-ups. Below is the latest HJT log from the latest version of HJT i downloaded. Any help would be appreciated!

~Steve

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:08:31 PM, on 12/28/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\PROGRA~1\CLIMAT~1\execs\CPDNSE~1.EXE
C:\WINDOWS\System32\E_S00RP1.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\PROGRA~1\CLIMAT~1\execs\Client Interface.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\SAgent4.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\timesync.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\RunDll32.exe
D:\Program Files\Napster\napster.exe
C:\Program Files\VMware\VMware Converter\vmware-ufad.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\RunDLL32.exe
C:\sj650\hpupdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
D:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
D:\Program Files\tunebite\tunebite.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft Money\System\Money Express.exe
C:\Program Files\Wootalyzer\woot.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Microsoft Office\Office10\msoffice.exe
D:\Program Files\PokerOffice\bin\javaw.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\HPZinw12.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Documents and Settings\Smith\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {8f2b51cf-cb70-4c9f-be25-9454f893e840} - C:\WINDOWS\System32\yazeriza.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HGTXPEI] C:\WINDOWS\EndInstall.exe
O4 - HKLM\..\Run: [SoundFusion] RunDll32 hercplgs.cpl,BootEntryPoint
O4 - HKLM\..\Run: [POEngine] "D:\Program Files\PokerOffice\POEngine.exe" D:\Program Files\PokerOffice
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NapsterShell] D:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [VF0060 STISvc] RunDLL32.exe V0060Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [hp Update 3300C] C:\sj650\hpupdate.exe 3300C+
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [9007450b] rundll32.exe "C:\WINDOWS\System32\jpinedms.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealOne Player\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [AnyDVD] D:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [tunebite.exe] D:\Program Files\tunebite\tunebite.exe -hidden
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Wootalyzer] C:\Program Files\Wootalyzer\woot.exe
O4 - HKCU\..\Run: [GetPack24] "C:\Program Files\GetPack\GetPack24.exe"
O4 - HKCU\..\Run: [kuzq] C:\PROGRA~1\COMMON~1\kuzq\kuzqm.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Tnnm] "C:\PROGRA~1\COMMON~1\WNSXS~1\lsass.exe" -vt yazb
O4 - HKUS\S-1-5-19\..\Run: [fohogitazu] Rundll32.exe "C:\WINDOWS\System32\komabagi.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [fohogitazu] Rundll32.exe "C:\WINDOWS\System32\komabagi.dll",s (User 'NETWORK SERVICE')
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Travelaxe - {32A32D38-B8ED-4b3f-AFD0-EF23B697B5C1} - C:\Program Files\Travelaxe\Travelaxe.exe (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - d:\program files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - d:\program files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: Yahoo! Fleet - http://download.games.yahoo.com/games/clients/y/fltt1_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt2_x.cab
O16 - DPF: Yahoo! MLB StatTracker - http://aud4.sports.dcn.yahoo.com/java/y/mlbst8402_x.cab
O16 - DPF: Yahoo! NBA StatTracker - http://aud3.sports.yahoo.com/java/y/nbast8264_x.cab
O16 - DPF: Yahoo! NFL StatTracker - http://aud4.sports.yahoo.com/java/y/nflst8226_x.cab
O16 - DPF: Yahoo! NHL StatTracker - http://aud5.sports.yahoo.com/java/y/nhlst8244_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt0_x.cab
O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/games/clients/y/wt0_x.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200207...meInstaller.exe
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ss/sa...abs/tgctlsr.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/...ymmapi_0727.dll
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.net/checkmypc/includes/MotivePreQual.cab
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://www.atlas.lsu.edu/acgm/acgm.cab
O20 - AppInit_DLLs: NVDESK32.DLL wklfnv.dll onzcse.dll fokwza.dll C:\WINDOWS\System32\sijorera.dll c:\windows\system32\kanelewu.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: sSMfDSIb - C:\WINDOWS\
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CPDNService - University of Oxford, Computing Laboratory & Dept of Atmospheric Physics - D:\PROGRA~1\CLIMAT~1\execs\CPDNSE~1.EXE
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\System32\E_S00RP1.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\System32\SAgent4.exe
O23 - Service: TimeSync - Intellisoft AG, Switzerland - C:\WINDOWS\SYSTEM32\timesync.exe
O23 - Service: VMware Converter Service (ufad-p2v) - VMware, Inc. - C:\Program Files\VMware\VMware Converter\vmware-ufad.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 11871 bytes

BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 05 January 2009 - 06:05 AM

Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.



NEXT


Please download GMER and unzip it to your Desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.


Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GMER result..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 srs178

srs178
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 05 January 2009 - 10:22 PM

Thanks for your help. I have completed all the scans. The logs are attached below. Malwarebytes' asked for a reboot and since then pop-ups have disappeared.

Let me know what further things I may need to do. Again, thank you for your time!

~Steve

#4 srs178

srs178
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 05 January 2009 - 10:24 PM

Malwarebytes' Anti-Malware 1.32
Database version: 1621
Windows 5.1.2600 Service Pack 1

1/5/2009 9:24:54 PM
mbam-log-2009-01-05 (21-24-54).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 249665
Time elapsed: 1 hour(s), 11 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 8
Registry Keys Infected: 22
Registry Values Infected: 2
Registry Data Items Infected: 7
Folders Infected: 1
Files Infected: 77

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\kawoseso.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\labegefo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\rerujito.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\riketuti.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\watekese.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\kagaloyu.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\vidiyuyo.dll (Trojan.Vundo) -> Delete on reboot.
c:\WINDOWS\system32\zijigegu.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{f7fa36a4-3177-4b57-b9c1-e9c5b2e0d3a9} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8f2b51cf-cb70-4c9f-be25-9454f893e840} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{abadc07c-9990-405a-aa24-2c209b50ae79} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{be379c85-6ad0-42fe-9b2d-a56baa7e31c6} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d85e4fe0-b11e-47f0-a1cf-8f48e447dc9a} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Delete on reboot.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fc6e3735-57b3-48b8-9002-54c155215632} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{4a9967ab-4c5c-4325-b8c9-4f2be9142c81} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\egmulhxk.msdn_hlp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpeedRunner (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Spruce (Adware.Spruce) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8f2b51cf-cb70-4c9f-be25-9454f893e840} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm93347697 (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fohogitazu (Trojan.Vundo.H) -> Delete on reboot.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\rerujito.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\riketuti.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo) -> Data: c:\windows\system32\kawoseso.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\riketuti.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo) -> Data: system32\kawoseso.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\rerujito.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\riketuti.dll -> Delete on reboot.

