Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antivirus 2009


  • This topic is locked This topic is locked
8 replies to this topic

#1 rtinsky

rtinsky

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:59 PM

Posted 03 January 2009 - 12:14 AM

AV2009 keeps reinstalling itself. There are several files that keep reloading themselves. I have removed them from the startup list, but they return as quickly as I remove them. AVG find and removes some files, but they come back after reboot. I have included the log file from HijackThis. I need help on removing this malware.


DDS (Version 1.1.0) - FAT32x86
Run by rtinsky at 0:07:59.06 on Sat 01/03/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.659 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
SVCHOST.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\rtinsky\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.csaccess.net
uDefault_Search_URL = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uStart Page = hxxp://www.google.com/ig?hl=en&source=iglk
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uWindow Title = Computer Solutions 937-444-2178
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common

files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: {8ca65119-aabe-495b-8821-e2c77ca74b7a} - c:\windows\system32\pebubolo.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {A057A204-BACC-4D26-8988-34A187E2698B} - No File
EB: {231F6FAB-ECED-4975-9EF2-C0C7BC81927B} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [IncrediMail] c:\program files\incredimail\bin\IncMail.exe /c
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [CPM165a20e4] Rundll32.exe "c:\windows\system32\jenanibi.dll",a
mRun: [dahogusomi] Rundll32.exe "c:\windows\system32\fohitoti.dll",s
Trusted Zone: microsoft.com\*.update
Trusted Zone: windowsupdate.com\download
TCP: {16104532-958C-45D0-8C81-B2889F2407F0} = 209.251.2.100
TCP: {DA35D4FA-B58F-4058-B000-22ADDB71C195} = 209.251.2.100,209.251.2.101
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: igfxcui - igfxsrvc.dll
AppInit_DLLs: c:\windows\system32\ratebadi.dll c:\windows\system32\jenanibi.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\jenanibi.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\jenanibi.dll
LSA: Notification Packages = scecli c:\windows\system32\tugoheri.dll c:\windows\system32\ratebadi.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-10 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-12-10 26824]
R1 prodrv04;Star Force copy protection driver v4;c:\windows\system32\drivers\prodrv04.sys [2007-4-16 114496]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-12-10 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-12-10 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-12-10 76040]
R2 EpmPsd;Acer EPM Power Scheme Driver;\??\c:\windows\system32\drivers\epm-psd.sys [2005-6-16 4096]
R2 EpmShd;Acer EPM System Hardware Driver;\??\c:\windows\system32\drivers\epm-shd.sys [2005-6-16 78208]
S2 osaio;osaio;c:\windows\system32\drivers\osaio.sys []
S2 osanbm;osanbm;c:\windows\system32\drivers\osanbm.sys []
S3 cc715239-7eee-4ef8-8bcd-14f3622033bf;cc715239-7eee-4ef8-8bcd-14f3622033bf;\??\e:\cds300\cds300.dll []
S3 fixustor;fixustor;c:\windows\system32\drivers\fixustor.sys [2005-10-5 6016]
S3 PortlUSB;PortlUSB;c:\windows\system32\drivers\SiriusUSB.sys []
S3 POWERKEY;POWERKEY;\??\c:\program files\launch manager\POWERKEY.sys []
S3 WLAN;802.11b Wireless LAN Driver;c:\windows\system32\drivers\WLANNDS.sys []

=============== Created Last 30 ================

2009-01-02 21:38 <DIR> --dsh--- C:\FOUND.001
2009-01-02 19:51 66,817 a--sh--- c:\windows\system32\ratebadi.dll
2009-01-02 19:51 1,262,075 ---sh--- c:\windows\system32\oyomilup.ini
2009-01-02 19:51 102,193 a--sh--- c:\windows\system32\jenanibi.dll
2009-01-02 19:51 92,419 a--sh--- c:\windows\system32\pulimoyo.dll
2009-01-02 19:51 66,817 a--sh--- c:\windows\system32\guhobopo.dll
2008-12-27 17:14 1,685,430 ---sh--- c:\windows\system32\ihevebom.ini
2008-12-27 00:05 1,685,430 ---sh--- c:\windows\system32\usalivek.ini
2008-12-26 05:33 1,603,449 ---sh--- c:\windows\system32\anuvobov.ini
2008-12-25 15:28 1,603,449 ---sh--- c:\windows\system32\odakujum.ini
2008-12-25 02:27 1,603,449 ---sh--- c:\windows\system32\eletereg.ini
2008-12-24 14:27 1,603,449 ---sh--- c:\windows\system32\ihotagug.ini
2008-12-24 02:27 1,603,449 ---sh--- c:\windows\system32\epodowan.ini
2008-12-23 17:03 <DIR> --d----- c:\docume~1\rtinsky\applic~1\Cat's Eye Games
2008-12-23 17:02 <DIR> --d----- c:\program files\The Hidden Prophecies of Nostradamus
2008-12-23 15:51 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AdventureChronicles1
2008-12-23 15:50 <DIR> --d----- c:\program files\Adventure Chronicles - The Search for Lost Treasure
2008-12-23 14:33 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PlayPond
2008-12-23 13:25 1,603,449 ---sh--- c:\windows\system32\enelojob.ini
2008-12-23 12:23 62,464 a------- c:\windows\system32\~.exe
2008-12-20 22:24 <DIR> --d----- c:\docume~1\rtinsky\applic~1\Pogo Games
2008-12-20 00:09 <DIR> --d-h--- c:\windows\$hf_mig$
2008-12-19 22:45 <DIR> --d----- c:\program files\Amazing_Finds
2008-12-19 21:29 <DIR> --d----- c:\program files\Nocturnal - Boston Nightfall
2008-12-19 18:47 <DIR> --d----- c:\docume~1\rtinsky\applic~1\Shape games
2008-12-19 17:33 <DIR> --d----- c:\program files\Gourmania
2008-12-19 12:55 <DIR> --d----- c:\docume~1\rtinsky\applic~1\Gold Casual Games
2008-12-19 12:55 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Gold Casual Games
2008-12-19 07:41 208,744 a------- c:\windows\system32\muweb.dll
2008-12-18 23:42 <DIR> --dsh--- C:\FOUND.000
2008-12-18 17:44 <DIR> --d----- c:\docume~1\rtinsky\applic~1\cerasus.media
2008-12-18 16:08 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ERS G-Studio
2008-12-18 16:04 <DIR> --d----- c:\program files\Steve The Sheriff
2008-12-18 15:37 1,603,449 ---sh--- c:\windows\system32\ipogirut.ini
2008-12-18 00:41 94,720 a------- C:\MsiZapU.exe
2008-12-17 23:25 <DIR> --d----- c:\program files\Trend Micro
2008-12-17 15:36 1,605,045 ---sh--- c:\windows\system32\ekuyevuk.ini
2008-12-17 02:50 1,588,726 ---sh--- c:\windows\system32\ufejovol.ini
2008-12-16 22:07 <DIR> --d----- c:\docume~1\rtinsky\applic~1\Artogon
2008-12-16 22:05 <DIR> --d----- c:\program files\Treasure Seekers - Visions of Gold
2008-12-16 19:07 <DIR> --d----- c:\docume~1\rtinsky\applic~1\Friday's games
2008-12-16 15:50 <DIR> --d----- c:\program files\Hidden Mysteries - Buckingham Palace
2008-12-16 14:19 1,588,726 ---sh--- c:\windows\system32\ofupiyup.ini
2008-12-16 02:20 <DIR> --d-h--- C:\$AVG8.VAULT$
2008-12-16 02:19 1,588,727 ---sh--- c:\windows\system32\omihibuy.ini
2008-12-15 21:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Alawar Stargaze
2008-12-15 13:38 1,588,171 ---sh--- c:\windows\system32\ilufogot.ini
2008-12-15 01:38 1,589,605 ---sh--- c:\windows\system32\omalazoy.ini
2008-12-14 13:37 1,589,605 ---sh--- c:\windows\system32\etutimid.ini
2008-12-13 20:33 1,589,614 ---sh--- c:\windows\system32\ipijewak.ini
2008-12-12 23:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Playrix Entertainment
2008-12-10 14:22 76,040 a------- c:\windows\system32\drivers\avgtdix.sys
2008-12-10 14:22 10,520 a------- c:\windows\system32\avgrsstx.dll
2008-12-10 14:22 97,928 a------- c:\windows\system32\drivers\avgldx86.sys
2008-12-10 14:22 <DIR> --d----- c:\windows\system32\drivers\Avg
2008-12-10 14:21 <DIR> --d----- c:\program files\AVG
2008-12-10 10:48 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avg8

==================== Find3M ====================

2008-12-13 01:40 3,593,216 a------- c:\windows\system32\dllcache\mshtml.dll
2008-10-24 06:21 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 07:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-23 07:36 286,720 -------- c:\windows\system32\dllcache\gdi32.dll
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 08:11 70,656 a------- c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 08:11 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 11:34 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
2008-10-15 02:06 633,632 a------- c:\windows\system32\dllcache\iexplore.exe
2008-10-15 02:04 161,792 a------- c:\windows\system32\dllcache\ieakui.dll
2006-05-20 17:21 774,144 a------- c:\program files\RngInterstitial.dll
2002-07-31 19:55 104 ---sh--- c:\windows\WSYS049.SYS
2008-09-23 12:23 62,464 a--sh--- c:\windows\system32\siginaku.dll
2008-09-23 12:23 62,464 a--sh--- c:\windows\system32\tedeyadu.dll
2008-08-05 22:56 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5

\mshist012008080520080806\index.dat

============= FINISH: 0:08:57.70 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:05:59 AM

Posted 05 January 2009 - 03:35 AM

Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.



NEXT


Please download GMER and unzip it to your Desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.


Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GMER result..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 rtinsky

rtinsky
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:59 PM

Posted 06 January 2009 - 12:31 AM

Malwarebytes' Anti-Malware 1.32
Database version: 1622
Windows 5.1.2600 Service Pack 3

1/6/2009 12:10:46 AM
mbam-log-2009-01-06 (00-10-46).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 102088
Time elapsed: 28 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 16
Registry Values Infected: 4
Registry Data Items Infected: 5
Folders Infected: 1
Files Infected: 17

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\ratebadi.dll (Trojan.Vundo) -> Delete on reboot.
c:\WINDOWS\system32\jenanibi.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8ca65119-aabe-495b-8821-e2c77ca74b7a} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8ca65119-aabe-495b-8821-e2c77ca74b7a} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{dcd2f298-bfa3-410f-8c21-b422af11f363} (Adware.AdSponsor) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{1f5e0ea2-abea-44c3-95ec-2d1e721fe95e} (Adware.AdSponsor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a26f07f-0d60-4835-91cf-1e1766a0ec56} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{09f1adac-76d8-4d0f-99a5-5c907dadb988} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2d2bee6e-3c9a-4d58-b9ec-458edb28d0f6} (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9815da81-2e0c-478c-90e4-06e474e704d0} (Adware.AdSponsor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{231f6fab-eced-4975-9ef2-c0c7bc81927b} (Adware.AdSponsor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{231f6fab-eced-4975-9ef2-c0c7bc81927b} (Adware.AdSponsor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\BndDrive (Trojan.Adware) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm165a20e4 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dahogusomi (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo) -> Data: c:\windows\system32\ratebadi.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\ratebadi.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo) -> Data: system32\ratebadi.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\jenanibi.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\jenanibi.dll -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\rtinsky\Start Menu\Antivirus 2009 (Rogue.Antivirus2008) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\pulimoyo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oyomilup.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\jenanibi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ratebadi.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\~.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\siginaku.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tedeyadu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\BIT3.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\BIT4.tmp (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\guhobopo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\rtinsky\Local Settings\Temporary Internet Files\Content.IE5\6WH2AFXV\InstallAVg_770522170802[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Program Files\Trend Micro\HijackThis\backups\backup-20090102-225536-463.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\rtinsky\Start Menu\Antivirus 2009\Antivirus 2009.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\rtinsky\Start Menu\Antivirus 2009\Uninstall Antivirus 2009.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\WINDOWS\wr.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ClickToFindandFixErrors_US.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\rtinsky\results.txt (Malware.Trace) -> Quarantined and deleted successfully.


