Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hopefully an easy one - just want a check please!


  • This topic is locked This topic is locked
6 replies to this topic

#1 Origami

Origami

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:40 AM

Posted 30 December 2008 - 10:25 PM

My other PC got infected yesterday (I've no connected it to the internet since) and had some trojans and other nasties on there. I've done what I hope is a thorough virus/trojan/ad scan with about seven different programs and they're coming up clean now but I would really appreciate somebody casting an eye over this log just to make sure there's nothing left and it's safe for internet use again.

Thank you


DDS (Version 1.1.0) - NTFSx86
Run by mini motto at 3:14:11.40 on 31/12/2008
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.932.81.1033.18.894.499 [GMT 0:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Updated)
FW: ZoneAlarm Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\S3trayp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Documents and Settings\mini motto\Desktop\dds.scr
C:\Documents and Settings\mini motto\Desktop\dds.scr
C:\WINDOWS\system32\conime.exe

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = hxxp://redirect.zonelabs.com/redirect/route?oem=1025&prod=0&mode=6&app=inclient&version=8.0.065.000&lang=en&locale=en-GB&date=-86400&link_id=9&dest=welcome&lic=j5hvqhisiu3s4he7bhx644bu4g0
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [VTTimer] VTTimer.exe
mRun: [S3Trayp] S3trayp.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\minimo~1\applic~1\mozilla\firefox\profiles\kw0ppsly.default\
FF - prefs.js: browser.startup.homepage - www.ebay.co.uk
FF - component: c:\program files\mozilla firefox\components\iamfamous.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll

============= SERVICES / DRIVERS ===============

R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2008-3-28 24064]
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2008-12-27 21656]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-23 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-12-23 26824]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-9-25 353680]
R2 aawservice;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" [2008-9-10 611664]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-12-23 231704]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service []
R3 Com4QLBEx;Com4QLBEx;"c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe" [2008-11-30 193840]
R3 S3GIGP;S3GIGP;c:\windows\system32\drivers\S3gIGPm.sys [2008-7-21 605696]
S3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\drivers\SCR3XX2K.sys [2007-6-21 56448]