Folders Infected:
C:\Documents and Settings\All Users.WINDOWS\Application Data\Rabio (Adware.Rabio) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Smith\Desktop\Internet Security Suite.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Smith\Desktop\Real Music Ringtones.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Smith\Local Settings\Temp\winM1rXTvYjfq5Yls.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Smith\Local Settings\Temp\winb6T9s1b.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Smith\Local Settings\Temporary Internet Files\Content.IE5\4T6J89YB\style[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Smith\Local Settings\Temporary Internet Files\Content.IE5\4T6J89YB\style[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Smith\Local Settings\Temporary Internet Files\Content.IE5\GXEJGH6N\style[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A941B89A-126B-4819-A0EE-7F9C2821466C}\RP234\A0011750.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A941B89A-126B-4819-A0EE-7F9C2821466C}\RP234\A0011838.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A941B89A-126B-4819-A0EE-7F9C2821466C}\RP269\A0013197.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A941B89A-126B-4819-A0EE-7F9C2821466C}\RP269\A0013207.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A941B89A-126B-4819-A0EE-7F9C2821466C}\RP269\A0013208.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A941B89A-126B-4819-A0EE-7F9C2821466C}\RP269\A0013209.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A941B89A-126B-4819-A0EE-7F9C2821466C}\RP273\A0013340.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A941B89A-126B-4819-A0EE-7F9C2821466C}\RP273\A0013341.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\afumejer.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ajepobes.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\aleragam.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bagenowu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bawegojo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cbmfldce.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dimaliti.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\enunolin.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eseketaw.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\evatuyur.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fokwza.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gewurumi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\habamuwo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hediwovi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hitewohe.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hyawdnqo.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ifezuyuy.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\imuruweg.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\itilamid.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ivowideh.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ivutariz.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kagaloyu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\kapidugo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kawoseso.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\kolayela.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\labegefo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\magarela.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mebapiro.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mipozefo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nilonune.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nupoyara.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nuvefoho.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ogudipak.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ohofevun.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oqndwayh.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\owumabah.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pinabapu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pohigujo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pufikere.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rejemufa.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rerujito.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\riketuti.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ruyutave.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sebopeja.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\svchstb.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tepenune.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ugelupiy.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\upabanip.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uwonegab.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vidomovo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vopevade.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\walojele.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\watekese.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\wizojeki.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wklfnv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yipulegu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yuyuzefi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ziratuvi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\~.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Program Files\Mozilla Firefox\components\srff.dll (Adware.SurfAccuracy) -> Delete on reboot.
c:\WINDOWS\system32\vidiyuyo.dll (Trojan.Vundo) -> Delete on reboot.
c:\WINDOWS\system32\zijigegu.dll (Trojan.Vundo) -> Delete on reboot.

Edited by srs178, 05 January 2009 - 10:28 PM.


#5 srs178

srs178
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 05 January 2009 - 10:25 PM

GMER file attached...

Attached Files

  • Attached File  GMER.txt   13.87KB   1 downloads


#6 srs178

srs178
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 05 January 2009 - 10:29 PM

Logfile of random's system information tool 1.05 (written by random/random)
Run by Smith at 2009-01-05 21:33:18
Microsoft Windows XP Professional Service Pack 1
System drive C: has 38 GB (49%) free of 76 GB
Total RAM: 1023 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:33:31 PM, on 1/5/2009
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\PROGRA~1\CLIMAT~1\execs\CPDNSE~1.EXE
C:\WINDOWS\System32\E_S00RP1.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\PROGRA~1\CLIMAT~1\execs\Client Interface.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\SAgent4.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\timesync.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\VMware\VMware Converter\vmware-ufad.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\RunDll32.exe
D:\Program Files\Napster\napster.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\RunDLL32.exe
C:\sj650\hpupdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\System32\ctfmon.exe
D:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
D:\Program Files\tunebite\tunebite.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Program Files\PokerOffice\bin\javaw.exe
C:\Program Files\Microsoft Money\System\Money Express.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\System32\HPZinw12.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Documents and Settings\Smith\Desktop\RSIT.exe
C:\Documents and Settings\Smith\Desktop\Smith.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HGTXPEI] C:\WINDOWS\EndInstall.exe
O4 - HKLM\..\Run: [SoundFusion] RunDll32 hercplgs.cpl,BootEntryPoint
O4 - HKLM\..\Run: [POEngine] "D:\Program Files\PokerOffice\POEngine.exe" D:\Program Files\PokerOffice
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NapsterShell] D:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [VF0060 STISvc] RunDLL32.exe V0060Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [hp Update 3300C] C:\sj650\hpupdate.exe 3300C+
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealOne Player\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [AnyDVD] D:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [tunebite.exe] D:\Program Files\tunebite\tunebite.exe -hidden
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Wootalyzer] C:\Program Files\Wootalyzer\woot.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Travelaxe - {32A32D38-B8ED-4b3f-AFD0-EF23B697B5C1} - C:\Program Files\Travelaxe\Travelaxe.exe (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - d:\program files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - d:\program files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: Yahoo! Fleet - http://download.games.yahoo.com/games/clients/y/fltt1_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt2_x.cab
O16 - DPF: Yahoo! MLB StatTracker - http://aud4.sports.dcn.yahoo.com/java/y/mlbst8402_x.cab
O16 - DPF: Yahoo! NBA StatTracker - http://aud3.sports.yahoo.com/java/y/nbast8264_x.cab
O16 - DPF: Yahoo! NFL StatTracker - http://aud4.sports.yahoo.com/java/y/nflst8226_x.cab
O16 - DPF: Yahoo! NHL StatTracker - http://aud5.sports.yahoo.com/java/y/nhlst8244_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt0_x.cab
O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/games/clients/y/wt0_x.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200207...meInstaller.exe
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ss/sa...abs/tgctlsr.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/...ymmapi_0727.dll
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.net/checkmypc/includes/MotivePreQual.cab
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://www.atlas.lsu.edu/acgm/acgm.cab
O20 - AppInit_DLLs: C:\WINDOWS\ c:\windows\ c:\windows\,C:\WINDOWS\
O20 - Winlogon Notify: !SASWinLogon - C:\WINDOWS\
O20 - Winlogon Notify: sSMfDSIb - C:\WINDOWS\
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CPDNService - University of Oxford, Computing Laboratory & Dept of Atmospheric Physics - D:\PROGRA~1\CLIMAT~1\execs\CPDNSE~1.EXE
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\System32\E_S00RP1.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\System32\SAgent4.exe
O23 - Service: TimeSync - Intellisoft AG, Switzerland - C:\WINDOWS\SYSTEM32\timesync.exe
O23 - Service: VMware Converter Service (ufad-p2v) - VMware, Inc. - C:\Program Files\VMware\VMware Converter\vmware-ufad.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 11243 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2006-10-31 198136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll [2007-12-14 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E718888-423F-11D2-876E-00A0C9082467} - &Radio - C:\WINDOWS\System32\msdxm.ocx [2002-08-29 842268]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=NvQTwk []
"AdaptecDirectCD"=C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe [2002-07-28 684032]
"EM_EXEC"=C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE [2002-05-24 28672]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2004-07-25 180269]
"HGTXPEI"=C:\WINDOWS\EndInstall.exe []
"SoundFusion"=RunDll32 hercplgs.cpl []
"POEngine"=D:\Program Files\PokerOffice\POEngine.exe [2005-07-13 18944]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"NapsterShell"=D:\Program Files\Napster\napster.exe [2008-05-29 323216]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-05-11 49152]
"VF0060 STISvc"=C:\WINDOWS\system32\V0060Pin.dll [2004-10-31 36864]
"hp Update 3300C"=C:\sj650\hpupdate.exe [2002-01-31 32768]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-11-14 286720]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2007-11-15 267048]
"Adobe Reader Speed Launcher"=D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\System32\ctfmon.exe [2002-08-29 13312]
"RealPlayer"=C:\Program Files\Real\RealOne Player\realplay.exe [2006-06-10 1003520]
"AnyDVD"=D:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe [2008-08-01 2161600]
"tunebite.exe"=D:\Program Files\tunebite\tunebite.exe [2006-02-15 350720]
"Aim6"=C:\Program Files\AIM6\aim6.exe [2008-10-31 50480]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]
"MoneyAgent"=C:\Program Files\Microsoft Money\System\Money Express.exe [2000-07-19 176178]
"Wootalyzer"=C:\Program Files\Wootalyzer\woot.exe [2008-06-27 392192]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-12-28 1809648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SfKg6wIP]
C:\Documents and Settings\Smith\Application Data\Microsoft\Windows\kjhsjl.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedRunner]
C:\Documents and Settings\Smith\Application Data\SpeedRunner\SpeedRunner.exe []