Logfile of random's system information tool 1.05 (written by random/random)
Run by rtinsky at 2009-01-06 00:13:30
Microsoft Windows XP Professional Service Pack 3
System drive C: has 16 GB (60%) free of 27 GB
Total RAM: 1014 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:13:53 AM, on 1/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Documents and Settings\rtinsky\Desktop\Fix\RSIT.exe
C:\PROGRA~1\AVG\AVG8\avgupd.exe
C:\Program Files\Trend Micro\HijackThis\rtinsky.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.csaccess.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Computer Solutions 937-444-2178
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKUS\S-1-5-19\..\Run: [dahogusomi] Rundll32.exe "C:\WINDOWS\system32\fohitoti.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [dahogusomi] Rundll32.exe "C:\WINDOWS\system32\fohitoti.dll",s (User 'NETWORK SERVICE')
O15 - Trusted Zone: http://download.windowsupdate.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{16104532-958C-45D0-8C81-B2889F2407F0}: NameServer = 209.251.2.100
O17 - HKLM\System\CCS\Services\Tcpip\..\{DA35D4FA-B58F-4058-B000-22ADDB71C195}: NameServer = 209.251.2.100,209.251.2.101
O17 - HKLM\System\CS1\Services\Tcpip\..\{16104532-958C-45D0-8C81-B2889F2407F0}: NameServer = 209.251.2.100
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)

--
End of file - 3995 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\User_Feed_Synchronization-{E872D358-87C4-49FB-9FB1-B45311D05052}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-12-10 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 184423]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-04-15 77824]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-12-10 1261336]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"IncrediMail"=C:\Program Files\IncrediMail\bin\IncMail.exe [2008-11-09 243072]
"Weather"=C:\Program Files\AWS\WeatherBug\Weather.exe [2007-08-29 1347584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2005-01-23 348160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\WINDOWS\system32\tugoheri.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\System32\usmt\migwiz.exe"="C:\WINDOWS\System32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Remote Helpdesk\remhelp.exe"="C:\Remote Helpdesk\remhelp.exe:*:Enabled:remhelp"
"C:\Remote Helpdesk\remhelpc.exe"="C:\Remote Helpdesk\remhelpc.exe:*:Enabled:remhelpc"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Common Files\AOL\1129312077\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1129312077\ee\aolsoftware.exe:*:Enabled:AOL Services"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\Program Files\Common Files\AOL\1129312077\EE\aim6.exe"="C:\Program Files\Common Files\AOL\1129312077\EE\aim6.exe:*:Enabled:AIM"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"E:\setup\HPZnet01.exe"="E:\setup\HPZnet01.exe:*:Enabled:hpznet01.exe"
"E:\setup\HPONICIFS01.EXE"="E:\setup\HPONICIFS01.EXE:*:Enabled:hponicifs01.exe"
"C:\temp\HP_WebRelease\setup\HPZnet01.exe"="C:\temp\HP_WebRelease\setup\HPZnet01.exe:*:Enabled:hpznet01.exe"
"C:\temp\HP_WebRelease\setup\hponicifs01.exe"="C:\temp\HP_WebRelease\setup\hponicifs01.exe:*:Enabled:hponicifs01.exe"
"C:\Program Files\HP\Digital Imaging\BIN\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\BIN\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\BIN\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\BIN\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\UltraVNC\vncviewer.exe"="C:\Program Files\UltraVNC\vncviewer.exe:*:Enabled:vncviewer.exe"
"C:\Program Files\IncrediMail\bin\ImApp.exe"="C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\WINDOWS\EXPLORER.EXE"="C:\WINDOWS\EXPLORER.EXE:*:Enabled:Explorer"
"C:\WINDOWS\System32\logonui.exe"="C:\WINDOWS\System32\logonui.exe:*:Enabled:logonui"
"C:\WINDOWS\System32\WINLOGON.EXE"="C:\WINDOWS\System32\WINLOGON.EXE:*:Enabled:winlogon"
"C:\WINDOWS\System32\taskmgr.exe"="C:\WINDOWS\System32\taskmgr.exe:*:Enabled:taskmgr"
"C:\Program Files\AVG\AVG8\AVGWDSVC.EXE"="C:\Program Files\AVG\AVG8\AVGWDSVC.EXE:*:Enabled:avgwdsvc"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c9feea8-cc52-11db-8045-0014a41e6ce0}]
shell\AutoRun\command - F:\Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{440f230c-641c-11dd-9031-00166fa1df7f}]
shell\AutoRun\command - G:\.\MigWiz\migsetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{75b09164-dcbb-11db-8062-0014a41e6ce0}]
shell\AutoRun\command - F:\Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bfcde31c-e27f-11dc-8212-0014a41e6c18}]
shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d069cf01-c72a-11da-86b1-0014a428fd60}]
shell\AutoRun\command - F:\SETUP.EXE


======File associations======

.js - edit -
.js - open -

======List of files/folders created in the last 3 months======

2009-01-06 00:13:30 ----D---- C:\rsit
2009-01-05 23:34:02 ----D---- C:\Documents and Settings\rtinsky\Application Data\Malwarebytes
2009-01-05 23:33:54 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-05 23:33:54 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-01-05 23:31:25 ----SH---- C:\WINDOWS\system32\luyenofe.dll
2009-01-05 23:31:25 ----SH---- C:\WINDOWS\system32\kemaniwu.dll
2009-01-02 23:10:39 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-02 22:56:47 ----A---- C:\WINDOWS\ntbtlog.txt
2009-01-02 21:38:48 ----SHD---- C:\FOUND.001
2008-12-27 17:14:28 ----SH---- C:\WINDOWS\system32\ihevebom.ini
2008-12-27 00:05:19 ----SH---- C:\WINDOWS\system32\usalivek.ini
2008-12-26 05:33:08 ----SH---- C:\WINDOWS\system32\anuvobov.ini
2008-12-25 15:28:00 ----SH---- C:\WINDOWS\system32\odakujum.ini
2008-12-25 02:27:36 ----SH---- C:\WINDOWS\system32\eletereg.ini
2008-12-24 14:27:24 ----SH---- C:\WINDOWS\system32\ihotagug.ini
2008-12-24 02:27:12 ----SH---- C:\WINDOWS\system32\epodowan.ini
2008-12-23 17:03:21 ----D---- C:\Documents and Settings\rtinsky\Application Data\Cat's Eye Games
2008-12-23 17:02:37 ----D---- C:\Program Files\The Hidden Prophecies of Nostradamus
2008-12-23 15:51:44 ----D---- C:\Documents and Settings\All Users\Application Data\AdventureChronicles1
2008-12-23 15:50:57 ----D---- C:\Program Files\Adventure Chronicles - The Search for Lost Treasure
2008-12-23 14:33:10 ----D---- C:\Documents and Settings\All Users\Application Data\PlayPond
2008-12-23 13:25:15 ----SH---- C:\WINDOWS\system32\enelojob.ini
2008-12-23 13:17:53 ----D---- C:\Documents and Settings\rtinsky\Application Data\Games
2008-12-20 22:24:47 ----D---- C:\Documents and Settings\rtinsky\Application Data\Pogo Games
2008-12-20 00:09:26 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-19 22:45:37 ----D---- C:\Program Files\Amazing_Finds
2008-12-19 21:29:05 ----D---- C:\Program Files\Nocturnal - Boston Nightfall
2008-12-19 18:47:29 ----D---- C:\Documents and Settings\rtinsky\Application Data\Shape games
2008-12-19 17:33:59 ----D---- C:\Program Files\Gourmania
2008-12-19 12:55:02 ----D---- C:\Documents and Settings\rtinsky\Application Data\Gold Casual Games
2008-12-19 12:55:02 ----D---- C:\Documents and Settings\All Users\Application Data\Gold Casual Games
2008-12-19 07:41:07 ----A---- C:\WINDOWS\system32\muweb.dll
2008-12-18 23:42:58 ----SHD---- C:\FOUND.000
2008-12-18 17:44:58 ----D---- C:\Documents and Settings\rtinsky\Application Data\cerasus.media
2008-12-18 16:08:30 ----D---- C:\Documents and Settings\All Users\Application Data\ERS G-Studio
2008-12-18 16:04:05 ----D---- C:\Program Files\Steve The Sheriff
2008-12-18 15:37:34 ----SH---- C:\WINDOWS\system32\ipogirut.ini
2008-12-18 00:41:44 ----A---- C:\MsiZapU.exe
2008-12-17 23:25:45 ----D---- C:\Program Files\Trend Micro
2008-12-17 15:36:58 ----SH---- C:\WINDOWS\system32\ekuyevuk.ini
2008-12-17 02:50:49 ----SH---- C:\WINDOWS\system32\ufejovol.ini
2008-12-16 22:07:17 ----D---- C:\Documents and Settings\rtinsky\Application Data\Artogon
2008-12-16 22:05:03 ----D---- C:\Program Files\Treasure Seekers - Visions of Gold
2008-12-16 19:07:59 ----D---- C:\Documents and Settings\rtinsky\Application Data\Friday's games
2008-12-16 15:50:22 ----D---- C:\Program Files\Hidden Mysteries - Buckingham Palace
2008-12-16 14:19:58 ----SH---- C:\WINDOWS\system32\ofupiyup.ini
2008-12-16 02:20:55 ----HD---- C:\$AVG8.VAULT$
2008-12-16 02:19:54 ----SH---- C:\WINDOWS\system32\omihibuy.ini
2008-12-15 21:17:12 ----D---- C:\Documents and Settings\All Users\Application Data\Alawar Stargaze
2008-12-15 13:38:36 ----SH---- C:\WINDOWS\system32\ilufogot.ini
2008-12-15 01:38:54 ----SH---- C:\WINDOWS\system32\omalazoy.ini
2008-12-14 13:37:14 ----SH---- C:\WINDOWS\system32\etutimid.ini
2008-12-13 20:33:15 ----SH---- C:\WINDOWS\system32\ipijewak.ini
2008-12-12 23:01:55 ----D---- C:\Documents and Settings\All Users\Application Data\Playrix Entertainment
2008-12-10 14:22:15 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2008-12-10 14:21:59 ----D---- C:\Program Files\AVG
2008-12-10 10:48:04 ----D---- C:\Documents and Settings\All Users\Application Data\Avg8
2008-11-28 21:52:30 ----D---- C:\Program Files\CCleaner
2008-11-24 12:25:34 ----D---- C:\Documents and Settings\rtinsky\Application Data\Creative
2008-11-24 12:11:34 ----D---- C:\Documents and Settings\All Users\Application Data\Creative
2008-11-24 12:09:28 ----HD---- C:\Documents and Settings\All Users\Application Data\{7A246771-272C-415B-B2AB-AE698ADB7EEB}
2008-11-24 12:09:04 ----N---- C:\WINDOWS\Ctregrun.exe
2008-11-24 12:08:59 ----N---- C:\WINDOWS\system32\CTSVCCTL.EXE
2008-11-24 12:08:59 ----N---- C:\WINDOWS\system32\CTSVCCDA.EXE
2008-11-24 12:08:56 ----D---- C:\Program Files\Creative
2008-11-20 17:38:07 ----D---- C:\Documents and Settings\All Users\Application Data\MumboJumbo
2008-11-18 22:51:59 ----D---- C:\Documents and Settings\rtinsky\Application Data\Mushroom Age
2008-11-16 01:01:23 ----D---- C:\Program Files\Shockwave.com
2008-11-15 23:36:07 ----D---- C:\Documents and Settings\All Users\Application Data\IM
2008-11-15 23:34:16 ----D---- C:\Program Files\IncrediMail
2008-11-15 23:34:16 ----D---- C:\Documents and Settings\All Users\Application Data\IncrediMail
2008-11-15 23:07:07 ----D---- C:\Program Files\AWS
2008-11-15 23:07:07 ----D---- C:\Documents and Settings\rtinsky\Application Data\WeatherBug