=============== Created Last 30 ================

2008-12-31 03:02 <DIR> --d----- c:\program files\Trend Micro
2008-12-30 23:52 <DIR> --d----- c:\docume~1\minimo~1\applic~1\Malwarebytes
2008-12-30 23:52 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-12-30 23:52 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-30 23:52 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2008-12-30 23:52 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2008-12-30 06:10 <DIR> --d----- c:\program files\Lavasoft
2008-12-30 06:09 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2008-12-29 15:11 <DIR> --d----- c:\docume~1\minimo~1\applic~1\FALCOM
2008-12-29 15:10 <DIR> --d----- c:\program files\DAEMON Tools Lite
2008-12-29 15:05 <DIR> --d----- c:\docume~1\minimo~1\applic~1\DAEMON Tools Pro
2008-12-29 15:05 <DIR> --d----- c:\docume~1\minimo~1\applic~1\DAEMON Tools Lite
2008-12-29 13:09 <DIR> --d----- c:\documents and settings\mini motto\Bluetooth Software
2008-12-29 13:07 <DIR> --d----- c:\documents and settings\mini motto
2008-12-29 10:06 <DIR> --d----- c:\program files\SEGA
2008-12-28 16:38 163 a------- c:\windows\wininit.ini
2008-12-28 14:34 <DIR> --d-h--- C:\$AVG8.VAULT$
2008-12-28 14:15 <DIR> --d----- c:\docume~1\alluse~1\applic~1\eboostr
2008-12-27 14:09 <DIR> --d----- c:\windows\system32\appmgmt
2008-12-27 13:59 <DIR> --d----- c:\program files\VIA
2008-12-27 13:59 331,184 -------- c:\windows\system32\difxapi.dll
2008-12-27 13:58 21,656 a------- c:\windows\system32\drivers\xfilt.sys
2008-12-27 13:58 12,952 a------- c:\windows\system32\drivers\videX32.sys
2008-12-27 13:45 <DIR> --d----- c:\program files\Hp
2008-12-25 05:52 208,744 a------- c:\windows\system32\muweb.dll
2008-12-25 05:51 27,496 a------- c:\windows\system32\mucltui.dll.mui
2008-12-25 05:51 268,648 a------- c:\windows\system32\mucltui.dll
2008-12-25 03:01 107,368 a------- c:\windows\system32\GEARAspi.dll
2008-12-25 03:01 15,464 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2008-12-25 03:00 <DIR> --d----- c:\program files\iPod
2008-12-25 03:00 <DIR> --d----- c:\program files\iTunes
2008-12-25 03:00 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-25 02:58 <DIR> --d----- c:\program files\Bonjour
2008-12-24 15:27 <DIR> --d----- C:\FALCOM
2008-12-24 15:16 <DIR> -cdsh--- c:\program files\common files\WindowsLiveInstaller
2008-12-24 14:56 57,398 ac------ c:\windows\system32\dllcache\imjpdadm.exe
2008-12-24 14:09 162,850 ac------ c:\windows\system32\dllcache\c_10001.nls
2008-12-24 14:09 162,850 a------- c:\windows\system32\c_10001.nls
2008-12-23 14:34 28,288 ac------ c:\windows\system32\dllcache\xjis.nls
2008-12-23 14:34 28,288 a------- c:\windows\system32\xjis.nls
2008-12-23 14:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite
2008-12-23 13:52 717,296 a------- c:\windows\system32\drivers\sptd.sys
2008-12-23 13:43 805 a------- C:\rollback.ini
2008-12-23 12:17 8,192 ac------ c:\windows\system32\dllcache\kbdkor.dll
2008-12-23 12:17 8,192 a------- c:\windows\system32\kbdkor.dll
2008-12-23 12:17 8,704 ac------ c:\windows\system32\dllcache\kbdjpn.dll
2008-12-23 12:17 8,704 a------- c:\windows\system32\kbdjpn.dll
2008-12-23 12:17 5,632 ac------ c:\windows\system32\dllcache\kbd103.dll
2008-12-23 12:17 5,632 a------- c:\windows\system32\kbd103.dll
2008-12-23 12:17 6,144 ac------ c:\windows\system32\dllcache\kbd101c.dll
2008-12-23 12:17 6,144 a------- c:\windows\system32\kbd101c.dll
2008-12-23 12:17 6,144 ac------ c:\windows\system32\dllcache\kbd101b.dll
2008-12-23 12:17 6,144 a------- c:\windows\system32\kbd101b.dll
2008-12-23 12:17 6,144 ac------ c:\windows\system32\dllcache\kbd106.dll
2008-12-23 12:17 6,144 a------- c:\windows\system32\kbd106.dll
2008-12-23 12:11 <DIR> --d----- c:\program files\CCleaner
2008-12-23 11:57 4,212 a---h--- c:\windows\system32\zllictbl.dat
2008-12-23 11:55 73,104 a------- c:\windows\zllsputility.exe
2008-12-23 11:49 <DIR> --d----- c:\windows\system32\ZoneLabs
2008-12-23 11:49 <DIR> --d----- c:\program files\Zone Labs
2008-12-23 11:49 348,370 a------- c:\windows\system32\vsconfig.xml
2008-12-23 11:46 <DIR> --d----- c:\windows\Internet Logs
2008-12-23 11:44 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2008-12-23 11:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2008-12-23 11:24 10,520 a------- c:\windows\system32\avgrsstx.dll
2008-12-23 11:24 97,928 a------- c:\windows\system32\drivers\avgldx86.sys
2008-12-23 11:24 <DIR> --d----- c:\windows\system32\drivers\Avg
2008-12-23 11:24 <DIR> --d----- c:\program files\AVG
2008-12-23 11:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2008-12-21 22:49 14 a------- c:\windows\system32\SysEngineDrive1.sys
2008-12-21 22:49 363,520 ac------ c:\windows\system32\dllcache\psisdecd.dll
2008-12-21 22:49 56,832 ac------ c:\windows\system32\dllcache\msdvbnp.ax
2008-12-21 22:49 33,280 ac------ c:\windows\system32\dllcache\psisrndr.ax
2008-12-21 22:49 1,645,320 a------- c:\windows\system32\gdiplus.dll
2008-12-21 22:49 363,520 a------- c:\windows\system32\psisdecd.dll
2008-12-21 22:49 56,832 a------- c:\windows\system32\msdvbnp.ax
2008-12-21 22:49 33,280 a------- c:\windows\system32\psisrndr.ax
2008-12-05 22:50 <DIR> --d----- c:\program files\common files\Real
2008-12-01 13:38 459,264 -c------ c:\windows\system32\dllcache\msfeeds.dll
2008-12-01 13:38 52,224 -c------ c:\windows\system32\dllcache\msfeedsbs.dll
2008-12-01 13:38 6,066,176 -c------ c:\windows\system32\dllcache\ieframe.dll
2008-12-01 13:38 2,455,488 -c------ c:\windows\system32\dllcache\ieapfltr.dat
2008-12-01 13:38 991,232 -c------ c:\windows\system32\dllcache\ieframe.dll.mui
2008-12-01 13:38 383,488 -c------ c:\windows\system32\dllcache\ieapfltr.dll
2008-12-01 13:38 267,776 -c------ c:\windows\system32\dllcache\iertutil.dll
2008-12-01 13:38 13,824 -c------ c:\windows\system32\dllcache\ieudinit.exe
2008-12-01 13:38 63,488 -c------ c:\windows\system32\dllcache\icardie.dll