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

C:\Documents and Settings\Smith\Start Menu\Programs\Startup
Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINDOWS\ c:\windows\ c:\windows\,C:\WINDOWS\ "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\System32\NavLogon.dll [2001-09-24 45056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sSMfDSIb]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"=D:\IAccess\Qualcomm\Eudora\EuShlExt.dll [2001-04-12 77824]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"=D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [2008-01-31 79408]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\System32\rQhIXQIA

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, msansspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 3 months======

2009-01-05 21:33:18 ----D---- C:\rsit
2009-01-05 19:57:23 ----D---- C:\Documents and Settings\Smith\Application Data\Malwarebytes
2009-01-05 19:57:03 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-05 19:57:03 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-12-31 04:49:16 ----SH---- C:\WINDOWS\System32\alerugom.ini
2008-12-30 16:49:09 ----SH---- C:\WINDOWS\System32\iyugopog.ini
2008-12-01 07:39:27 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\acccore
2008-11-27 10:59:33 ----D---- C:\VundoFix Backups
2008-11-27 10:59:33 ----A---- C:\VundoFix.txt
2008-11-21 16:47:56 ----A---- C:\WINDOWS\System32\DivXsm.exe
2008-11-21 16:47:52 ----A---- C:\WINDOWS\System32\qt-dx331.dll
2008-11-21 16:46:10 ----A---- C:\WINDOWS\System32\ssldivx.dll
2008-11-21 16:46:10 ----A---- C:\WINDOWS\System32\libdivx.dll
2008-11-21 16:45:16 ----A---- C:\WINDOWS\System32\dtu100.dll.manifest
2008-11-21 16:45:16 ----A---- C:\WINDOWS\System32\dtu100.dll
2008-11-21 16:45:16 ----A---- C:\WINDOWS\System32\dpl100.dll.manifest
2008-11-21 16:45:16 ----A---- C:\WINDOWS\System32\dpl100.dll
2008-11-21 16:45:12 ----A---- C:\WINDOWS\System32\dpv11.dll
2008-11-21 16:45:12 ----A---- C:\WINDOWS\System32\dpus11.dll
2008-11-21 16:45:12 ----A---- C:\WINDOWS\System32\dpuGUI11.dll
2008-11-21 16:45:12 ----A---- C:\WINDOWS\System32\dpuGUI10.dll
2008-11-21 16:45:12 ----A---- C:\WINDOWS\System32\dpu11.dll
2008-11-21 16:45:12 ----A---- C:\WINDOWS\System32\dpu10.dll
2008-11-21 16:45:08 ----A---- C:\WINDOWS\System32\divx_xx11.dll
2008-11-21 16:45:08 ----A---- C:\WINDOWS\System32\divx_xx0c.dll
2008-11-21 16:45:08 ----A---- C:\WINDOWS\System32\divx_xx0a.dll
2008-11-21 16:45:08 ----A---- C:\WINDOWS\System32\divx_xx07.dll
2008-11-21 16:45:06 ----A---- C:\WINDOWS\System32\DivX.dll
2008-11-21 16:44:38 ----A---- C:\WINDOWS\System32\DivXCodecVersionChecker.exe
2008-11-21 16:44:16 ----A---- C:\WINDOWS\System32\DivXWMPExtType.dll
2008-11-20 20:40:09 ----D---- C:\Program Files\Common Files\Scanner
2008-11-20 20:39:23 ----D---- C:\Program Files\CA Yahoo! Anti-Spy
2008-11-15 00:06:25 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-11-14 23:57:47 ----SH---- C:\WINDOWS\System32\smdenipj.ini
2008-11-14 20:15:52 ----D---- C:\WINDOWS\??sks
2008-11-13 19:24:59 ----D---- C:\Documents and Settings\Smith\Application Data\A?pPatch
2008-11-12 23:50:45 ----SH---- C:\WINDOWS\System32\xuxnrlcd.ini
2008-11-12 23:48:17 ----A---- C:\WINDOWS\System32\9b248175-.txt
2008-11-12 23:47:42 ----ASH---- C:\WINDOWS\System32\AIQXIhQr.ini2
2008-11-12 23:47:42 ----ASH---- C:\WINDOWS\System32\AIQXIhQr.ini
2008-11-11 19:55:46 ----D---- C:\Program Files\F?nts
2008-11-10 20:14:34 ----D---- C:\WINDOWS\?icrosoft.NET
2008-11-09 11:46:09 ----D---- C:\WINDOWS\System32\?racle
2008-11-09 11:45:37 ----D---- C:\Program Files\Common Files\W?nSxS
2008-11-09 11:40:33 ----SHD---- C:\WINDOWS\c3JzMTc4
2008-11-09 11:35:34 ----D---- C:\WINDOWS\kuzq
2008-11-09 11:35:34 ----D---- C:\Program Files\Common Files\kuzq
17576-30713-30709 35386:30709:16 ----ASH---- C:\WINDOWS\System32\rosipeti.dll
17576-30713-30709 35386:30709:16 ----ASH---- C:\WINDOWS\System32\nopayopa.dll
17576-30713-30709 35386:30709:16 ----ASH---- C:\WINDOWS\System32\merahuro.dll