======List of files/folders modified in the last 3 months======

2009-01-05 23:34:20 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-13 01:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-11 12:34:14 ----A---- C:\WINDOWS\win.ini
2008-11-15 16:15:26 ----A---- C:\YServer.txt
2008-11-15 15:53:20 ----A---- C:\WINDOWS\ModemLog_SoftV90 Data Fax Modem with SmartCP.txt
2008-11-15 15:47:12 ----A---- C:\ioSpecial.ini
2008-10-23 07:36:14 ----A---- C:\WINDOWS\system32\gdi32.dll
2008-10-23 05:07:00 ----N---- C:\WINDOWS\system32\tzchange.exe
2008-10-16 15:38:40 ----A---- C:\WINDOWS\system32\wininet.dll
2008-10-16 15:38:40 ----A---- C:\WINDOWS\system32\webcheck.dll
2008-10-16 15:38:40 ----A---- C:\WINDOWS\system32\urlmon.dll
2008-10-16 15:38:40 ----A---- C:\WINDOWS\system32\url.dll
2008-10-16 15:38:40 ----A---- C:\WINDOWS\system32\pngfilt.dll
2008-10-16 15:38:40 ----A---- C:\WINDOWS\system32\occache.dll
2008-10-16 15:38:40 ----A---- C:\WINDOWS\system32\mstime.dll
2008-10-16 15:38:38 ----A---- C:\WINDOWS\system32\msrating.dll
2008-10-16 15:38:38 ----A---- C:\WINDOWS\system32\mshtmled.dll
2008-10-16 15:38:38 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2008-10-16 15:38:38 ----A---- C:\WINDOWS\system32\msfeeds.dll
2008-10-16 15:38:38 ----A---- C:\WINDOWS\system32\jsproxy.dll
2008-10-16 15:38:38 ----A---- C:\WINDOWS\system32\iertutil.dll
2008-10-16 15:38:38 ----A---- C:\WINDOWS\system32\iernonce.dll
2008-10-16 15:38:38 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-10-16 15:38:36 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2008-10-16 15:38:36 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2008-10-16 15:38:36 ----A---- C:\WINDOWS\system32\ieaksie.dll
2008-10-16 15:38:36 ----A---- C:\WINDOWS\system32\ieakeng.dll
2008-10-16 15:38:36 ----A---- C:\WINDOWS\system32\icardie.dll
2008-10-16 15:38:36 ----A---- C:\WINDOWS\system32\extmgr.dll
2008-10-16 15:38:34 ----A---- C:\WINDOWS\system32\dxtrans.dll
2008-10-16 15:38:34 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2008-10-16 15:38:34 ----A---- C:\WINDOWS\system32\advpack.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-10-16 14:12:22 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-10-16 14:12:20 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wups2.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\cdm.dll
2008-10-16 14:09:40 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-10-16 14:08:58 ----A---- C:\WINDOWS\system32\wups.dll
2008-10-16 14:07:44 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-10-16 14:07:14 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-10-16 08:11:10 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2008-10-15 11:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-15 02:04:54 ----A---- C:\WINDOWS\system32\ieakui.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-12-10 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-12-10 26824]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 prodrv04;Star Force copy protection driver v4; C:\WINDOWS\System32\drivers\prodrv04.sys [2007-04-16 114496]
R1 sdcplh;sdcplh; C:\WINDOWS\System32\drivers\sdcplh.sys [2005-08-16 40576]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-12-10 76040]
R2 EpmPsd;Acer EPM Power Scheme Driver; \??\C:\WINDOWS\system32\drivers\epm-psd.sys []
R2 EpmShd;Acer EPM System Hardware Driver; \??\C:\WINDOWS\system32\drivers\epm-shd.sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-04-19 2317504]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-01-23 804317]
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2005-06-16 6144]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-12-05 10368]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2008-02-25 105088]
R3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 w29n51;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2004-10-29 3222784]
S2 osaio;osaio; C:\WINDOWS\system32\drivers\osaio.sys []
S2 osanbm;osanbm; C:\WINDOWS\system32\drivers\osanbm.sys []
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
S3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2004-12-22 369024]
S3 cc715239-7eee-4ef8-8bcd-14f3622033bf;cc715239-7eee-4ef8-8bcd-14f3622033bf; \??\E:\CDS300\cds300.dll []
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 fixustor;fixustor; C:\WINDOWS\system32\drivers\fixustor.sys [2003-08-21 6016]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-03-07 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-03-07 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-03-07 21744]
S3 int15.sys;int15.sys; \??\C:\Program Files\acer\eRecovery\int15.sys []
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
S3 NSCIRDA;NSC Infrared Device Driver; C:\WINDOWS\system32\DRIVERS\nscirda.sys [2008-04-14 28672]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\NSNDIS5.SYS []
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys []
S3 PCANDIS5;PCANDIS5 Protocol Driver; \??\C:\PROGRA~1\Tranzeo\TR-CPE\PCANDIS5.SYS []
S3 PortlUSB;PortlUSB; C:\WINDOWS\system32\DRIVERS\SiriusUSB.sys []
S3 POWERKEY;POWERKEY; \??\C:\Program Files\Launch Manager\POWERKEY.sys []
S3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 vncdrv;vncdrv; C:\WINDOWS\system32\DRIVERS\vncdrv.sys [2004-06-26 4736]
S3 WLAN;802.11b Wireless LAN Driver; C:\WINDOWS\system32\DRIVERS\WLANNDS.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys []
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-12-10 875288]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-12-10 231704]
R2 CTDevice_Srv;CT Device Query service; C:\Program Files\Creative\Shared Files\CTDevSrv.exe [2007-04-02 61440]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]
S2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-13 44032]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]
S4 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.05 2009-01-06 00:14:02

======Uninstall list======

-->"C:\Documents and Settings\All Users\Application Data\{7A246771-272C-415B-B2AB-AE698ADB7EEB}\setup.exe" REMOVE=TRUE MODIFY=FALSE
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Acer Inc.\Acer English Online Help Creator\Uninst.isu"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1A99CB37-AEB0-492F-A85A-8A2536D22393}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player-->C:\WINDOWS\system32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\MACROMED\SHOCKW~1\INSTALL.LOG
Advanced IP Scanner v1.1-->C:\Program Files\Advanced IP Scanner\uninstal.exe
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Big Fish Games Client-->C:\Program Files\bfgclient\Uninstall.exe
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Creative Media Lite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1A99CB37-AEB0-492F-A85A-8A2536D22393}\setup.exe" -l0x9 /remove
Creative Software Update-->C:\Documents and Settings\All Users\Application Data\{7A246771-272C-415B-B2AB-AE698ADB7EEB}\setup.exe
GdiplusUpgrade-->MsiExec.exe /I{5421155F-B033-49DB-9B33-8F80F233D4D5}
HighMAT Extension to Microsoft Windows XP CD Writing Wizard-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
HP PSC & OfficeJet 5.3.A-->"C:\Program Files\HP\Digital Imaging\{3E386744-10FA-44b2-98C9-DF7A270DECB3}\setup\hpzscr01.exe" -datfile hposcr06.dat
HP PSC & OfficeJet 5.3.A-->"C:\Program Files\HP\Digital Imaging\{5544807E-896D-4585-84FF-60763E5BC022}\setup\hpzscr01.exe" -datfile hposcr06.dat
IncrediMail-->C:\Program Files\IncrediMail\bin\ImSetup.exe /remove /addon:IncrediMail /log:IncMail.log
Intel® Graphics Media Accelerator Driver for Mobile-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592
Intel® PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
J2SE Runtime Environment 5.0 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Macromedia Contribute 3.11-->MsiExec.exe /I{4B9535BF-CC90-4158-AF32-CAF57A8820CA}
Macromedia Extension Manager-->MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Flash 8 Video Encoder-->MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
Macromedia Flash 8-->MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
mDriver-->MsiExec.exe /I{28DA872A-0848-48CF-B749-19A198157A2A}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Web Publishing Wizard 1.52-->RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall
MSN Messenger 7.5-->MsiExec.exe /I{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
QuickTime-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{929408E6-D265-4174-805F-81D1D914E2A4} /l1033
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
RW-NMS 1.1.18-->"C:\Program Files\RW-NMS\unins000.exe"
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Super Text Twist®-->C:\PROGRA~1\SHOCKW~1.COM\SUPERT~1\UNWISE.EXE C:\PROGRA~1\SHOCKW~1.COM\SUPERT~1\INSTALL.LOG
UltraVNC 1.0.5-->"C:\Program Files\UltraVNC\unins001.exe"
WeatherBug-->MsiExec.exe /X{70DECFBF-9119-4434-B2D3-A3C283D15E45}
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Defender Signatures-->MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}

=====HijackThis Backups=====

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {8ca65119-aabe-495b-8821-e2c77ca74b7a} - C:\WINDOWS\system32\hirisaki.dll
O2 - BHO: (no name) - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - (no file)
O4 - HKLM\..\Run: [dahogusomi] Rundll32.exe "C:\WINDOWS\system32\getaviwi.dll",s
O4 - HKLM\..\Run: [CPM165a20e4] Rundll32.exe "c:\windows\system32\nosamoti.dll",a
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1218075430953
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Azada/Images/armhelper.ocx
O20 - AppInit_DLLs: avgrsstx.dll C:\WINDOWS\system32\tugoheri.dll C:\WINDOWS\system32\zivohoji.dll c:\windows\system32\nosamoti.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\nosamoti.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\nosamoti.dll
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: (no name) - {8ca65119-aabe-495b-8821-e2c77ca74b7a} - C:\WINDOWS\system32\hirisaki.dll (file missing)
O4 - HKLM\..\Run: [dahogusomi] Rundll32.exe "C:\WINDOWS\system32\getaviwi.dll",s
O4 - HKLM\..\Run: [15691378] rundll32.exe "C:\WINDOWS\system32\turigopi.dll",b
O4 - HKLM\..\Run: [CPM165a20e4] Rundll32.exe "c:\windows\system32\kotihuya.dll",a
O4 - HKCU\..\Run: [CTZDetec.exe] "C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe"
O4 - HKCU\..\Run: [SoftAuto.exe] "C:\Program Files\Creative\Software Update 3\SoftAuto.exe"
O4 - HKCU\..\Run: [97656369134929523241678679581699] C:\Program Files\Antivirus 2009\av2009.exe
O4 - HKCU\..\Run: [ieupdate] "C:\WINDOWS\system32\explorer32.exe"
O4 - HKUS\S-1-5-19\..\Run: [dahogusomi] Rundll32.exe "C:\WINDOWS\system32\getaviwi.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [dahogusomi] Rundll32.exe "C:\WINDOWS\system32\getaviwi.dll",s (User 'NETWORK SERVICE')
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\kotihuya.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\kotihuya.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O1 - Hosts: 208.122.87.142 www.shcc.k12.oh.us
O2 - BHO: (no name) - {8ca65119-aabe-495b-8821-e2c77ca74b7a} - C:\WINDOWS\system32\pebubolo.dll
O4 - HKLM\..\Run: [CPM165a20e4] Rundll32.exe "c:\windows\system32\jenanibi.dll",a
O4 - HKLM\..\Run: [dahogusomi] Rundll32.exe "C:\WINDOWS\system32\fohitoti.dll",s
O4 - HKUS\S-1-5-20\..\Run: [dahogusomi] Rundll32.exe "C:\WINDOWS\system32\fohitoti.dll",s (User 'NETWORK SERVICE')
O20 - AppInit_DLLs: c:\windows\system32\nosamoti.dll C:\WINDOWS\system32\ratebadi.dll c:\windows\system32\jenanibi.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\jenanibi.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\jenanibi.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O2 - BHO: (no name) - {8ca65119-aabe-495b-8821-e2c77ca74b7a} - C:\WINDOWS\system32\pebubolo.dll (file missing)
O4 - HKLM\..\Run: [CPM165a20e4] Rundll32.exe "c:\windows\system32\jenanibi.dll",a
O4 - HKLM\..\Run: [dahogusomi] Rundll32.exe "C:\WINDOWS\system32\fohitoti.dll",s
O4 - HKUS\S-1-5-20\..\Run: [dahogusomi] Rundll32.exe "C:\WINDOWS\system32\fohitoti.dll",s (User 'NETWORK SERVICE')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\ratebadi.dll c:\windows\system32\jenanibi.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\jenanibi.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\jenanibi.dll
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O2 - BHO: (no name) - {8ca65119-aabe-495b-8821-e2c77ca74b7a} - C:\WINDOWS\system32\pebubolo.dll (file missing)
O4 - HKLM\..\Run: [CPM165a20e4] Rundll32.exe "c:\windows\system32\jenanibi.dll",a
O4 - HKLM\..\Run: [dahogusomi] Rundll32.exe "C:\WINDOWS\system32\fohitoti.dll",s
O4 - HKUS\S-1-5-19\..\Run: [dahogusomi] Rundll32.exe "C:\WINDOWS\system32\fohitoti.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [dahogusomi] Rundll32.exe "C:\WINDOWS\system32\fohitoti.dll",s (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O20 - AppInit_DLLs: c:\windows\system32\jenanibi.dll,C:\WINDOWS\system32\ratebadi.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\jenanibi.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\jenanibi.dll