==================== Find3M ====================

2008-12-01 00:15 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-11-30 22:56 1,391,104 a------- c:\windows\system32\drivers\BCMWL5.SYS
2008-11-30 22:56 87,280 a------- c:\windows\system32\bcmwlcoi.dll
2008-11-30 22:56 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf
2008-11-30 22:56 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-11-30 22:39 21,640 a------- c:\windows\system32\emptyregdb.dat
2008-11-13 14:18 1,221,008 a------- c:\windows\system32\zpeng25.dll
2008-10-23 12:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-16 20:38 826,368 a------- c:\windows\system32\wininet.dll
2008-10-09 11:33 309,800 a------- c:\windows\system32\vsnp2uvc.dll
2008-10-09 11:33 27,176 a------- c:\windows\snuvcdsm.exe
2008-10-09 11:29 186,920 a------- c:\windows\system32\rsnp2uvc.dll
2008-10-09 11:28 195,112 a------- c:\windows\system32\csnp2uvc.dll
2008-10-03 10:02 247,326 a------- c:\windows\system32\strmdll.dll

============= FINISH: 3:15:41.29 ===============

BC AdBot (Login to Remove)

 


#2 Origami

Origami
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:40 AM

Posted 01 January 2009 - 09:30 AM

Sorry I just wanted to add -

I noticed this FF - component: c:\program files\mozilla firefox\components\iamfamous.dll was still turning up even though Malwarebytes claimed to have removed it (I also checked the folder itself and nothing was there even with hidden/system files turned on) but I was not able to uninstall Firefox. So I rebooted in safe mode and deleted all Mozilla and Firefox entries that appeared in a full search and this entry no longer pops up when I run dds.scr

I have since run CCleaner, then AVG, Spybot, Malwarebytes Anti-Malware, Ad-Aware and Norman Malware Cleaner (all on full scans) and they are all coming up completely clean, but I would like confirmation that this is the same as being safe!

Edited by Origami, 01 January 2009 - 09:31 AM.


#3 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:03:40 AM

Posted 10 January 2009 - 12:13 PM

Welcome to the BleepingComputer Forums.

Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Please post the contents of log.txt.
Thank you for your patience.

Please see Preparation Guide for use before posting about your potential Malware problem.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.