======List of files/folders modified in the last 3 months======

2009-01-05 21:33:22 ----D---- C:\WINDOWS\Prefetch
2009-01-05 21:31:32 ----AD---- C:\WINDOWS
2009-01-05 21:28:21 ----D---- C:\WINDOWS\Debug
2009-01-05 21:27:38 ----AD---- C:\WINDOWS\system32
2009-01-05 21:27:36 ----D---- C:\WINDOWS\System32\drivers
2009-01-05 21:26:37 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-05 19:57:03 ----RD---- C:\Program Files
2009-01-05 17:51:04 ----A---- C:\WINDOWS\wininit.ini
2009-01-02 12:19:50 ----A---- C:\WINDOWS\NeroDigital.ini
2009-01-01 11:58:14 ----D---- C:\WINDOWS\System32\CatRoot2
2008-12-31 21:15:46 ----D---- C:\Program Files\SUPERAntiSpyware
2008-12-30 15:48:48 ----ASH---- C:\WINDOWS\System32\gobifose.dll
2008-12-29 15:48:42 ----ASH---- C:\WINDOWS\System32\fatalofi.dll
2008-12-29 14:48:38 ----ASH---- C:\WINDOWS\System32\safiwido.dll
2008-12-29 14:48:38 ----ASH---- C:\WINDOWS\System32\kufenako.dll
2008-12-28 16:32:23 ----D---- C:\Documents and Settings\Smith\Application Data\tunebite
2008-12-28 14:48:38 ----ASH---- C:\WINDOWS\System32\yosimanu.dll
2008-12-19 22:17:28 ----D---- C:\Program Files\DivX
2008-12-01 07:40:28 ----D---- C:\Program Files\AIM6
2008-12-01 07:39:30 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Viewpoint
2008-12-01 07:38:24 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL Downloads
2008-11-27 11:37:09 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-23 19:37:52 ----D---- C:\My Music
2008-11-20 20:40:09 ----D---- C:\Program Files\Common Files
2008-11-17 18:44:50 ----D---- C:\WINDOWS\TEMP
2008-11-15 07:31:09 ----A---- C:\WINDOWS\OEWABLog.txt
2008-11-15 07:29:55 ----HD---- C:\Config.Msi
2008-11-15 00:07:09 ----SHD---- C:\WINDOWS\Installer
2008-11-15 00:07:03 ----D---- C:\Documents and Settings\Smith\Application Data\SUPERAntiSpyware.com
2008-11-14 21:17:10 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-12 23:47:12 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-11-12 23:43:19 ----SH---- C:\boot.ini
2008-11-12 23:43:19 ----A---- C:\WINDOWS\win.ini
2008-11-12 23:43:19 ----A---- C:\WINDOWS\system.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver; \??\D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys []
R1 AvgAsCln;AVG Anti-Spyware Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys [2006-09-05 3968]
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\System32\drivers\Cdr4_xp.sys [2007-06-20 9072]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\System32\drivers\Cdralw2k.sys [2007-06-20 9200]
R1 cdudf_XP;cdudf_XP; C:\WINDOWS\System32\drivers\cdudf_XP.sys [2002-07-28 237568]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2008-07-21 24392]
R1 pwd_2K;pwd_2K; C:\WINDOWS\System32\drivers\pwd_2K.sys [2002-07-28 127738]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 UdfReadr_xp;UdfReadr_xp; C:\WINDOWS\System32\drivers\UdfReadr_xp.sys [2002-07-28 206336]
R1 VIAPFD;VIAPFD; C:\WINDOWS\System32\Drivers\VIAPFD.SYS [2001-05-04 3033]
R2 NAVAPEL;NAVAPEL; \??\D:\Program Files\NavNT\NAVAPEL.SYS []
R2 vstor2-p2v30;Vstor2 P2V30 Virtual Storage Driver; \??\C:\Program Files\VMware\VMware Converter\vstor2-p2v30.sys []
R2 WBHWDOCT;WBHWDOCT; C:\WINDOWS\System32\drivers\WBHWDOCT.sys [2001-06-15 5006]
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2008-08-01 99648]
R3 cwcspud;Crystal SoundFusion™ Driver; C:\WINDOWS\system32\drivers\cwcspud.sys [2001-10-12 144176]
R3 cwcwdm;Crystal SoundFusion™ WDM Driver; C:\WINDOWS\system32\drivers\cwcwdm.sys [2001-10-12 553616]
R3 dvd_2K;dvd_2K; C:\WINDOWS\System32\drivers\dvd_2K.sys [2002-07-28 25290]
R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2007-02-15 11984]
R3 FA312;NETGEAR FA330/FA312/FA311 Fast Ethernet Adapter Driver; C:\WINDOWS\System32\DRIVERS\FA312nd5.sys [2001-08-17 16074]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-23 9600]
R3 LKbdFlt2;Logitech Keyboard Class Filter Driver; C:\WINDOWS\System32\DRIVERS\LKbdFlt2.sys [2002-05-21 5846]
R3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINDOWS\System32\DRIVERS\LMouFlt2.sys [2002-05-21 68886]
R3 mmc_2K;mmc_2K; C:\WINDOWS\System32\drivers\mmc_2K.sys [2002-07-28 30086]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2001-09-27 905129]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\System32\DRIVERS\serscan.sys [2001-08-17 6784]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2003-07-03 53120]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2003-07-03 19328]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2001-08-23 13952]
S3 catchme;catchme; \??\C:\DOCUME~1\Smith\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2003-02-17 16384]
S3 GcKernel;Microsoft SideWinder Value Add - Filter Driver; C:\WINDOWS\System32\DRIVERS\GcKernel.sys [2002-08-29 54144]
S3 HIDSwvd;Microsoft SideWinder Virtual HID Device Mini-Driver; C:\WINDOWS\System32\DRIVERS\HIDSwvd.sys [2001-08-17 2688]
S3 l8042pr2;Logitech PS/2 Mouse Filter Driver; C:\WINDOWS\System32\DRIVERS\L8042Pr2.sys [2002-05-21 52166]
S3 lgatbus;LG USB Composite Device driver (WDM); C:\WINDOWS\System32\DRIVERS\lgatbus.sys [2006-05-20 43024]
S3 lgatmdm;LG CDMA USB Modem Drivers; C:\WINDOWS\System32\DRIVERS\lgatmdm.sys [2006-05-20 77104]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2002-12-12 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2003-02-17 83968]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2003-02-17 10112]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2003-02-17 10880]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2003-02-17 14976]
S3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
S3 usbbus;LGE CDMA Composite USB Device; C:\WINDOWS\System32\DRIVERS\lgusbbus.sys [2007-04-09 12672]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2003-07-03 28160]
S3 UsbDiag;LGE CDMA USB Serial Port; C:\WINDOWS\System32\DRIVERS\lgUsbDiag.sys [2007-04-09 21248]
S3 USBModem;LGE CDMA USB Modem; C:\WINDOWS\System32\DRIVERS\lgusbmodem.sys [2007-04-09 22912]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2002-08-29 24960]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2002-08-29 14208]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2002-08-29 21760]
S3 V0060VID;Creative WebCam Live! Ultra; C:\WINDOWS\System32\DRIVERS\V0060Vid.sys [2005-02-02 196409]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard; D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe [2008-01-31 312880]
R2 CPDNService;CPDNService; D:\PROGRA~1\CLIMAT~1\execs\CPDNSE~1.EXE [2004-02-09 65536]
R2 EPSON_PM_RPCV2_01;EPSON V3 Service2(03); C:\WINDOWS\System32\E_S00RP1.EXE [2002-06-30 62464]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\System32\nvsvc32.exe [2001-09-27 57344]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\HPZipm12.exe [2006-03-02 69632]
R2 StatusAgent4;Epson Printer Status Agent4; C:\WINDOWS\System32\SAgent4.exe [2002-12-10 122880]
R2 TimeSync;TimeSync; C:\WINDOWS\SYSTEM32\timesync.exe [2002-10-16 278528]
R2 ufad-p2v;VMware Converter Service; C:\Program Files\VMware\VMware Converter\vmware-ufad.exe [2008-04-29 186928]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2004-09-22 38912]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2007-11-15 504104]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2003-02-20 32768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S4 DefWatch;DefWatch; D:\Program Files\NavNT\defwatch.exe [2001-09-24 32768]
S4 Norton AntiVirus Server;Norton AntiVirus Client; D:\Program Files\NavNT\rtvscan.exe [2001-09-24 454656]

-----------------EOF-----------------

Edited by srs178, 05 January 2009 - 10:31 PM.


#7 srs178

srs178
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 05 January 2009 - 10:32 PM