======Security center information======

AV: AVG Anti-Virus Free

System event log

Computer Name: LAPTOP1
Event Code: 4201
Message: The system detected that network adapter \DEVICE\TCPIP_{AE1AD104-90BD-4162-82B2-6CAE5A2E1BFC} was connected to the network,
and has initiated normal operation over the network adapter.

Record Number: 58684
Source Name: Tcpip
Time Written: 20081208153414.000000-300
Event Type: information
User:

Computer Name: LAPTOP1
Event Code: 4201
Message: The system detected that network adapter \DEVICE\TCPIP_{AE1AD104-90BD-4162-82B2-6CAE5A2E1BFC} was connected to the network,
and has initiated normal operation over the network adapter.

Record Number: 58683
Source Name: Tcpip
Time Written: 20081208151749.000000-300
Event Type: information
User:

Computer Name: LAPTOP1
Event Code: 59
Message: Generate Activation Context failed for C:\Program Files\IncrediMail\bin\MFC80U.DLL.
Reference error message: The operation completed successfully.
.

Record Number: 58682
Source Name: SideBySide
Time Written: 20081208145420.000000-300
Event Type: error
User:

Computer Name: LAPTOP1
Event Code: 59
Message: Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC.
Reference error message: The referenced assembly is not installed on your system.
.

Record Number: 58681
Source Name: SideBySide
Time Written: 20081208145420.000000-300
Event Type: error
User:

Computer Name: LAPTOP1
Event Code: 32
Message: Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last Error was The referenced assembly is not installed on your system.


Record Number: 58680
Source Name: SideBySide
Time Written: 20081208145420.000000-300
Event Type: error
User:

Application event log

Computer Name: LAPTOP1
Event Code: 11729
Message: Product: Microsoft Office Professional Edition 2003 -- Configuration failed.

Record Number: 9357
Source Name: MsiInstaller
Time Written: 20081128001452.000000-300
Event Type: information
User: LAPTOP1\rtinsky

Computer Name: LAPTOP1
Event Code: 1024
Message: Product: Microsoft Office Professional Edition 2003 - Update 'Security Update for Publisher 2003 (KB894542): MSPUB' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Record Number: 9356
Source Name: MsiInstaller
Time Written: 20081128001452.000000-300
Event Type: error
User: LAPTOP1\rtinsky

Computer Name: LAPTOP1
Event Code: 11311
Message: Product: Microsoft Office Professional Edition 2003 -- Error 1311. Source file not found(cabinet): D:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\PA561401.CAB. Verify that the file exists and that you can access it.

Record Number: 9355
Source Name: MsiInstaller
Time Written: 20081128001452.000000-300
Event Type: error
User: LAPTOP1\rtinsky

Computer Name: LAPTOP1
Event Code: 11729
Message: Product: Microsoft Office Professional Edition 2003 -- Configuration failed.

Record Number: 9354
Source Name: MsiInstaller
Time Written: 20081128001445.000000-300
Event Type: information
User: LAPTOP1\rtinsky

Computer Name: LAPTOP1
Event Code: 1024
Message: Product: Microsoft Office Professional Edition 2003 - Update 'Update for Outlook 2003: Junk E-mail Filter (KB957832): OUTLFLTR' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Record Number: 9353
Source Name: MsiInstaller
Time Written: 20081128001445.000000-300
Event Type: error
User: LAPTOP1\rtinsky

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0d08
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip

-----------------EOF-----------------

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-01-06 00:22:44
Windows 5.1.2600 Service Pack 3


---- Kernel code sections - GMER 1.0.14 ----

? nrhibs.sys The system cannot find the file specified. !

---- Devices - GMER 1.0.14 ----

Device \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\prodrv04 \Device\ProDrv04 8629A730
Device \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\atapi \Device\Ide\IdePort0 sdcplh.sys
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 sdcplh.sys
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c sdcplh.sys
Device \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\Tcpip \Device\IPMULTICAST avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.14 ----

#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:05:59 AM

Posted 06 January 2009 - 02:00 AM

Please download JavaRa to your desktop and unzip it to its own folder. <<MIRROR>>
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
Then, please download and install the latest Java from HERE



NEXT


Please download the OTMoveIt3 by OldTimer
  • Save it to your Desktop.
  • Please double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Let the Unregister Dll's and Ocx's remain ticked and Zip Files After Moves remain unticked..
  • Copy the codebox contents and paste it to the "Paste List of Files/Folders to Move" window (under the light Yellow bar)


    :processes
    explorer.exe
    
    :files
    C:\WINDOWS\system32\tugoheri.dll
    C:\WINDOWS\system32\luyenofe.dll
    C:\WINDOWS\system32\kemaniwu.dll
    C:\WINDOWS\system32\ihevebom.ini
    C:\WINDOWS\system32\usalivek.ini
    C:\WINDOWS\system32\anuvobov.ini
    C:\WINDOWS\system32\odakujum.ini
    C:\WINDOWS\system32\eletereg.ini
    C:\WINDOWS\system32\ihotagug.ini
    C:\WINDOWS\system32\epodowan.ini
    C:\WINDOWS\system32\enelojob.ini
    C:\WINDOWS\system32\ipogirut.ini
    C:\WINDOWS\system32\ekuyevuk.ini
    C:\WINDOWS\system32\ufejovol.ini
    C:\WINDOWS\system32\ofupiyup.ini
    C:\WINDOWS\system32\omihibuy.ini
    C:\WINDOWS\system32\ilufogot.ini
    C:\WINDOWS\system32\omalazoy.ini
    C:\WINDOWS\system32\etutimid.ini
    C:\WINDOWS\system32\ipijewak.ini
    
    :reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "Notification Packages"=hex(7):73,63,65,63,6c,69,00,00
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c9feea8-cc52-11db-8045-0014a41e6ce0}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{75b09164-dcbb-11db-8062-0014a41e6ce0}]
    
    :commands
    [purity]
    [emptytemp]
    [start explorer]
    [reboot]

  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Run RSIT again.. Post these logs in your next reply..

1. OTMoveIt3
2. RSIT log.txt

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 rtinsky

rtinsky
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:59 PM

Posted 06 January 2009 - 06:42 PM

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
File/Folder C:\WINDOWS\system32\tugoheri.dll not found.
LoadLibrary failed for C:\WINDOWS\system32\luyenofe.dll
C:\WINDOWS\system32\luyenofe.dll NOT unregistered.
C:\WINDOWS\system32\luyenofe.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\kemaniwu.dll
C:\WINDOWS\system32\kemaniwu.dll NOT unregistered.
C:\WINDOWS\system32\kemaniwu.dll moved successfully.
C:\WINDOWS\system32\ihevebom.ini moved successfully.
C:\WINDOWS\system32\usalivek.ini moved successfully.
C:\WINDOWS\system32\anuvobov.ini moved successfully.
C:\WINDOWS\system32\odakujum.ini moved successfully.
C:\WINDOWS\system32\eletereg.ini moved successfully.
C:\WINDOWS\system32\ihotagug.ini moved successfully.
C:\WINDOWS\system32\epodowan.ini moved successfully.
C:\WINDOWS\system32\enelojob.ini moved successfully.
C:\WINDOWS\system32\ipogirut.ini moved successfully.
C:\WINDOWS\system32\ekuyevuk.ini moved successfully.
C:\WINDOWS\system32\ufejovol.ini moved successfully.
C:\WINDOWS\system32\ofupiyup.ini moved successfully.
C:\WINDOWS\system32\omihibuy.ini moved successfully.
C:\WINDOWS\system32\ilufogot.ini moved successfully.
C:\WINDOWS\system32\omalazoy.ini moved successfully.
C:\WINDOWS\system32\etutimid.ini moved successfully.
C:\WINDOWS\system32\ipijewak.ini moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\"Notification Packages"|hex(7):73,63,65,63,6c,69,00,00 /E : value set successfully!
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c9feea8-cc52-11db-8045-0014a41e6ce0}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{75b09164-dcbb-11db-8062-0014a41e6ce0}\\ deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\Τаsks moved successfully.
C:\WINDOWS\system32\ΑрpPatch moved successfully.
C:\WINDOWS\system32\Μіcrosoft moved successfully.
C:\Program Files\Оracle moved successfully.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_954.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01062009_183209

Files moved on Reboot...
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_954.dat not found!



info.txt logfile of random's system information tool 1.05 2009-01-06 00:14:02

======Uninstall list======

-->"C:\Documents and Settings\All Users\Application Data\{7A246771-272C-415B-B2AB-AE698ADB7EEB}\setup.exe" REMOVE=TRUE MODIFY=FALSE
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Acer Inc.\Acer English Online Help Creator\Uninst.isu"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1A99CB37-AEB0-492F-A85A-8A2536D22393}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player-->C:\WINDOWS\system32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\MACROMED\SHOCKW~1\INSTALL.LOG
Advanced IP Scanner v1.1-->C:\Program Files\Advanced IP Scanner\uninstal.exe
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Big Fish Games Client-->C:\Program Files\bfgclient\Uninstall.exe
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Creative Media Lite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1A99CB37-AEB0-492F-A85A-8A2536D22393}\setup.exe" -l0x9 /remove
Creative Software Update-->C:\Documents and Settings\All Users\Application Data\{7A246771-272C-415B-B2AB-AE698ADB7EEB}\setup.exe
GdiplusUpgrade-->MsiExec.exe /I{5421155F-B033-49DB-9B33-8F80F233D4D5}
HighMAT Extension to Microsoft Windows XP CD Writing Wizard-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
HP PSC & OfficeJet 5.3.A-->"C:\Program Files\HP\Digital Imaging\{3E386744-10FA-44b2-98C9-DF7A270DECB3}\setup\hpzscr01.exe" -datfile hposcr06.dat
HP PSC & OfficeJet 5.3.A-->"C:\Program Files\HP\Digital Imaging\{5544807E-896D-4585-84FF-60763E5BC022}\setup\hpzscr01.exe" -datfile hposcr06.dat
IncrediMail-->C:\Program Files\IncrediMail\bin\ImSetup.exe /remove /addon:IncrediMail /log:IncMail.log
Intel® Graphics Media Accelerator Driver for Mobile-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592
Intel® PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
J2SE Runtime Environment 5.0 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Macromedia Contribute 3.11-->MsiExec.exe /I{4B9535BF-CC90-4158-AF32-CAF57A8820CA}
Macromedia Extension Manager-->MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Flash 8 Video Encoder-->MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
Macromedia Flash 8-->MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
mDriver-->MsiExec.exe /I{28DA872A-0848-48CF-B749-19A198157A2A}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Web Publishing Wizard 1.52-->RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall
MSN Messenger 7.5-->MsiExec.exe /I{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
QuickTime-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{929408E6-D265-4174-805F-81D1D914E2A4} /l1033
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
RW-NMS 1.1.18-->"C:\Program Files\RW-NMS\unins000.exe"
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Super Text Twist®-->C:\PROGRA~1\SHOCKW~1.COM\SUPERT~1\UNWISE.EXE C:\PROGRA~1\SHOCKW~1.COM\SUPERT~1\INSTALL.LOG
UltraVNC 1.0.5-->"C:\Program Files\UltraVNC\unins001.exe"
WeatherBug-->MsiExec.exe /X{70DECFBF-9119-4434-B2D3-A3C283D15E45}
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Defender Signatures-->MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}