While we are working on your HijackThis log, please:
  • Reply to this thread; do not start another!
  • Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so.
  • Do not run any other tool until instructed to do so!
  • Let me know if any of the links do not work or if any of the tools do not work.
  • Tell me about problems or symptoms that occur during the fix.
  • Do not run any other programs or open any other windows while doing a fix.
  • Ask any questions that you have regarding the fix(es), the infection(s), the performance of your computer, etc.
Thanks.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#4 Origami

Origami
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:40 AM

Posted 10 January 2009 - 12:38 PM

Thank you for your response, I will follow the steps given and post a fresh log as soon as I can (realistically, tomorrow morning).

#5 Origami

Origami
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:40 AM

Posted 10 January 2009 - 10:16 PM

Contents of the fresh log -

Logfile of random's system information tool 1.05 (written by random/random)
Run by mini motto at 2009-01-11 02:38:11
Microsoft Windows XP Professional Service Pack 3
System drive C: has 87 GB (76%) free of 114 GB
Total RAM: 1790 MB (74% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:14:12, on 11/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\S3trayp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\mini motto\Desktop\RSIT.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Trend Micro\HijackThis\mini motto.exe

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7384 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{62F21DF0-0AB7-4CF8-B375-FDC6E2DB34DB}.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{BDC28BA6-A69D-4D92-919C-07F139A93B1E}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-12-23 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2008-05-14 177456]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-01-18 1028096]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2008-04-04 1044480]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2008-03-24 884736]
"VTTimer"=C:\WINDOWS\system32\VTTimer.exe [2008-04-16 81920]
"S3Trayp"=C:\WINDOWS\system32\S3trayp.exe [2007-09-30 200704]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-12-24 1261336]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-04 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"TrojanScanner"=C:\Program Files\Trojan Remover\Trjscan.exe [2008-12-10 1230728]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-11-13 981904]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-12-10 216520]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-01-11 02:38:11 ----D---- C:\rsit
2009-01-05 05:58:01 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-01-05 05:57:37 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-01-05 05:57:33 ----D---- C:\Documents and Settings\mini motto\Application Data\Simply Super Software
2009-01-05 05:57:33 ----D---- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2009-01-05 05:57:31 ----HD---- C:\WINDOWS\PIF
2009-01-05 05:54:34 ----D---- C:\Config.Msi
2009-01-03 03:58:28 ----D---- C:\Documents and Settings\mini motto\Application Data\Mozilla
2009-01-02 17:39:07 ----D---- C:\Program Files\Mozilla Firefox
2009-01-02 14:23:50 ----A---- C:\WINDOWS\system32\zlcommdb.dll
2009-01-02 14:23:49 ----A---- C:\WINDOWS\system32\zlcomm.dll
2009-01-02 14:23:40 ----A---- C:\WINDOWS\system32\vswmi.dll
2009-01-02 14:23:34 ----A---- C:\WINDOWS\system32\zpeng25.dll
2009-01-02 12:54:03 ----A---- C:\WINDOWS\ntbtlog.txt
2009-01-01 15:01:00 ----A---- C:\WINDOWS\system32\ztvunrar36.dll
2009-01-01 15:01:00 ----A---- C:\WINDOWS\system32\ztvunace26.dll
2009-01-01 15:01:00 ----A---- C:\WINDOWS\system32\ztvcabinet.dll
2009-01-01 15:01:00 ----A---- C:\WINDOWS\system32\unacev2.dll
2009-01-01 15:00:59 ----A---- C:\WINDOWS\system32\UNRAR3.dll
2009-01-01 15:00:56 ----D---- C:\Program Files\Trojan Remover
2009-01-01 14:04:40 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-01 13:27:14 ----D---- C:\WINDOWS\system32\NtmsData
2008-12-31 03:02:02 ----D---- C:\Program Files\Trend Micro
2008-12-30 23:52:51 ----D---- C:\Documents and Settings\mini motto\Application Data\Malwarebytes
2008-12-30 23:52:43 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-30 23:52:43 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-30 06:10:26 ----D---- C:\Program Files\Lavasoft
2008-12-30 06:10:23 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-12-30 06:09:46 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-30 03:14:18 ----D---- C:\Documents and Settings\mini motto\Application Data\WinRAR