info.txt logfile of random's system information tool 1.05 2009-01-05 21:33:34

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNNMP.exe /UNINSTALL
-->C:\WINDOWS\UNNVEContent.exe /UNINSTALL
-->D:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E5ABA5FD-EE3D-4F15-895D-B32321E6C96B}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EAF97B2C-0B9B-403C-829C-EF8099237DA9}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 5.0 Sprint Plus-->MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
Action Replay XBOX 1.42-->"D:\Program Files\Datel\Action Replay XBOX\unins000.exe"
Ad-aware 6 Personal-->D:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE D:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\System32\Macromed\Flash\UninstFl.exe -q
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
AIM 6-->C:\Program Files\AIM6\uninst.exe
AnyDVD-->"D:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="D:\Program Files\SlySoft\AnyDVD"
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ArcSoft Software Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66C8BE35-8BBB-472B-96C7-C7C9A499F988}\SETUP.EXE" -l0x9
AVG Anti-Spyware 7.5-->D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
AVI/MPEG/RM/WMV Joiner 4.82-->"D:\Program Files\AVI MPEG RM WMV Joiner\unins000.exe"
AXIS Media Control-->rundll32 "C:\Program Files\Axis Communications\AXIS Media Control\AxisMediaControl.dll",UninstallMe
BetGameDay Casino-->"D:\Program Files\BetGameDay Casino\Install.exe" -u
BitLord 1.1-->D:\Program Files\BitLord\uninst.exe
BitPim 1.0.5-->"D:\Program Files\BitPim\unins000.exe"
BugOff 1.10-->C:\DOCUME~1\Smith\LOCALS~1\Temp\BugOff.exe /uninstall
CA Yahoo! Anti-Spy (remove only)-->"C:\Program Files\CA Yahoo! Anti-Spy\uninstall.exe"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Climate Prediction-->D:\PROGRA~1\CLIMAT~1\execs\UNWISE.EXE D:\PROGRA~1\CLIMAT~1\execs\INSTALL.LOG
CloneDVD2-->"D:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="D:\Program Files\Elaborate Bytes\CloneDVD2"
Creative WebCam Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E5ABA5FD-EE3D-4F15-895D-B32321E6C96B}\setup.exe" -l0x9 /remove
Creative WebCam Live! Ultra Driver (1.01.03.0127)-->C:\WINDOWS\CtDrvIns.exe -uninstall -script VF0060.uns -unsext NT -plugin V0060Pin.dll -pluginres CtCamPin.crl -filelog
Creative WebCam Live! Ultra User's Guide (English)-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\Creative WebCam Live! Ultra\Creative WebCam Live! Ultra User's Guide\English\CTManual.isu"
Data Lifeguard-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}\Setup.exe"
DIRECTV GameTracker-->"D:\Program Files\DIRECTV GameTracker\uninstall.exe"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Easy CD Creator 5 Basic-->MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /r
FCE Ultra-->D:\FCE Ultra\uninst.exe
Game Theater™ XP 6.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{915BDF9B-F5F5-433D-B857-490EE2D259D7}\Setup.exe"
Get Yahoo! Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EAF97B2C-0B9B-403C-829C-EF8099237DA9}\setup.exe" -l0x9 /remove
Hardware Doctor-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6E524C61-42EC-11D5-98E1-0050BA0133AC}\Setup.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Document Viewer 5.3-->C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP Image Zone 5.3-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Imaging Device Functions 5.3-->C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP PSC & OfficeJet 5.3.A-->"C:\Program Files\HP\Digital Imaging\{3E386744-10FA-44b2-98C9-DF7A270DECB3}\setup\hpzscr01.exe" -datfile hposcr06.dat
HP Software Update-->MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP Solution Center & Imaging Support Tools 5.3-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
iTunes-->MsiExec.exe /I{4F5CE18C-D97D-48FF-A510-A0D90C918294}
J2SE Runtime Environment 5.0 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
Java™ 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Kaspersky Online Scanner-->C:\WINDOWS\System32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Kazaa Lite v2.1.0 [K++ Edition] [build 3]-->"D:\Kazaa Lite\unins000.exe"
LG GSM PC Components-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3231D52-F193-4F30-A4D6-0A621E740FFF}\setup.exe"
LG USB Modem driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\Setup.exe" -l0x9 LG
LiveUpdate 1.6 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Logitech MouseWare 9.61 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\Setup.exe" -l0x9 -l0009 UNINSTALL
Macromedia Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
Madden NFL 2004-->D:\Program Files\EASports\Madden2004\EAUninstall.exe
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Money 2001-->MsiExec.exe /I{D085A1B6-90A4-11D3-82B7-00C04FA309DE}
Microsoft Money 2006-->"C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Movie Joiner-->D:\Program Files\Movie Joiner\uninst.exe -c
Mozilla Firefox (2.0.0.20)-->D:\Program Files\Mozilla Firefox\uninstall\helper.exe
MP3 Namer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44342DA1-A636-400D-8E3D-51B7238DEDC4}\Setup.exe" -l0x9
MSN Add-in for Windows Messenger-->rundll32.exe "C:\Program Files\Messenger\MSGSC.dll",UnregisterMSNExt
MSN Music Assistant-->rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
MusicMatch Jukebox-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MusicMatch\MusicMatch Jukebox\Uninst.isu" -cC:\PROGRA~1\MUSICM~1\MUSICM~1\unmatch.dll
myfantasyleague.com Game Day 2008-->"C:\Program Files\myfantasyleague\unins000.exe"
MySQL Server 4.1-->MsiExec.exe /I{9A527766-AF63-46B4-AC86-6C32C756C620}
Napster Burn Engine-->MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}
Napster-->C:\Program Files\InstallShield Installation Information\{BBBCAE4B-B416-4182-A6F2-438180894A81}\setup.exe -runfromtemp -l0x0009 -removeonly
Nero Suite-->C:\Program Files\Common Files\Ahead\Uninstall\setup.exe /uninstall ExtraUninstallID=""
NHL 2001-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBA471C0-5EF2-11D4-0091-A500A0245DC0}\setup.exe" -l0x9 Uninstall
NVIDIA Windows 2000/XP Display Drivers-->rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nv4_disp.inf
Outlook Express Q823353-->C:\WINDOWS\oeuninst.exe C:\WINDOWS\INF\Q823353.inf
PartyPoker-->"d:\program files\PartyGaming\PartyPoker\Uninstall.exe" "d:\program files\PartyGaming\PartyPoker\install.log"
Pdf995-->C:\Program Files\TaxCut06\pdf995\setup.exe uninstall
PdfEdit995-->C:\Program Files\TaxCut06\pdf995\res\utilities\thinsetup.exe - uninstall
PokerOffice (remove only)-->"D:\Program Files\PokerOffice\uninstall.exe"
QuickTime-->MsiExec.exe /I{9763E36A-08E9-4228-BBCE-12989A4EB1A8}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893066)-->"C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896422)-->"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899588)-->"C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899589)-->"C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905495)-->"C:\WINDOWS\$NtUninstallKB905495$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Shockwave-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Spybot - Search & Destroy 1.5.2.20-->"C:\WINDOWS\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster v3.5.1-->"C:\Program Files\SpywareBlaster\unins000.exe"
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
TaxCut Premium 2006-->C:\PROGRA~1\TaxCut06\Program\removetc.exe
tunebite 2.2.0.3-->"D:\Program Files\tunebite\unins000.exe"
Unix Utilities for Yahoo! Widgets-->C:\Program Files\Yahoo!\Widgets\UnixUtils\uninstall.exe
upapp-->MsiExec.exe /I{4EF69D40-4DC9-485E-95D3-B1C22F218FC8}
Update for Windows XP (KB835409)-->"C:\WINDOWS\$NtUninstallKB835409$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
VideoLAN VLC media player 0.8.6b-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
ViewSonic Monitor Drivers-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B4FEA924-630D-11D4-B78E-005004566E4D}\Setup.exe" -l0x9
ViewSonic Windows XP Signed Files-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC47C7A5-BE63-11D5-B7C9-005004566E4D}\Setup.exe" -l0x9
VMware Converter Agent-->MsiExec.exe /I{3D2EFD43-D3AE-421A-8677-B341F826F605}
WD Diagnostics-->MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
WinAVIVideoConverter-->"C:\Program Files\WinAVIVideoConverter\unins000.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Hotfix - KB822603-->C:\WINDOWS\$NtUninstallKB822603$\spuninst\spuninst.exe
Windows XP Hotfix - KB823559-->C:\WINDOWS\$NtUninstallKB823559$\spuninst\spuninst.exe
Windows XP Hotfix - KB828741-->C:\WINDOWS\$NtUninstallKB828741$\spuninst\spuninst.exe
Windows XP Hotfix - KB834707-->C:\WINDOWS\$NtUninstallKB834707-IE6SP1-20040929.091901$\spuninst\spuninst.exe
Windows XP Hotfix - KB835732-->C:\WINDOWS\$NtUninstallKB835732$\spuninst\spuninst.exe
Windows XP Hotfix - KB840987-->C:\WINDOWS\$NtUninstallKB840987$\spuninst\spuninst.exe
Windows XP Hotfix - KB873333-->C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->"C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe"
Windows XP Hotfix - KB887822-->C:\WINDOWS\$NtUninstallKB887822$\spuninst\spuninst.exe
Windows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Hotfix - KB892944-->"C:\WINDOWS\$NtUninstallKB892944$\spuninst\spuninst.exe"
Windows XP Hotfix - KB893086-->"C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe"
Windows XP Hotfix - KB896688-->"C:\WINDOWS\$NtUninstallKB896688-IE6SP1-20051004.130236$\spuninst\spuninst.exe"
Windows XP Hotfix - KB896727-->"C:\WINDOWS\$NtUninstallKB896727-IE6SP1-20050719.165959$\spuninst\spuninst.exe"
Windows XP Hotfix - KB905915-->"C:\WINDOWS\$NtUninstallKB905915-IE6SP1-20051122.175908$\spuninst\spuninst.exe"
Windows XP Hotfix (SP2) [See Q329115 for more information]-->C:\WINDOWS\$NtUninstallQ329115$\spuninst\spuninst.exe
Windows XP Hotfix (SP2) Q328310-->C:\WINDOWS\$NtUninstallQ328310$\spuninst\spuninst.exe
Windows XP Hotfix (SP2) Q329170-->C:\WINDOWS\$NtUninstallQ329170$\spuninst\spuninst.exe
Windows XP Hotfix (SP2) Q329441-->C:\WINDOWS\$NtUninstallQ329441$\spuninst\spuninst.exe
Windows XP Hotfix (SP2) Q810577-->C:\WINDOWS\$NtUninstallQ810577$\spuninst\spuninst.exe
Windows XP Hotfix (SP2) Q811493-->C:\WINDOWS\$NtUninstallQ811493$\spuninst\spuninst.exe
Windows XP Hotfix (SP2) Q815021-->C:\WINDOWS\$NtUninstallQ815021$\spuninst\spuninst.exe
Windows XP Hotfix (SP2) Q817606-->C:\WINDOWS\$NtUninstallQ817606$\spuninst\spuninst.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Wootalyzer!-->C:\Program Files\Wootalyzer\Uninstall.exe
XviD MPEG4 Video Codec (remove only)-->"C:\WINDOWS\System32\xvid-uninstall.exe"
Yahoo! Browser Services-->C:\PROGRA~1\Yahoo!\Common\unyext.exe
Yahoo! Install Manager-->C:\WINDOWS\System32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail-->C:\WINDOWS\System32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI~2.DLL
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe
Yahoo! Widgets-->C:\PROGRA~1\Yahoo!\Widgets\uninstall.exe
yEnc32 (remove only)-->"D:\Program Files\yEnc32\uninstall.exe"