=====HijackThis Backups=====

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {8ca65119-aabe-495b-8821-e2c77ca74b7a} - C:\WINDOWS\system32\hirisaki.dll
O2 - BHO: (no name) - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - (no file)
O4 - HKLM\..\Run: [dahogusomi] Rundll32.exe "C:\WINDOWS\system32\getaviwi.dll",s
O4 - HKLM\..\Run: [CPM165a20e4] Rundll32.exe "c:\windows\system32\nosamoti.dll",a
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1218075430953
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Azada/Images/armhelper.ocx
O20 - AppInit_DLLs: avgrsstx.dll C:\WINDOWS\system32\tugoheri.dll C:\WINDOWS\system32\zivohoji.dll c:\windows\system32\nosamoti.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\nosamoti.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\nosamoti.dll
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: (no name) - {8ca65119-aabe-495b-8821-e2c77ca74b7a} - C:\WINDOWS\system32\hirisaki.dll (file missing)
O4 - HKLM\..\Run: [dahogusomi] Rundll32.exe "C:\WINDOWS\system32\getaviwi.dll",s
O4 - HKLM\..\Run: [15691378] rundll32.exe "C:\WINDOWS\system32\turigopi.dll",b
O4 - HKLM\..\Run: [CPM165a20e4] Rundll32.exe "c:\windows\system32\kotihuya.dll",a
O4 - HKCU\..\Run: [CTZDetec.exe] "C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe"
O4 - HKCU\..\Run: [SoftAuto.exe] "C:\Program Files\Creative\Software Update 3\SoftAuto.exe"
O4 - HKCU\..\Run: [97656369134929523241678679581699] C:\Program Files\Antivirus 2009\av2009.exe
O4 - HKCU\..\Run: [ieupdate] "C:\WINDOWS\system32\explorer32.exe"
O4 - HKUS\S-1-5-19\..\Run: [dahogusomi] Rundll32.exe "C:\WINDOWS\system32\getaviwi.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [dahogusomi] Rundll32.exe "C:\WINDOWS\system32\getaviwi.dll",s (User 'NETWORK SERVICE')
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\kotihuya.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\kotihuya.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O1 - Hosts: 208.122.87.142 www.shcc.k12.oh.us
O2 - BHO: (no name) - {8ca65119-aabe-495b-8821-e2c77ca74b7a} - C:\WINDOWS\system32\pebubolo.dll
O4 - HKLM\..\Run: [CPM165a20e4] Rundll32.exe "c:\windows\system32\jenanibi.dll",a
O4 - HKLM\..\Run: [dahogusomi] Rundll32.exe "C:\WINDOWS\system32\fohitoti.dll",s
O4 - HKUS\S-1-5-20\..\Run: [dahogusomi] Rundll32.exe "C:\WINDOWS\system32\fohitoti.dll",s (User 'NETWORK SERVICE')
O20 - AppInit_DLLs: c:\windows\system32\nosamoti.dll C:\WINDOWS\system32\ratebadi.dll c:\windows\system32\jenanibi.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\jenanibi.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\jenanibi.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O2 - BHO: (no name) - {8ca65119-aabe-495b-8821-e2c77ca74b7a} - C:\WINDOWS\system32\pebubolo.dll (file missing)
O4 - HKLM\..\Run: [CPM165a20e4] Rundll32.exe "c:\windows\system32\jenanibi.dll",a
O4 - HKLM\..\Run: [dahogusomi] Rundll32.exe "C:\WINDOWS\system32\fohitoti.dll",s
O4 - HKUS\S-1-5-20\..\Run: [dahogusomi] Rundll32.exe "C:\WINDOWS\system32\fohitoti.dll",s (User 'NETWORK SERVICE')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\ratebadi.dll c:\windows\system32\jenanibi.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\jenanibi.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\jenanibi.dll
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O2 - BHO: (no name) - {8ca65119-aabe-495b-8821-e2c77ca74b7a} - C:\WINDOWS\system32\pebubolo.dll (file missing)
O4 - HKLM\..\Run: [CPM165a20e4] Rundll32.exe "c:\windows\system32\jenanibi.dll",a
O4 - HKLM\..\Run: [dahogusomi] Rundll32.exe "C:\WINDOWS\system32\fohitoti.dll",s
O4 - HKUS\S-1-5-19\..\Run: [dahogusomi] Rundll32.exe "C:\WINDOWS\system32\fohitoti.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [dahogusomi] Rundll32.exe "C:\WINDOWS\system32\fohitoti.dll",s (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O20 - AppInit_DLLs: c:\windows\system32\jenanibi.dll,C:\WINDOWS\system32\ratebadi.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\jenanibi.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\jenanibi.dll

======Security center information======

AV: AVG Anti-Virus Free

System event log

Computer Name: LAPTOP1
Event Code: 4201
Message: The system detected that network adapter \DEVICE\TCPIP_{AE1AD104-90BD-4162-82B2-6CAE5A2E1BFC} was connected to the network,
and has initiated normal operation over the network adapter.

Record Number: 58684
Source Name: Tcpip
Time Written: 20081208153414.000000-300
Event Type: information
User:

Computer Name: LAPTOP1
Event Code: 4201
Message: The system detected that network adapter \DEVICE\TCPIP_{AE1AD104-90BD-4162-82B2-6CAE5A2E1BFC} was connected to the network,
and has initiated normal operation over the network adapter.

Record Number: 58683
Source Name: Tcpip
Time Written: 20081208151749.000000-300
Event Type: information
User:

Computer Name: LAPTOP1
Event Code: 59
Message: Generate Activation Context failed for C:\Program Files\IncrediMail\bin\MFC80U.DLL.
Reference error message: The operation completed successfully.
.

Record Number: 58682
Source Name: SideBySide
Time Written: 20081208145420.000000-300
Event Type: error
User:

Computer Name: LAPTOP1
Event Code: 59
Message: Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC.
Reference error message: The referenced assembly is not installed on your system.
.

Record Number: 58681
Source Name: SideBySide
Time Written: 20081208145420.000000-300
Event Type: error
User:

Computer Name: LAPTOP1
Event Code: 32
Message: Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last Error was The referenced assembly is not installed on your system.


Record Number: 58680
Source Name: SideBySide
Time Written: 20081208145420.000000-300
Event Type: error
User:

Application event log

Computer Name: LAPTOP1
Event Code: 11729
Message: Product: Microsoft Office Professional Edition 2003 -- Configuration failed.

Record Number: 9357
Source Name: MsiInstaller
Time Written: 20081128001452.000000-300
Event Type: information
User: LAPTOP1\rtinsky

Computer Name: LAPTOP1
Event Code: 1024
Message: Product: Microsoft Office Professional Edition 2003 - Update 'Security Update for Publisher 2003 (KB894542): MSPUB' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Record Number: 9356
Source Name: MsiInstaller
Time Written: 20081128001452.000000-300
Event Type: error
User: LAPTOP1\rtinsky

Computer Name: LAPTOP1
Event Code: 11311
Message: Product: Microsoft Office Professional Edition 2003 -- Error 1311. Source file not found(cabinet): D:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\PA561401.CAB. Verify that the file exists and that you can access it.

Record Number: 9355
Source Name: MsiInstaller
Time Written: 20081128001452.000000-300
Event Type: error
User: LAPTOP1\rtinsky

Computer Name: LAPTOP1
Event Code: 11729
Message: Product: Microsoft Office Professional Edition 2003 -- Configuration failed.

Record Number: 9354
Source Name: MsiInstaller
Time Written: 20081128001445.000000-300
Event Type: information
User: LAPTOP1\rtinsky

Computer Name: LAPTOP1
Event Code: 1024
Message: Product: Microsoft Office Professional Edition 2003 - Update 'Update for Outlook 2003: Junk E-mail Filter (KB957832): OUTLFLTR' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Record Number: 9353
Source Name: MsiInstaller
Time Written: 20081128001445.000000-300
Event Type: error
User: LAPTOP1\rtinsky

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0d08
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip

-----------------EOF-----------------


Logfile of random's system information tool 1.05 (written by random/random)
Run by rtinsky at 2009-01-06 18:35:57
Microsoft Windows XP Professional Service Pack 3
System drive C: has 16 GB (60%) free of 27 GB
Total RAM: 1014 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:36:13 PM, on 1/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Documents and Settings\rtinsky\Desktop\Fix\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\rtinsky.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.csaccess.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Computer Solutions 937-444-2178
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKUS\S-1-5-19\..\Run: [dahogusomi] Rundll32.exe "C:\WINDOWS\system32\fohitoti.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [dahogusomi] Rundll32.exe "C:\WINDOWS\system32\fohitoti.dll",s (User 'NETWORK SERVICE')
O15 - Trusted Zone: http://download.windowsupdate.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{16104532-958C-45D0-8C81-B2889F2407F0}: NameServer = 209.251.2.100
O17 - HKLM\System\CCS\Services\Tcpip\..\{DA35D4FA-B58F-4058-B000-22ADDB71C195}: NameServer = 209.251.2.100,209.251.2.101
O17 - HKLM\System\CS1\Services\Tcpip\..\{16104532-958C-45D0-8C81-B2889F2407F0}: NameServer = 209.251.2.100
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)