2008-12-29 15:11:31 ----D---- C:\Documents and Settings\mini motto\Application Data\FALCOM
2008-12-29 15:10:12 ----D---- C:\Program Files\DAEMON Tools Lite
2008-12-29 15:05:02 ----D---- C:\Documents and Settings\mini motto\Application Data\DAEMON Tools Pro
2008-12-29 15:05:02 ----D---- C:\Documents and Settings\mini motto\Application Data\DAEMON Tools Lite
2008-12-29 15:05:02 ----D---- C:\Documents and Settings\mini motto\Application Data\DAEMON Tools
2008-12-29 13:45:21 ----D---- C:\Documents and Settings\mini motto\Application Data\Apple Computer
2008-12-29 13:41:09 ----D---- C:\Documents and Settings\mini motto\Application Data\Macromedia
2008-12-29 13:41:09 ----D---- C:\Documents and Settings\mini motto\Application Data\Adobe
2008-12-29 13:08:49 ----D---- C:\Documents and Settings\mini motto\Application Data\Identities
2008-12-29 13:07:49 ----ASH---- C:\Documents and Settings\mini motto\Application Data\desktop.ini
2008-12-29 13:07:48 ----SD---- C:\Documents and Settings\mini motto\Application Data\Microsoft
2008-12-29 10:06:27 ----D---- C:\Program Files\SEGA
2008-12-28 16:38:16 ----A---- C:\WINDOWS\wininit.ini
2008-12-28 14:34:37 ----HD---- C:\$AVG8.VAULT$
2008-12-28 14:15:16 ----D---- C:\Documents and Settings\All Users\Application Data\eboostr
2008-12-27 14:09:18 ----D---- C:\WINDOWS\system32\appmgmt
2008-12-27 13:59:32 ----N---- C:\WINDOWS\system32\difxapi.dll
2008-12-27 13:59:32 ----D---- C:\Program Files\VIA
2008-12-27 13:45:05 ----D---- C:\Program Files\Hp
2008-12-25 05:52:00 ----A---- C:\WINDOWS\system32\muweb.dll
2008-12-25 05:51:56 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-12-25 05:51:42 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-12-25 03:01:44 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2008-12-25 03:00:40 ----D---- C:\Program Files\iPod
2008-12-25 03:00:20 ----D---- C:\Program Files\iTunes
2008-12-25 03:00:20 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-25 02:58:27 ----D---- C:\Program Files\Bonjour
2008-12-25 02:55:02 ----D---- C:\Program Files\QuickTime
2008-12-25 02:55:00 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-12-25 02:54:04 ----D---- C:\Program Files\Apple Software Update
2008-12-25 02:53:01 ----D---- C:\Program Files\Common Files\Apple
2008-12-25 02:53:00 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2008-12-24 15:27:47 ----D---- C:\FALCOM
2008-12-24 15:16:31 ----SHDC---- C:\Program Files\Common Files\WindowsLiveInstaller
2008-12-24 15:15:50 ----D---- C:\Program Files\Windows Live
2008-12-24 15:15:29 ----D---- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-12-24 14:57:42 ----A---- C:\WINDOWS\system32\korwbrkr.dll
2008-12-24 14:57:42 ----A---- C:\WINDOWS\system32\chtbrkr.dll
2008-12-24 14:57:42 ----A---- C:\WINDOWS\system32\chsbrkr.dll
2008-12-24 14:57:41 ----A---- C:\WINDOWS\system32\msir3jp.dll
2008-12-24 14:57:18 ----A---- C:\WINDOWS\system32\kbd101a.dll
2008-12-24 14:57:06 ----A---- C:\WINDOWS\system32\kbdnecNT.dll
2008-12-24 14:57:06 ----A---- C:\WINDOWS\system32\kbdnecAT.dll
2008-12-24 14:57:06 ----A---- C:\WINDOWS\system32\kbdnec95.dll
2008-12-24 14:56:49 ----A---- C:\WINDOWS\system32\c_is2022.dll
2008-12-23 14:30:19 ----D---- C:\Program Files\WinRAR
2008-12-23 14:01:11 ----D---- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
2008-12-23 13:43:24 ----N---- C:\rollback.ini
2008-12-23 12:17:36 ----A---- C:\WINDOWS\system32\kbdkor.dll
2008-12-23 12:17:33 ----A---- C:\WINDOWS\system32\kbdjpn.dll
2008-12-23 12:17:31 ----A---- C:\WINDOWS\system32\kbd103.dll
2008-12-23 12:17:29 ----A---- C:\WINDOWS\system32\kbd101c.dll
2008-12-23 12:17:21 ----A---- C:\WINDOWS\system32\kbd101b.dll
2008-12-23 12:17:10 ----A---- C:\WINDOWS\system32\kbd106.dll
2008-12-23 12:11:45 ----D---- C:\Program Files\CCleaner
2008-12-23 11:58:51 ----D---- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-12-23 11:55:55 ----A---- C:\WINDOWS\zllsputility.exe
2008-12-23 11:51:16 ----A---- C:\WINDOWS\system32\vsregexp.dll
2008-12-23 11:49:27 ----N---- C:\WINDOWS\system32\vsxml.dll
2008-12-23 11:49:19 ----D---- C:\WINDOWS\system32\ZoneLabs
2008-12-23 11:49:19 ----D---- C:\Program Files\Zone Labs
2008-12-23 11:46:57 ----D---- C:\WINDOWS\Internet Logs
2008-12-23 11:44:14 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-23 11:44:14 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-23 11:24:36 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2008-12-23 11:24:07 ----D---- C:\Program Files\AVG
2008-12-23 11:24:07 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-12-21 22:49:44 ----A---- C:\WINDOWS\system32\psisdecd.dll
2008-12-21 22:49:44 ----A---- C:\WINDOWS\system32\gdiplus.dll