=====HijackThis Backups=====

O20 - AppInit_DLLs: NVDESK32.DLL wklfnv.dll onzcse.dll fokwza.dll c:\windows\system32\kanelewu.dll C:\WINDOWS\System32\gitoreda.dll c:\windows\system32\vidiyuyo.dll c:\windows\system32\zijigegu.dll
O4 - HKLM\..\Run: [CPM93347697] Rundll32.exe "c:\windows\system32\vidiyuyo.dll",a
O4 - HKLM\..\Run: [fohogitazu] Rundll32.exe "C:\WINDOWS\System32\tanudeke.dll",s
O4 - HKUS\S-1-5-19\..\Run: [fohogitazu] Rundll32.exe "C:\WINDOWS\System32\tanudeke.dll",s (User 'LOCAL SERVICE')
O4 - HKLM\..\Run: [9007450b] rundll32.exe "C:\WINDOWS\System32\jpinedms.dll",b
O4 - HKUS\S-1-5-20\..\Run: [fohogitazu] Rundll32.exe "C:\WINDOWS\System32\tanudeke.dll",s (User 'NETWORK SERVICE')
O2 - BHO: (no name) - {8f2b51cf-cb70-4c9f-be25-9454f893e840} - C:\WINDOWS\System32\wuyojeva.dll
O4 - HKLM\..\Run: [CPM93347697] Rundll32.exe "c:\windows\system32\vidiyuyo.dll",a
O4 - HKUS\S-1-5-19\..\Run: [fohogitazu] Rundll32.exe "C:\WINDOWS\System32\tanudeke.dll",s (User 'LOCAL SERVICE')
O2 - BHO: (no name) - {8f2b51cf-cb70-4c9f-be25-9454f893e840} - C:\WINDOWS\System32\wuyojeva.dll
O4 - HKLM\..\Run: [fohogitazu] Rundll32.exe "C:\WINDOWS\System32\tanudeke.dll",s
O4 - HKUS\S-1-5-20\..\Run: [fohogitazu] Rundll32.exe "C:\WINDOWS\System32\tanudeke.dll",s (User 'NETWORK SERVICE')
O2 - BHO: (no name) - {8f2b51cf-cb70-4c9f-be25-9454f893e840} - C:\WINDOWS\System32\wuyojeva.dll (file missing)
O4 - HKLM\..\Run: [CPM93347697] Rundll32.exe "c:\windows\system32\zijigegu.dll",a
O4 - HKUS\S-1-5-19\..\Run: [fohogitazu] Rundll32.exe "C:\WINDOWS\System32\tanudeke.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [fohogitazu] Rundll32.exe "C:\WINDOWS\System32\tanudeke.dll",s (User 'NETWORK SERVICE')
O4 - HKLM\..\Run: [fohogitazu] Rundll32.exe "C:\WINDOWS\System32\tanudeke.dll",s

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

System event log

Computer Name: SRS178
Event Code: 51
Message: An error was detected on device \Device\Harddisk0\D during a paging operation.

Record Number: 218136
Source Name: Disk
Time Written: 20090104144829.000000-300
Event Type: warning
User:

Computer Name: SRS178
Event Code: 51
Message: An error was detected on device \Device\Harddisk0\D during a paging operation.

Record Number: 218135
Source Name: Disk
Time Written: 20090104144828.000000-300
Event Type: warning
User:

Computer Name: SRS178
Event Code: 51
Message: An error was detected on device \Device\Harddisk0\D during a paging operation.

Record Number: 218134
Source Name: Disk
Time Written: 20090104144827.000000-300
Event Type: warning
User:

Computer Name: SRS178
Event Code: 51
Message: An error was detected on device \Device\Harddisk0\D during a paging operation.

Record Number: 218133
Source Name: Disk
Time Written: 20090104144826.000000-300
Event Type: warning
User:

Computer Name: SRS178
Event Code: 51
Message: An error was detected on device \Device\Harddisk0\D during a paging operation.

Record Number: 218132
Source Name: Disk
Time Written: 20090104144825.000000-300
Event Type: warning
User:

Application event log

Computer Name: SRS178
Event Code: 1
Message: Could not resolve clock.cac.psu.edu. Error 11004 from gethostbyname.

Record Number: 222286
Source Name: TimeSync
Time Written: 20080126075026.000000-300
Event Type: error
User:

Computer Name: SRS178
Event Code: 1
Message: Could not resolve clock.cac.psu.edu. Error 11004 from gethostbyname.