--
End of file - 4435 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\User_Feed_Synchronization-{E872D358-87C4-49FB-9FB1-B45311D05052}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-12-10 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-06 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-06 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-06 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-04-15 77824]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-12-10 1261336]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-01-06 136600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"IncrediMail"=C:\Program Files\IncrediMail\bin\IncMail.exe [2008-11-09 243072]
"Weather"=C:\Program Files\AWS\WeatherBug\Weather.exe [2007-08-29 1347584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2005-01-23 348160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\System32\usmt\migwiz.exe"="C:\WINDOWS\System32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Remote Helpdesk\remhelp.exe"="C:\Remote Helpdesk\remhelp.exe:*:Enabled:remhelp"
"C:\Remote Helpdesk\remhelpc.exe"="C:\Remote Helpdesk\remhelpc.exe:*:Enabled:remhelpc"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Common Files\AOL\1129312077\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1129312077\ee\aolsoftware.exe:*:Enabled:AOL Services"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\Program Files\Common Files\AOL\1129312077\EE\aim6.exe"="C:\Program Files\Common Files\AOL\1129312077\EE\aim6.exe:*:Enabled:AIM"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"E:\setup\HPZnet01.exe"="E:\setup\HPZnet01.exe:*:Enabled:hpznet01.exe"
"E:\setup\HPONICIFS01.EXE"="E:\setup\HPONICIFS01.EXE:*:Enabled:hponicifs01.exe"
"C:\temp\HP_WebRelease\setup\HPZnet01.exe"="C:\temp\HP_WebRelease\setup\HPZnet01.exe:*:Enabled:hpznet01.exe"
"C:\temp\HP_WebRelease\setup\hponicifs01.exe"="C:\temp\HP_WebRelease\setup\hponicifs01.exe:*:Enabled:hponicifs01.exe"
"C:\Program Files\HP\Digital Imaging\BIN\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\BIN\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\BIN\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\BIN\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\UltraVNC\vncviewer.exe"="C:\Program Files\UltraVNC\vncviewer.exe:*:Enabled:vncviewer.exe"
"C:\Program Files\IncrediMail\bin\ImApp.exe"="C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\WINDOWS\EXPLORER.EXE"="C:\WINDOWS\EXPLORER.EXE:*:Enabled:Explorer"
"C:\WINDOWS\System32\logonui.exe"="C:\WINDOWS\System32\logonui.exe:*:Enabled:logonui"
"C:\WINDOWS\System32\WINLOGON.EXE"="C:\WINDOWS\System32\WINLOGON.EXE:*:Enabled:winlogon"
"C:\WINDOWS\System32\taskmgr.exe"="C:\WINDOWS\System32\taskmgr.exe:*:Enabled:taskmgr"
"C:\Program Files\AVG\AVG8\AVGWDSVC.EXE"="C:\Program Files\AVG\AVG8\AVGWDSVC.EXE:*:Enabled:avgwdsvc"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{440f230c-641c-11dd-9031-00166fa1df7f}]
shell\AutoRun\command - E:\.\MigWiz\migsetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bfcde31c-e27f-11dc-8212-0014a41e6c18}]
shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d069cf01-c72a-11da-86b1-0014a428fd60}]
shell\AutoRun\command - F:\SETUP.EXE


======File associations======

.js - edit -
.js - open -

======List of files/folders created in the last 3 months======

2009-01-06 18:32:09 ----D---- C:\_OTMoveIt
2009-01-06 18:16:36 ----A---- C:\WINDOWS\system32\javaws.exe
2009-01-06 18:16:36 ----A---- C:\WINDOWS\system32\javaw.exe
2009-01-06 18:16:36 ----A---- C:\WINDOWS\system32\java.exe
2009-01-06 18:16:36 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-01-06 00:15:04 ----A---- C:\WINDOWS\gmer.ini
2009-01-06 00:15:03 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2009-01-06 00:15:03 ----A---- C:\WINDOWS\gmer.exe
2009-01-06 00:15:03 ----A---- C:\WINDOWS\gmer.dll
2009-01-06 00:13:30 ----D---- C:\rsit
2009-01-05 23:34:02 ----D---- C:\Documents and Settings\rtinsky\Application Data\Malwarebytes
2009-01-05 23:33:54 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-05 23:33:54 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-01-02 23:10:39 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-02 22:56:47 ----A---- C:\WINDOWS\ntbtlog.txt
2009-01-02 21:38:48 ----SHD---- C:\FOUND.001
2008-12-23 17:03:21 ----D---- C:\Documents and Settings\rtinsky\Application Data\Cat's Eye Games
2008-12-23 17:02:37 ----D---- C:\Program Files\The Hidden Prophecies of Nostradamus
2008-12-23 15:51:44 ----D---- C:\Documents and Settings\All Users\Application Data\AdventureChronicles1
2008-12-23 15:50:57 ----D---- C:\Program Files\Adventure Chronicles - The Search for Lost Treasure
2008-12-23 14:33:10 ----D---- C:\Documents and Settings\All Users\Application Data\PlayPond
2008-12-23 13:17:53 ----D---- C:\Documents and Settings\rtinsky\Application Data\Games
2008-12-20 22:24:47 ----D---- C:\Documents and Settings\rtinsky\Application Data\Pogo Games
2008-12-20 00:09:26 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-19 22:45:37 ----D---- C:\Program Files\Amazing_Finds
2008-12-19 21:29:05 ----D---- C:\Program Files\Nocturnal - Boston Nightfall
2008-12-19 18:47:29 ----D---- C:\Documents and Settings\rtinsky\Application Data\Shape games
2008-12-19 17:33:59 ----D---- C:\Program Files\Gourmania
2008-12-19 12:55:02 ----D---- C:\Documents and Settings\rtinsky\Application Data\Gold Casual Games
2008-12-19 12:55:02 ----D---- C:\Documents and Settings\All Users\Application Data\Gold Casual Games
2008-12-19 07:41:07 ----A---- C:\WINDOWS\system32\muweb.dll
2008-12-18 23:42:58 ----SHD---- C:\FOUND.000
2008-12-18 17:44:58 ----D---- C:\Documents and Settings\rtinsky\Application Data\cerasus.media
2008-12-18 16:08:30 ----D---- C:\Documents and Settings\All Users\Application Data\ERS G-Studio
2008-12-18 16:04:05 ----D---- C:\Program Files\Steve The Sheriff
2008-12-18 00:41:44 ----A---- C:\MsiZapU.exe
2008-12-17 23:25:45 ----D---- C:\Program Files\Trend Micro
2008-12-16 22:07:17 ----D---- C:\Documents and Settings\rtinsky\Application Data\Artogon
2008-12-16 22:05:03 ----D---- C:\Program Files\Treasure Seekers - Visions of Gold
2008-12-16 19:07:59 ----D---- C:\Documents and Settings\rtinsky\Application Data\Friday's games
2008-12-16 15:50:22 ----D---- C:\Program Files\Hidden Mysteries - Buckingham Palace
2008-12-16 02:20:55 ----HD---- C:\$AVG8.VAULT$
2008-12-15 21:17:12 ----D---- C:\Documents and Settings\All Users\Application Data\Alawar Stargaze
2008-12-12 23:01:55 ----D---- C:\Documents and Settings\All Users\Application Data\Playrix Entertainment
2008-12-10 14:22:15 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2008-12-10 14:21:59 ----D---- C:\Program Files\AVG
2008-12-10 10:48:04 ----D---- C:\Documents and Settings\All Users\Application Data\Avg8
2008-11-28 21:52:30 ----D---- C:\Program Files\CCleaner
2008-11-24 12:25:34 ----D---- C:\Documents and Settings\rtinsky\Application Data\Creative
2008-11-24 12:11:34 ----D---- C:\Documents and Settings\All Users\Application Data\Creative
2008-11-24 12:09:28 ----HD---- C:\Documents and Settings\All Users\Application Data\{7A246771-272C-415B-B2AB-AE698ADB7EEB}
2008-11-24 12:09:04 ----N---- C:\WINDOWS\Ctregrun.exe
2008-11-24 12:08:59 ----N---- C:\WINDOWS\system32\CTSVCCTL.EXE
2008-11-24 12:08:59 ----N---- C:\WINDOWS\system32\CTSVCCDA.EXE
2008-11-24 12:08:56 ----D---- C:\Program Files\Creative
2008-11-20 17:38:07 ----D---- C:\Documents and Settings\All Users\Application Data\MumboJumbo
2008-11-18 22:51:59 ----D---- C:\Documents and Settings\rtinsky\Application Data\Mushroom Age
2008-11-16 01:01:23 ----D---- C:\Program Files\Shockwave.com
2008-11-15 23:36:07 ----D---- C:\Documents and Settings\All Users\Application Data\IM
2008-11-15 23:34:16 ----D---- C:\Program Files\IncrediMail
2008-11-15 23:34:16 ----D---- C:\Documents and Settings\All Users\Application Data\IncrediMail
2008-11-15 23:07:07 ----D---- C:\Program Files\AWS
2008-11-15 23:07:07 ----D---- C:\Documents and Settings\rtinsky\Application Data\WeatherBug

======List of files/folders modified in the last 3 months======

2009-01-06 18:09:28 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-13 01:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-11 12:34:14 ----A---- C:\WINDOWS\win.ini
2008-11-15 16:15:26 ----A---- C:\YServer.txt
2008-11-15 15:53:20 ----A---- C:\WINDOWS\ModemLog_SoftV90 Data Fax Modem with SmartCP.txt
2008-11-15 15:47:12 ----A---- C:\ioSpecial.ini
2008-10-23 07:36:14 ----A---- C:\WINDOWS\system32\gdi32.dll
2008-10-23 05:07:00 ----N---- C:\WINDOWS\system32\tzchange.exe
2008-10-16 15:38:40 ----A---- C:\WINDOWS\system32\wininet.dll
2008-10-16 15:38:40 ----A---- C:\WINDOWS\system32\webcheck.dll
2008-10-16 15:38:40 ----A---- C:\WINDOWS\system32\urlmon.dll
2008-10-16 15:38:40 ----A---- C:\WINDOWS\system32\url.dll
2008-10-16 15:38:40 ----A---- C:\WINDOWS\system32\pngfilt.dll
2008-10-16 15:38:40 ----A---- C:\WINDOWS\system32\occache.dll
2008-10-16 15:38:40 ----A---- C:\WINDOWS\system32\mstime.dll
2008-10-16 15:38:38 ----A---- C:\WINDOWS\system32\msrating.dll
2008-10-16 15:38:38 ----A---- C:\WINDOWS\system32\mshtmled.dll
2008-10-16 15:38:38 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2008-10-16 15:38:38 ----A---- C:\WINDOWS\system32\msfeeds.dll
2008-10-16 15:38:38 ----A---- C:\WINDOWS\system32\jsproxy.dll
2008-10-16 15:38:38 ----A---- C:\WINDOWS\system32\iertutil.dll
2008-10-16 15:38:38 ----A---- C:\WINDOWS\system32\iernonce.dll
2008-10-16 15:38:38 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-10-16 15:38:36 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2008-10-16 15:38:36 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2008-10-16 15:38:36 ----A---- C:\WINDOWS\system32\ieaksie.dll
2008-10-16 15:38:36 ----A---- C:\WINDOWS\system32\ieakeng.dll
2008-10-16 15:38:36 ----A---- C:\WINDOWS\system32\icardie.dll
2008-10-16 15:38:36 ----A---- C:\WINDOWS\system32\extmgr.dll
2008-10-16 15:38:34 ----A---- C:\WINDOWS\system32\dxtrans.dll
2008-10-16 15:38:34 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2008-10-16 15:38:34 ----A---- C:\WINDOWS\system32\advpack.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-10-16 14:12:22 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-10-16 14:12:20 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wups2.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\cdm.dll
2008-10-16 14:09:40 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-10-16 14:08:58 ----A---- C:\WINDOWS\system32\wups.dll
2008-10-16 14:07:44 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-10-16 14:07:14 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-10-16 08:11:10 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2008-10-15 11:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-15 02:04:54 ----A---- C:\WINDOWS\system32\ieakui.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-12-10 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-12-10 26824]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 prodrv04;Star Force copy protection driver v4; C:\WINDOWS\System32\drivers\prodrv04.sys [2007-04-16 114496]
R1 sdcplh;sdcplh; C:\WINDOWS\System32\drivers\sdcplh.sys [2005-08-16 40576]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-12-10 76040]
R2 EpmPsd;Acer EPM Power Scheme Driver; \??\C:\WINDOWS\system32\drivers\epm-psd.sys []
R2 EpmShd;Acer EPM System Hardware Driver; \??\C:\WINDOWS\system32\drivers\epm-shd.sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-04-19 2317504]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-01-23 804317]
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2005-06-16 6144]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-12-05 10368]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2008-02-25 105088]
R3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 w29n51;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2004-10-29 3222784]
S2 osaio;osaio; C:\WINDOWS\system32\drivers\osaio.sys []
S2 osanbm;osanbm; C:\WINDOWS\system32\drivers\osanbm.sys []
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
S3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2004-12-22 369024]
S3 cc715239-7eee-4ef8-8bcd-14f3622033bf;cc715239-7eee-4ef8-8bcd-14f3622033bf; \??\E:\CDS300\cds300.dll []
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 fixustor;fixustor; C:\WINDOWS\system32\drivers\fixustor.sys [2003-08-21 6016]
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2009-01-06 85969]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-03-07 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-03-07 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-03-07 21744]
S3 int15.sys;int15.sys; \??\C:\Program Files\acer\eRecovery\int15.sys []
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
S3 NSCIRDA;NSC Infrared Device Driver; C:\WINDOWS\system32\DRIVERS\nscirda.sys [2008-04-14 28672]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\NSNDIS5.SYS []
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys []
S3 PCANDIS5;PCANDIS5 Protocol Driver; \??\C:\PROGRA~1\Tranzeo\TR-CPE\PCANDIS5.SYS []
S3 PortlUSB;PortlUSB; C:\WINDOWS\system32\DRIVERS\SiriusUSB.sys []
S3 POWERKEY;POWERKEY; \??\C:\Program Files\Launch Manager\POWERKEY.sys []
S3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 vncdrv;vncdrv; C:\WINDOWS\system32\DRIVERS\vncdrv.sys [2004-06-26 4736]
S3 WLAN;802.11b Wireless LAN Driver; C:\WINDOWS\system32\DRIVERS\WLANNDS.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys []
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-12-10 875288]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-12-10 231704]
R2 CTDevice_Srv;CT Device Query service; C:\Program Files\Creative\Shared Files\CTDevSrv.exe [2007-04-02 61440]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-06 152984]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]
S2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-13 44032]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]
S4 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]