======List of files/folders modified in the last 1 months======

2009-01-11 03:14:12 ----D---- C:\WINDOWS\Temp
2009-01-11 03:13:50 ----D---- C:\WINDOWS\Prefetch
2009-01-08 17:28:46 ----D---- C:\WINDOWS\system32\drivers
2009-01-06 09:17:27 ----D---- C:\WINDOWS
2009-01-06 07:41:35 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-01-06 07:40:54 ----HD---- C:\WINDOWS\inf
2009-01-06 07:39:34 ----D---- C:\WINDOWS\system32
2009-01-06 07:39:21 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-05 05:58:35 ----RD---- C:\Program Files
2009-01-05 05:56:19 ----SHD---- C:\WINDOWS\Installer
2009-01-02 17:46:28 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-01-01 13:57:12 ----SHD---- C:\RECYCLER
2009-01-01 13:53:04 ----D---- C:\Documents and Settings
2009-01-01 13:34:17 ----SHD---- C:\System Volume Information
2009-01-01 13:28:36 ----D---- C:\WINDOWS\repair
2009-01-01 13:28:30 ----D---- C:\WINDOWS\Registration
2009-01-01 13:27:13 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-01-01 13:15:40 ----D---- C:\WINDOWS\system32\Restore
2008-12-30 06:52:45 ----D---- C:\WINDOWS\Minidump
2008-12-30 06:52:45 ----D---- C:\WINDOWS\Debug
2008-12-30 06:09:46 ----D---- C:\Program Files\Common Files
2008-12-29 13:47:11 ----SD---- C:\WINDOWS\Tasks
2008-12-29 11:36:59 ----D---- C:\WINDOWS\system32\inetsrv
2008-12-29 10:06:26 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-28 17:11:04 ----D---- C:\WINDOWS\Help
2008-12-27 14:02:59 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-12-27 13:59:02 ----D---- C:\Program Files\Common Files\InstallShield
2008-12-27 13:43:21 ----D---- C:\swsetup
2008-12-25 03:01:43 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-12-24 15:18:56 ----D---- C:\WINDOWS\WinSxS
2008-12-24 15:06:46 ----A---- C:\WINDOWS\system.ini
2008-12-24 14:57:34 ----RSD---- C:\WINDOWS\Fonts
2008-12-23 13:24:20 ----D---- C:\WINDOWS\AppPatch
2008-12-23 10:57:35 ----D---- C:\Program Files\Common Files\Real
2008-12-21 22:51:04 ----D---- C:\Program Files\Internet Explorer
2008-12-21 22:42:43 ----D---- C:\WINDOWS\ie7updates
2008-12-21 22:42:37 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-13 06:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-12-23 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-12-23 26824]
R1 FsVga;FsVga; C:\WINDOWS\system32\DRIVERS\fsvga.sys [2004-08-04 12160]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2008-11-13 353680]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2008-04-11 338944]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2007-07-13 94976]
R3 b57w2k;Broadcom NetLink ™ Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2007-11-29 163328]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2008-11-30 1391104]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2008-04-03 879624]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2008-04-03 74688]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2008-04-28 9344]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 S3GIGP;S3GIGP; C:\WINDOWS\system32\DRIVERS\S3gIGPm.sys [2008-07-21 605696]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\WINDOWS\system32\DRIVERS\snp2uvc.sys [2008-10-09 1810856]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2008-01-18 220640]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 aolo7bby;aolo7bby; C:\WINDOWS\system32\drivers\aolo7bby.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SCR3XX2K;SCR3xx USB SmartCardReader; C:\WINDOWS\system32\DRIVERS\SCR3XX2K.sys [2007-06-21 56448]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\WINDOWS\system32\DRIVERS\xusb21.sys [2007-08-28 55808]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-12-23 231704]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2008-03-31 264800]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2008-11-13 2405776]
R3 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2008-05-01 165192]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------