Record Number: 222285
Source Name: TimeSync
Time Written: 20080126075026.000000-300
Event Type: error
User:

Computer Name: SRS178
Event Code: 1
Message: Could not resolve clock.cac.psu.edu. Error 11004 from gethostbyname.

Record Number: 222284
Source Name: TimeSync
Time Written: 20080126075026.000000-300
Event Type: error
User:

Computer Name: SRS178
Event Code: 2
Message:


Scan Complete: Viruses:0 Infected:0 Scanned:341080 Files/Folders/Drives Omitted:1236

Record Number: 222283
Source Name: Norton AntiVirus
Time Written: 20080126042249.000000-300
Event Type: information
User:

Computer Name: SRS178
Event Code: 6
Message:


Scan could not open file G:\My Music\The Smashing Pumpkins\Mellon Collie And The Infinite Sadness\The Smashing Pumpkins - Thirty-Three.wma [00000003]

Record Number: 222282
Source Name: Norton AntiVirus
Time Written: 20080126041858.000000-300
Event Type: warning
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Common Files\Adaptec Shared\System;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 6 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=0602
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip

-----------------EOF-----------------

#8 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 06 January 2009 - 01:26 AM

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#9 srs178

srs178
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 09 January 2009 - 07:18 AM

ComboFix 09-01-08.04 - Smith 2009-01-09 7:07:16.9 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.1023.479 [GMT -5:00]
Running from: c:\documents and settings\Smith\Desktop\ComboFix.exe
* Created a new restore point
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Smith\Application Data\APPATC~1
c:\program files\Common Files\wnsxs~1
c:\program files\Common Files\wnsxs~1\W?nSxS\
c:\program files\fnts~1
c:\windows\icroso~1.net
c:\windows\sks~1
c:\windows\system32\AIQXIhQr.ini
c:\windows\system32\AIQXIhQr.ini2
c:\windows\system32\alerugom.ini
c:\windows\system32\fatalofi.dll
c:\windows\system32\gobifose.dll
c:\windows\system32\iyugopog.ini
c:\windows\system32\kufenako.dll
c:\windows\system32\merahuro.dll
c:\windows\system32\racle~1
c:\windows\system32\rosipeti.dll
c:\windows\system32\safiwido.dll
c:\windows\system32\smdenipj.ini
c:\windows\system32\tmp.reg
c:\windows\system32\xuxnrlcd.ini
c:\windows\system32\yosimanu.dll
c:\windows\wiaserviv.log

.
((((((((((((((((((((((((( Files Created from 2008-12-09 to 2009-01-09 )))))))))))))))))))))))))))))))
.

2009-01-05 21:42 . 2009-01-05 22:01 250 --a------ c:\windows\gmer.ini
2009-01-05 21:33 . 2009-01-05 21:33 <DIR> d-------- C:\rsit
2009-01-05 19:57 . 2009-01-05 19:57 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-05 19:57 . 2009-01-05 19:57 <DIR> d-------- c:\documents and settings\Smith\Application Data\Malwarebytes
2009-01-05 19:57 . 2009-01-05 19:57 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-01-05 19:57 . 2009-01-04 18:41 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-05 19:57 . 2009-01-04 18:41 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-15 20:10 . 2008-12-15 20:10 1 --a------ c:\windows\system32\edl.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-01 02:15 --------- d-----w c:\program files\SUPERAntiSpyware
2008-12-28 21:32 --------- d-----w c:\documents and settings\Smith\Application Data\tunebite
2008-12-20 03:18 120 ----a-w C:\drmHeader.bin
2008-12-20 03:17 --------- d-----w c:\program files\DivX
2008-12-01 12:40 --------- d-----w c:\program files\AIM6
2008-12-01 12:39 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Viewpoint
2008-12-01 12:39 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\acccore
2008-12-01 12:38 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads
2008-11-22 18:23 --------- d-----w c:\program files\CA Yahoo! Anti-Spy
2008-11-21 21:47 524,288 ----a-w c:\windows\system32\DivXsm.exe
2008-11-21 21:47 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
2008-11-21 21:46 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-11-21 21:46 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-11-21 21:44 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe
2008-11-21 21:44 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll
2008-11-21 01:40 --------- d-----w c:\program files\Common Files\Scanner
2008-11-15 05:07 --------- d-----w c:\documents and settings\Smith\Application Data\SUPERAntiSpyware.com
2008-11-15 05:06 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-15 02:17 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-13 04:47 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-11-09 16:37 --------- d-----w c:\program files\Common Files\kuzq
2007-07-08 12:34 25,032 ----a-w c:\documents and settings\Smith\Application Data\GDIPFONTCACHEV1.DAT
2002-06-21 16:37 61,440 ----a-w c:\program files\Registered.dll
2002-06-21 16:33 24,576 ----a-w c:\program files\EnDeCrypt.dll
2007-11-09 21:25 57,344 ----a-w c:\program files\mozilla firefox\components\MGSHelper.dll
1601-01-01 00:12 8,192 --sha-w c:\windows\system32\nopayopa.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\System32\ctfmon.exe" [2002-08-29 13312]
"RealPlayer"="c:\program files\Real\RealOne Player\realplay.exe" [2006-06-10 1003520]
"AnyDVD"="d:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2008-08-01 2161600]
"tunebite.exe"="d:\program files\tunebite\tunebite.exe" [2006-02-15 350720]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-31 50480]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"MoneyAgent"="c:\program files\Microsoft Money\System\Money Express.exe" [2000-07-19 176178]
"Wootalyzer"="c:\program files\Wootalyzer\woot.exe" [2008-06-27 392192]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-28 1809648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" [X]
"AdaptecDirectCD"="c:\program files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-07-28 684032]
"EM_EXEC"="c:\progra~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-05-24 28672]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-07-25 180269]
"POEngine"="d:\program files\PokerOffice\POEngine.exe" [2005-07-13 18944]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"NapsterShell"="d:\program files\Napster\napster.exe" [2008-05-29 323216]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"hp Update 3300C"="c:\sj650\hpupdate.exe" [2002-01-31 32768]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-11-14 286720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-11-15 267048]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SoundFusion"="hercplgs.cpl" [2001-10-04 c:\windows\system32\hercplgs.cpl]
"VF0060 STISvc"="V0060Pin.dll" [2004-10-31 c:\windows\system32\V0060Pin.dll]

c:\documents and settings\Smith\Start Menu\Programs\Startup\
Yahoo! Widget Engine.lnk - c:\program files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-07-20 2913584]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 73728]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "d:\iaccess\Qualcomm\Eudora\EuShlExt.dll" [2001-04-12 77824]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I263"= i263_32.drv
"msacm.msnaudio"= msnaudio.acm

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"GetPack24"="c:\program files\GetPack\GetPack24.exe"
"kuzq"=c:\progra~1\COMMON~1\kuzq\kuzqm.exe
"Tnnm"="c:\progra~1\COMMON~1\WNSXS~1\lsass.exe" -vt yazb

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"CPM93347697"=Rundll32.exe "c:\windows\system32\vidiyuyo.dll",a
"fohogitazu"=Rundll32.exe "c:\windows\System32\tanudeke.dll",s
"9007450b"=rundll32.exe "c:\windows\System32\jpinedms.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