-----------------EOF-----------------

#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:05:59 AM

Posted 07 January 2009 - 02:48 AM

Please re-open HijackThis and click on Do a system scan only. Check the boxes next to all the entries listed below.

O4 - HKUS\S-1-5-19\..\Run: [dahogusomi] Rundll32.exe "C:\WINDOWS\system32\fohitoti.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [dahogusomi] Rundll32.exe "C:\WINDOWS\system32\fohitoti.dll",s (User 'NETWORK SERVICE')


Now close all windows other than HijackThis, then click Fix checked. Close HijackThis



NEXT


Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Run RSIT again.. Post these logs in your next reply...

1. ESET Online Scanner
2. RSIT log.txt

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#7 rtinsky

rtinsky
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:59 PM

Posted 08 January 2009 - 05:48 PM

The online scan would not run. It kept giving a MS error and ending IE.


Logfile of random's system information tool 1.05 (written by random/random)
Run by rtinsky at 2009-01-08 17:44:14
Microsoft Windows XP Professional Service Pack 3
System drive C: has 16 GB (59%) free of 27 GB
Total RAM: 1014 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:44:22 PM, on 1/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\rtinsky\Desktop\Fix\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\rtinsky.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.csaccess.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Computer Solutions 937-444-2178
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{16104532-958C-45D0-8C81-B2889F2407F0}: NameServer = 209.251.2.100
O17 - HKLM\System\CCS\Services\Tcpip\..\{DA35D4FA-B58F-4058-B000-22ADDB71C195}: NameServer = 209.251.2.100,209.251.2.101
O17 - HKLM\System\CS1\Services\Tcpip\..\{16104532-958C-45D0-8C81-B2889F2407F0}: NameServer = 209.251.2.100
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)

--
End of file - 4426 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\User_Feed_Synchronization-{E872D358-87C4-49FB-9FB1-B45311D05052}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-12-10 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-06 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-06 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-06 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-04-15 77824]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-12-10 1261336]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-01-06 136600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"IncrediMail"=C:\Program Files\IncrediMail\bin\IncMail.exe [2008-11-09 243072]
"Weather"=C:\Program Files\AWS\WeatherBug\Weather.exe [2007-08-29 1347584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2005-01-23 348160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\System32\usmt\migwiz.exe"="C:\WINDOWS\System32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Remote Helpdesk\remhelp.exe"="C:\Remote Helpdesk\remhelp.exe:*:Enabled:remhelp"
"C:\Remote Helpdesk\remhelpc.exe"="C:\Remote Helpdesk\remhelpc.exe:*:Enabled:remhelpc"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Common Files\AOL\1129312077\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1129312077\ee\aolsoftware.exe:*:Enabled:AOL Services"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\Program Files\Common Files\AOL\1129312077\EE\aim6.exe"="C:\Program Files\Common Files\AOL\1129312077\EE\aim6.exe:*:Enabled:AIM"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"E:\setup\HPZnet01.exe"="E:\setup\HPZnet01.exe:*:Enabled:hpznet01.exe"
"E:\setup\HPONICIFS01.EXE"="E:\setup\HPONICIFS01.EXE:*:Enabled:hponicifs01.exe"
"C:\temp\HP_WebRelease\setup\HPZnet01.exe"="C:\temp\HP_WebRelease\setup\HPZnet01.exe:*:Enabled:hpznet01.exe"
"C:\temp\HP_WebRelease\setup\hponicifs01.exe"="C:\temp\HP_WebRelease\setup\hponicifs01.exe:*:Enabled:hponicifs01.exe"
"C:\Program Files\HP\Digital Imaging\BIN\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\BIN\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\BIN\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\BIN\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\UltraVNC\vncviewer.exe"="C:\Program Files\UltraVNC\vncviewer.exe:*:Enabled:vncviewer.exe"
"C:\Program Files\IncrediMail\bin\ImApp.exe"="C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\WINDOWS\EXPLORER.EXE"="C:\WINDOWS\EXPLORER.EXE:*:Enabled:Explorer"
"C:\WINDOWS\System32\logonui.exe"="C:\WINDOWS\System32\logonui.exe:*:Enabled:logonui"
"C:\WINDOWS\System32\WINLOGON.EXE"="C:\WINDOWS\System32\WINLOGON.EXE:*:Enabled:winlogon"
"C:\WINDOWS\System32\taskmgr.exe"="C:\WINDOWS\System32\taskmgr.exe:*:Enabled:taskmgr"
"C:\Program Files\AVG\AVG8\AVGWDSVC.EXE"="C:\Program Files\AVG\AVG8\AVGWDSVC.EXE:*:Enabled:avgwdsvc"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{440f230c-641c-11dd-9031-00166fa1df7f}]
shell\AutoRun\command - E:\.\MigWiz\migsetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bfcde31c-e27f-11dc-8212-0014a41e6c18}]
shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d069cf01-c72a-11da-86b1-0014a428fd60}]
shell\AutoRun\command - F:\SETUP.EXE


======File associations======

.js - edit -
.js - open -

======List of files/folders created in the last 3 months======

2009-01-08 17:32:37 ----D---- C:\WINDOWS\LastGood
2009-01-08 14:33:57 ----D---- C:\Program Files\EsetOnlineScanner
2009-01-06 18:32:09 ----D---- C:\_OTMoveIt
2009-01-06 18:16:36 ----A---- C:\WINDOWS\system32\javaws.exe
2009-01-06 18:16:36 ----A---- C:\WINDOWS\system32\javaw.exe
2009-01-06 18:16:36 ----A---- C:\WINDOWS\system32\java.exe
2009-01-06 18:16:36 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-01-06 00:15:04 ----A---- C:\WINDOWS\gmer.ini
2009-01-06 00:15:03 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2009-01-06 00:15:03 ----A---- C:\WINDOWS\gmer.exe
2009-01-06 00:15:03 ----A---- C:\WINDOWS\gmer.dll
2009-01-06 00:13:30 ----D---- C:\rsit
2009-01-05 23:34:02 ----D---- C:\Documents and Settings\rtinsky\Application Data\Malwarebytes
2009-01-05 23:33:54 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-05 23:33:54 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-01-02 23:10:39 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-02 22:56:47 ----A---- C:\WINDOWS\ntbtlog.txt
2009-01-02 21:38:48 ----SHD---- C:\FOUND.001
2008-12-23 17:03:21 ----D---- C:\Documents and Settings\rtinsky\Application Data\Cat's Eye Games
2008-12-23 17:02:37 ----D---- C:\Program Files\The Hidden Prophecies of Nostradamus
2008-12-23 15:51:44 ----D---- C:\Documents and Settings\All Users\Application Data\AdventureChronicles1
2008-12-23 15:50:57 ----D---- C:\Program Files\Adventure Chronicles - The Search for Lost Treasure
2008-12-23 14:33:10 ----D---- C:\Documents and Settings\All Users\Application Data\PlayPond
2008-12-23 13:17:53 ----D---- C:\Documents and Settings\rtinsky\Application Data\Games
2008-12-20 22:24:47 ----D---- C:\Documents and Settings\rtinsky\Application Data\Pogo Games
2008-12-20 00:09:26 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-19 22:45:37 ----D---- C:\Program Files\Amazing_Finds
2008-12-19 21:29:05 ----D---- C:\Program Files\Nocturnal - Boston Nightfall
2008-12-19 18:47:29 ----D---- C:\Documents and Settings\rtinsky\Application Data\Shape games
2008-12-19 17:33:59 ----D---- C:\Program Files\Gourmania
2008-12-19 12:55:02 ----D---- C:\Documents and Settings\rtinsky\Application Data\Gold Casual Games
2008-12-19 12:55:02 ----D---- C:\Documents and Settings\All Users\Application Data\Gold Casual Games
2008-12-19 07:41:07 ----A---- C:\WINDOWS\system32\muweb.dll
2008-12-18 23:42:58 ----SHD---- C:\FOUND.000
2008-12-18 17:44:58 ----D---- C:\Documents and Settings\rtinsky\Application Data\cerasus.media
2008-12-18 16:08:30 ----D---- C:\Documents and Settings\All Users\Application Data\ERS G-Studio
2008-12-18 16:04:05 ----D---- C:\Program Files\Steve The Sheriff
2008-12-18 00:41:44 ----A---- C:\MsiZapU.exe
2008-12-17 23:25:45 ----D---- C:\Program Files\Trend Micro
2008-12-16 22:07:17 ----D---- C:\Documents and Settings\rtinsky\Application Data\Artogon
2008-12-16 22:05:03 ----D---- C:\Program Files\Treasure Seekers - Visions of Gold
2008-12-16 19:07:59 ----D---- C:\Documents and Settings\rtinsky\Application Data\Friday's games
2008-12-16 15:50:22 ----D---- C:\Program Files\Hidden Mysteries - Buckingham Palace
2008-12-16 02:20:55 ----HD---- C:\$AVG8.VAULT$
2008-12-15 21:17:12 ----D---- C:\Documents and Settings\All Users\Application Data\Alawar Stargaze
2008-12-12 23:01:55 ----D---- C:\Documents and Settings\All Users\Application Data\Playrix Entertainment
2008-12-10 14:22:15 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2008-12-10 14:21:59 ----D---- C:\Program Files\AVG
2008-12-10 10:48:04 ----D---- C:\Documents and Settings\All Users\Application Data\Avg8
2008-11-28 21:52:30 ----D---- C:\Program Files\CCleaner
2008-11-24 12:25:34 ----D---- C:\Documents and Settings\rtinsky\Application Data\Creative
2008-11-24 12:11:34 ----D---- C:\Documents and Settings\All Users\Application Data\Creative
2008-11-24 12:09:28 ----HD---- C:\Documents and Settings\All Users\Application Data\{7A246771-272C-415B-B2AB-AE698ADB7EEB}
2008-11-24 12:09:04 ----N---- C:\WINDOWS\Ctregrun.exe
2008-11-24 12:08:59 ----N---- C:\WINDOWS\system32\CTSVCCTL.EXE
2008-11-24 12:08:59 ----N---- C:\WINDOWS\system32\CTSVCCDA.EXE
2008-11-24 12:08:56 ----D---- C:\Program Files\Creative
2008-11-20 17:38:07 ----D---- C:\Documents and Settings\All Users\Application Data\MumboJumbo
2008-11-18 22:51:59 ----D---- C:\Documents and Settings\rtinsky\Application Data\Mushroom Age
2008-11-16 01:01:23 ----D---- C:\Program Files\Shockwave.com
2008-11-15 23:36:07 ----D---- C:\Documents and Settings\All Users\Application Data\IM
2008-11-15 23:34:16 ----D---- C:\Program Files\IncrediMail
2008-11-15 23:34:16 ----D---- C:\Documents and Settings\All Users\Application Data\IncrediMail
2008-11-15 23:07:07 ----D---- C:\Program Files\AWS
2008-11-15 23:07:07 ----D---- C:\Documents and Settings\rtinsky\Application Data\WeatherBug