Thank you

#6 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:03:40 AM

Posted 11 January 2009 - 05:36 PM

I do not see any obvious signs of malware. Let's do some general cleaning.

Step 1

You may want to print this page. Make sure to work through the fixes in the order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Step 2

The entry below indicates that you have LinkScanner installed on your computer.

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dlll

WebmasterWorld says:
LinkScanner was withdrawn because it was a security risk for AVG users.

I recommend that you remove "AVG V8" and reload it without the website scanner. Please download AVG Free. Please see this thread regarding LinkScanner Concerns AVG Stops Real-Time Scanning".

On July 5, 2008 Peter Cameron, a managing director of AVG for Australia and New Zealand, said that the AVG free edition is already fixed, and a new commercial version will be released on July 9. He pointed to a new version of free AVG 8 (build 138, July 4) that "addressed and rectified the issue," and also said that the old version of free AVG 8 was currently getting auto-updated with the new code, but that this usually takes a few days to propagate to the users.

Step 3

In Normal Mode, run an online malware check from at least two and preferably three (one may catch something that another one may not) of the following sites
BitDefender
Computer Associates Online Virus Scan
Kaspersky Online Virus Scanner
McAfee FreeScan
Panda's ActiveScan
Trend Micro™ HouseCall
Windows Live Safety Center Free Online Scan
WindowSecurity.com TrojanScan
When you have completed the scans, if you get a report of files that cannot be cleaned / deleted, make a note of the file location of anything that cannot be cleaned / deleted. Please edit the log(s) and remove:
  • items listed as "Object is locked skipped"
  • items reported that are in a quarantine folder
Please post the edited list in your next reply.