R0 Hpt3xxNT;Hpt3xxNT;c:\windows\system32\drivers\Hpt3xxNT.sys [2004-11-19 41989]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-09-03 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-09-03 55024]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-09-03 7408]
R4 CPDNService;CPDNService;d:\progra~1\CLIMAT~1\execs\CPDNSE~1.EXE [2004-05-07 65536]
R4 TimeSync;TimeSync;c:\windows\system32\timesync.exe [2002-10-16 278528]
R4 ufad-p2v;VMware Converter Service;c:\program files\VMware\VMware Converter\vmware-ufad.exe [2008-04-29 186928]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-02-18 24652]
R4 vstor2-p2v30;Vstor2 P2V30 Virtual Storage Driver;c:\program files\VMware\VMware Converter\vstor2-p2v30.sys [2008-04-29 19248]
S0 ElbyVCD;ElbyVCD;c:\windows\System32\DRIVERS\ElbyVCD.sys --> c:\windows\System32\DRIVERS\ElbyVCD.sys [?]
S3 lgatbus;LG USB Composite Device driver (WDM);c:\windows\system32\drivers\lgatbus.sys [2006-12-06 43024]
S3 lgatmdm;LG CDMA USB Modem Drivers;c:\windows\system32\drivers\lgatmdm.sys [2006-12-06 77104]
S3 V0060VID;Creative WebCam Live! Ultra;c:\windows\system32\drivers\V0060Vid.sys [2006-12-31 196409]
.
Contents of the 'Scheduled Tasks' folder

2009-01-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

2009-01-05 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2008-01-28 11:43]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-HGTXPEI - c:\windows\EndInstall.exe
Notify-!SASWinLogon - (no file)
Notify-sSMfDSIb - (no file)
MSConfigStartUp-SfKg6wIP - c:\documents and settings\Smith\Application Data\Microsoft\Windows\kjhsjl.exe
MSConfigStartUp-SpeedRunner - c:\documents and settings\Smith\Application Data\SpeedRunner\SpeedRunner.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = 127.0.0.1
IE: &Download by NetAnts
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Download &All by NetAnts
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

c:\windows\System32\msvcrt.dll - c:\windows\System32\snbdpl1.dll
c:\windows\System32\snbd10dm.dll
c:\windows\System32\igsnrn22.dll
c:\windows\System32\igsnpb22.dll
c:\windows\System32\igsnol22.dll
c:\windows\System32\igsncm22.dll
c:\windows\System32\browser.exa
c:\windows\System32\Acgm.Dll
O16 -: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7}
hxxp://www.atlas.lsu.edu/acgm/acgm.cab
c:\windows\Downloaded Program Files\acgm.inf
FF - ProfilePath - c:\documents and settings\Smith\Application Data\Mozilla\Firefox\Profiles\i9sfqiwc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=slv5-ab-&p=
FF - component: c:\documents and settings\Smith\Application Data\Mozilla\Firefox\Profiles\i9sfqiwc.default\extensions\mgswrapper@microgaming.com\components\MGSHelper.dll
FF - component: d:\program files\Mozilla Firefox\components\srff.dll
FF - component: d:\program files\Mozilla Firefox\components\xpinstal.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-09 07:12:12
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}\InprocServer32]
@DACL=(02 0000)
@="c:\\windows\\system32\\kanelewu.dll"
"ThreadingModel"="Both"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(596)
c:\windows\System32\ODBC32.dll
c:\windows\System32\NavLogon.dll

- - - - - - - > 'lsass.exe'(652)
c:\windows\system32\MSVCRT40.dll
c:\windows\system32\MSVCIRT.dll
c:\windows\System32\dssenh.dll
.
------------------------ Other Running Processes ------------------------
.
d:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
d:\progra~1\CLIMAT~1\execs\Client Interface.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\SAgent4.exe
c:\windows\system32\wdfmgr.exe
d:\progra~1\CLIMAT~1\execs\Model.exe
c:\windows\system32\rundll32.exe
d:\program files\PokerOffice\bin\javaw.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Microsoft Office\Office10\MSOFFICE.EXE
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\AIM6\aolsoftware.exe
c:\windows\system32\HPZinw12.exe
c:\program files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
c:\windows\system32\locator.exe
.
**************************************************************************
.
Completion time: 2009-01-09 7:15:41 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-09 12:15:38

Pre-Run: 40,601,636,864 bytes free
Post-Run: 40,977,317,888 bytes free

winxpsp1_en_pro_bf.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect

244


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:16:19 AM, on 1/9/2009
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\PROGRA~1\CLIMAT~1\execs\CPDNSE~1.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\PROGRA~1\CLIMAT~1\execs\Client Interface.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\SAgent4.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\timesync.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\VMware\VMware Converter\vmware-ufad.exe
D:\PROGRA~1\CLIMAT~1\execs\Model.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Napster\napster.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\RunDLL32.exe
C:\sj650\hpupdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\System32\ctfmon.exe
D:\Program Files\PokerOffice\bin\javaw.exe
D:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\tunebite\tunebite.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft Money\System\Money Express.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\System32\HPZinw12.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Smith\Desktop\HiJackThis.exe
D:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundFusion] RunDll32 hercplgs.cpl,BootEntryPoint
O4 - HKLM\..\Run: [POEngine] "D:\Program Files\PokerOffice\POEngine.exe" D:\Program Files\PokerOffice
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NapsterShell] D:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [VF0060 STISvc] RunDLL32.exe V0060Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [hp Update 3300C] C:\sj650\hpupdate.exe 3300C+
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealOne Player\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [AnyDVD] D:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [tunebite.exe] D:\Program Files\tunebite\tunebite.exe -hidden
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Wootalyzer] C:\Program Files\Wootalyzer\woot.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Travelaxe - {32A32D38-B8ED-4b3f-AFD0-EF23B697B5C1} - C:\Program Files\Travelaxe\Travelaxe.exe (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - d:\program files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - d:\program files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: Yahoo! Fleet - http://download.games.yahoo.com/games/clients/y/fltt1_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt2_x.cab
O16 - DPF: Yahoo! MLB StatTracker - http://aud4.sports.dcn.yahoo.com/java/y/mlbst8402_x.cab
O16 - DPF: Yahoo! NBA StatTracker - http://aud3.sports.yahoo.com/java/y/nbast8264_x.cab
O16 - DPF: Yahoo! NFL StatTracker - http://aud4.sports.yahoo.com/java/y/nflst8226_x.cab
O16 - DPF: Yahoo! NHL StatTracker - http://aud5.sports.yahoo.com/java/y/nhlst8244_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt0_x.cab
O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/games/clients/y/wt0_x.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200207...meInstaller.exe
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ss/sa...abs/tgctlsr.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/...ymmapi_0727.dll
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.net/checkmypc/includes/MotivePreQual.cab
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://www.atlas.lsu.edu/acgm/acgm.cab
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CPDNService - University of Oxford, Computing Laboratory & Dept of Atmospheric Physics - D:\PROGRA~1\CLIMAT~1\execs\CPDNSE~1.EXE
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\System32\E_S00RP1.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\System32\SAgent4.exe
O23 - Service: TimeSync - Intellisoft AG, Switzerland - C:\WINDOWS\SYSTEM32\timesync.exe
O23 - Service: VMware Converter Service (ufad-p2v) - VMware, Inc. - C:\Program Files\VMware\VMware Converter\vmware-ufad.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 11182 bytes

#10 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 10 January 2009 - 03:23 PM

1. Please open Notepad
  • Click Start, then Run
  • Type notepad.exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

Driver::

File::
c:\windows\system32\nopayopa.dll
c:\windows\system32\vidiyuyo.dll
c:\windows\System32\tanudeke.dll
c:\windows\System32\jpinedms.dll
c:\windows\system32\kanelewu.dll

Folder::
c:\program files\Common Files\kuzq
c:\program files\GetPack

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}]

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#11 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 16 January 2009 - 04:16 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users