Step 4

I recommend using Spyware Blaster.
  • Please download SpywareBlaster and save it to your desktop.
  • Double click on it to install the program.
  • Follow the prompts and choose the default locations when installing the program.
  • When the program is installed, it will place an icon on your desktop.
  • Double click on the SpywareBlaster icon and you will be presented with a brief tutorial. On the first page of this tutorial, you will see some of the SpywareBlaster features
  • Click on the Next button to proceed to the second page of the tutorial.
  • If you want to purchase the software, then you should select Automatic Updating. If you do not plan on purchasing the software, then you should select the option for Manual Updating. Press the Next button.
  • At the next screen, click Finish.
  • At the next screen, Protection Status, click Enable All Protection.
  • Click Download Latest Protection Updates. This will ensure that SpywareBlaster has the latest definitions so that it can protect your browser more efficiently. You should update SpywareBlaster regularly, as much as every few days, in order to provide the best protection. Each time you update, be sure to click Enable All Protection.
Step 5
  • Please download SUPERAntiSpyware (SAS) - SUPERAntiSpyware Free Version For Home Users
  • Install it and double-click the icon on your desktop to run it.
  • It will ask if you want to update the program definitions, click Yes.
  • Under Configuration and Preferences, click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options, make sure the following are checked:
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
    • Please leave the others unchecked.
  • Click the Close button to leave the control center screen.
  • On the main screen, under Scan for Harmful Software, click Scan your computer.
  • On the left, check C:\Fixed Drive.
  • On the right, under Complete Scan, choose Perform Complete Scan.
  • Click Next to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a summary box will appear. Click OK.
  • Make sure everything in the white box has a check next to it, then click Next.
  • It will quarantine what it found and if it asks if you want to reboot, click Yes.
  • To retrieve the removal information, please do the following:
    • After reboot, double-click the SUPERAntispyware icon on your desktop.
    • Click Preferences. Click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • It will open in your default text editor (such as Notepad/Wordpad).
    • Please highlight everything in the notepad, then right-click and choose Copy.
    • Click Close and Close again to exit the program.
  • Please post that information with a new HijackThis log.
Step 6
  • Please download the ATF-Cleaner by Atribune.
  • Double-click ATF-Cleaner.exe to run the program.
  • Check the boxes to the left of:
    • Windows Temp
    • Current User Temp
    • All Users Temp
    • Temporary Internet Files
    • Prefetch (Windows XP) only
    • Java Cache
  • The rest are optional - if you want to remove them all, check Select All.
  • Click the Empty Selected button.
  • When you get the Done Cleaning message, click OK.
  • Follow the same steps for Firefox or Opera. You have the option of checking No if you want to save your passwords.
  • Click Exit on the Main menu to close the program.
Do not run it yet.

Step 7

Optional Fixes is the name that we use for fixes for unnecessary programs that load during startup and run in the background. These programs are not required to start automatically as you can start them manually if you need them. You would be removing the program from your startup but you would not be removing the program itself.

Your computer may be sluggish due to the many programs loading during startup and running in the background that are not necessary. Windows has a facility for starting programs at startup time. Some of these programs are required for your computer and the applications installed on it to run correctly. A good example of such a program is a virus-checking application that must always run, constantly checking for and isolating or removing files with viruses. Other such programs are not strictly required, or are optional. In some cases, you can gain significant performance enhancements by disabling the automatic startup of these programs. In many cases, the functionality offered by the programs is still available by starting the programs manually by, for example, starting the program from the Windows Start->Programs menu. Media players and instant messaging programs often fall into this category. In fact, it is common for many modern software applications, when installed, to add programs at startup that add items to the system tray or shortcut (context) menus in Windows Explorer to provide quick access to the features and functions of these applications. While they may be useful, they do increase boot time and consume system resources. It is advised that you disable these programs so that they do not take up necessary resources or slow the boot time.

Other than ScanRegistry, SystemTray, StateMgr, antivirus program entries, and firewall program entries, very few others need to load and run.

Read the articles below to see if it applies to your computer problem with being slow to respond.
Slow_Computer_Check_here_first_it_may_not_be_malware.
Help! My computer is slow!
50 Tips for a Super Fast PC
4 Ways to Speed Up Your Computer's Performance
It's not always malware: How to fix the top 10 Internet Explorer issues

If you decide that you want to stop the Optional Fixes in your startup, let me know and I will give you a list with instructions. You would be removing the program from your startup but you would not be removing the program itself.

Step 8

Let’s run ATF-Cleaner to ensure no malware is hiding in temporary folders and for general computer cleanup to free space on your computer.

Step 9

Please run HijackThis in Normal Mode and post:
  • the list of file names and locations for any files that cannot be cleaned / deleted that were reported after you completed the online scans.
  • the log from SUPERAntiSpyware
  • a new HijackThis log
Please advise me of any problems you still have..
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#7 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:03:40 AM

Posted 19 January 2009 - 03:37 PM

This subject is now closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users