======List of files/folders modified in the last 3 months======

2009-01-08 17:30:48 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-13 01:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-11 12:34:14 ----A---- C:\WINDOWS\win.ini
2008-11-15 16:15:26 ----A---- C:\YServer.txt
2008-11-15 15:53:20 ----A---- C:\WINDOWS\ModemLog_SoftV90 Data Fax Modem with SmartCP.txt
2008-11-15 15:47:12 ----A---- C:\ioSpecial.ini
2008-10-23 07:36:14 ----A---- C:\WINDOWS\system32\gdi32.dll
2008-10-23 05:07:00 ----N---- C:\WINDOWS\system32\tzchange.exe
2008-10-16 15:38:40 ----A---- C:\WINDOWS\system32\wininet.dll
2008-10-16 15:38:40 ----A---- C:\WINDOWS\system32\webcheck.dll
2008-10-16 15:38:40 ----A---- C:\WINDOWS\system32\urlmon.dll
2008-10-16 15:38:40 ----A---- C:\WINDOWS\system32\url.dll
2008-10-16 15:38:40 ----A---- C:\WINDOWS\system32\pngfilt.dll
2008-10-16 15:38:40 ----A---- C:\WINDOWS\system32\occache.dll
2008-10-16 15:38:40 ----A---- C:\WINDOWS\system32\mstime.dll
2008-10-16 15:38:38 ----A---- C:\WINDOWS\system32\msrating.dll
2008-10-16 15:38:38 ----A---- C:\WINDOWS\system32\mshtmled.dll
2008-10-16 15:38:38 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2008-10-16 15:38:38 ----A---- C:\WINDOWS\system32\msfeeds.dll
2008-10-16 15:38:38 ----A---- C:\WINDOWS\system32\jsproxy.dll
2008-10-16 15:38:38 ----A---- C:\WINDOWS\system32\iertutil.dll
2008-10-16 15:38:38 ----A---- C:\WINDOWS\system32\iernonce.dll
2008-10-16 15:38:38 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-10-16 15:38:36 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2008-10-16 15:38:36 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2008-10-16 15:38:36 ----A---- C:\WINDOWS\system32\ieaksie.dll
2008-10-16 15:38:36 ----A---- C:\WINDOWS\system32\ieakeng.dll
2008-10-16 15:38:36 ----A---- C:\WINDOWS\system32\icardie.dll
2008-10-16 15:38:36 ----A---- C:\WINDOWS\system32\extmgr.dll
2008-10-16 15:38:34 ----A---- C:\WINDOWS\system32\dxtrans.dll
2008-10-16 15:38:34 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2008-10-16 15:38:34 ----A---- C:\WINDOWS\system32\advpack.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-10-16 14:12:22 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-10-16 14:12:20 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wups2.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\cdm.dll
2008-10-16 14:09:40 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-10-16 14:08:58 ----A---- C:\WINDOWS\system32\wups.dll
2008-10-16 14:07:44 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-10-16 14:07:14 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-10-16 08:11:10 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2008-10-15 11:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-15 02:04:54 ----A---- C:\WINDOWS\system32\ieakui.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-12-10 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-12-10 26824]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 prodrv04;Star Force copy protection driver v4; C:\WINDOWS\System32\drivers\prodrv04.sys [2007-04-16 114496]
R1 sdcplh;sdcplh; C:\WINDOWS\System32\drivers\sdcplh.sys [2005-08-16 40576]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-12-10 76040]
R2 EpmPsd;Acer EPM Power Scheme Driver; \??\C:\WINDOWS\system32\drivers\epm-psd.sys []
R2 EpmShd;Acer EPM System Hardware Driver; \??\C:\WINDOWS\system32\drivers\epm-shd.sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-04-19 2317504]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-01-23 804317]
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2005-06-16 6144]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-12-05 10368]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2008-02-25 105088]
R3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S2 osaio;osaio; C:\WINDOWS\system32\drivers\osaio.sys []
S2 osanbm;osanbm; C:\WINDOWS\system32\drivers\osanbm.sys []
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
S3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2004-12-22 369024]
S3 cc715239-7eee-4ef8-8bcd-14f3622033bf;cc715239-7eee-4ef8-8bcd-14f3622033bf; \??\E:\CDS300\cds300.dll []
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 fixustor;fixustor; C:\WINDOWS\system32\drivers\fixustor.sys [2003-08-21 6016]
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2009-01-06 85969]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-03-07 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-03-07 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-03-07 21744]
S3 int15.sys;int15.sys; \??\C:\Program Files\acer\eRecovery\int15.sys []
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
S3 NSCIRDA;NSC Infrared Device Driver; C:\WINDOWS\system32\DRIVERS\nscirda.sys [2008-04-14 28672]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\NSNDIS5.SYS []
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys []
S3 PCANDIS5;PCANDIS5 Protocol Driver; \??\C:\PROGRA~1\Tranzeo\TR-CPE\PCANDIS5.SYS []
S3 PortlUSB;PortlUSB; C:\WINDOWS\system32\DRIVERS\SiriusUSB.sys []
S3 POWERKEY;POWERKEY; \??\C:\Program Files\Launch Manager\POWERKEY.sys []
S3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 vncdrv;vncdrv; C:\WINDOWS\system32\DRIVERS\vncdrv.sys [2004-06-26 4736]
S3 w29n51;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2004-10-29 3222784]
S3 WLAN;802.11b Wireless LAN Driver; C:\WINDOWS\system32\DRIVERS\WLANNDS.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys []
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-12-10 875288]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-12-10 231704]
R2 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
R2 CTDevice_Srv;CT Device Query service; C:\Program Files\Creative\Shared Files\CTDevSrv.exe [2007-04-02 61440]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-06 152984]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]
S2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-13 44032]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]
S4 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.05 2009-01-06 00:14:02

======Uninstall list======

-->"C:\Documents and Settings\All Users\Application Data\{7A246771-272C-415B-B2AB-AE698ADB7EEB}\setup.exe" REMOVE=TRUE MODIFY=FALSE
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Acer Inc.\Acer English Online Help Creator\Uninst.isu"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1A99CB37-AEB0-492F-A85A-8A2536D22393}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player-->C:\WINDOWS\system32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\MACROMED\SHOCKW~1\INSTALL.LOG
Advanced IP Scanner v1.1-->C:\Program Files\Advanced IP Scanner\uninstal.exe
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Big Fish Games Client-->C:\Program Files\bfgclient\Uninstall.exe
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Creative Media Lite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1A99CB37-AEB0-492F-A85A-8A2536D22393}\setup.exe" -l0x9 /remove
Creative Software Update-->C:\Documents and Settings\All Users\Application Data\{7A246771-272C-415B-B2AB-AE698ADB7EEB}\setup.exe
GdiplusUpgrade-->MsiExec.exe /I{5421155F-B033-49DB-9B33-8F80F233D4D5}
HighMAT Extension to Microsoft Windows XP CD Writing Wizard-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
HP PSC & OfficeJet 5.3.A-->"C:\Program Files\HP\Digital Imaging\{3E386744-10FA-44b2-98C9-DF7A270DECB3}\setup\hpzscr01.exe" -datfile hposcr06.dat
HP PSC & OfficeJet 5.3.A-->"C:\Program Files\HP\Digital Imaging\{5544807E-896D-4585-84FF-60763E5BC022}\setup\hpzscr01.exe" -datfile hposcr06.dat
IncrediMail-->C:\Program Files\IncrediMail\bin\ImSetup.exe /remove /addon:IncrediMail /log:IncMail.log
Intel® Graphics Media Accelerator Driver for Mobile-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592
Intel® PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
J2SE Runtime Environment 5.0 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Macromedia Contribute 3.11-->MsiExec.exe /I{4B9535BF-CC90-4158-AF32-CAF57A8820CA}
Macromedia Extension Manager-->MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Flash 8 Video Encoder-->MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
Macromedia Flash 8-->MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
mDriver-->MsiExec.exe /I{28DA872A-0848-48CF-B749-19A198157A2A}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Web Publishing Wizard 1.52-->RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall
MSN Messenger 7.5-->MsiExec.exe /I{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
QuickTime-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{929408E6-D265-4174-805F-81D1D914E2A4} /l1033
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
RW-NMS 1.1.18-->"C:\Program Files\RW-NMS\unins000.exe"
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Super Text Twist®-->C:\PROGRA~1\SHOCKW~1.COM\SUPERT~1\UNWISE.EXE C:\PROGRA~1\SHOCKW~1.COM\SUPERT~1\INSTALL.LOG
UltraVNC 1.0.5-->"C:\Program Files\UltraVNC\unins001.exe"
WeatherBug-->MsiExec.exe /X{70DECFBF-9119-4434-B2D3-A3C283D15E45}
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Defender Signatures-->MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}

=====HijackThis Backups=====

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {8ca65119-aabe-495b-8821-e2c77ca74b7a} - C:\WINDOWS\system32\hirisaki.dll
O2 - BHO: (no name) - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - (no file)
O4 - HKLM\..\Run: [dahogusomi] Rundll32.exe "C:\WINDOWS\system32\getaviwi.dll",s
O4 - HKLM\..\Run: [CPM165a20e4] Rundll32.exe "c:\windows\system32\nosamoti.dll",a
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1218075430953
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Azada/Images/armhelper.ocx
O20 - AppInit_DLLs: avgrsstx.dll C:\WINDOWS\system32\tugoheri.dll C:\WINDOWS\system32\zivohoji.dll c:\windows\system32\nosamoti.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\nosamoti.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\nosamoti.dll
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: (no name) - {8ca65119-aabe-495b-8821-e2c77ca74b7a} - C:\WINDOWS\system32\hirisaki.dll (file missing)
O4 - HKLM\..\Run: [dahogusomi] Rundll32.exe "C:\WINDOWS\system32\getaviwi.dll",s
O4 - HKLM\..\Run: [15691378] rundll32.exe "C:\WINDOWS\system32\turigopi.dll",b
O4 - HKLM\..\Run: [CPM165a20e4] Rundll32.exe "c:\windows\system32\kotihuya.dll",a
O4 - HKCU\..\Run: [CTZDetec.exe] "C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe"
O4 - HKCU\..\Run: [SoftAuto.exe] "C:\Program Files\Creative\Software Update 3\SoftAuto.exe"
O4 - HKCU\..\Run: [97656369134929523241678679581699] C:\Program Files\Antivirus 2009\av2009.exe
O4 - HKCU\..\Run: [ieupdate] "C:\WINDOWS\system32\explorer32.exe"
O4 - HKUS\S-1-5-19\..\Run: [dahogusomi] Rundll32.exe "C:\WINDOWS\system32\getaviwi.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [dahogusomi] Rundll32.exe "C:\WINDOWS\system32\getaviwi.dll",s (User 'NETWORK SERVICE')
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\kotihuya.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\kotihuya.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O1 - Hosts: 208.122.87.142 www.shcc.k12.oh.us
O2 - BHO: (no name) - {8ca65119-aabe-495b-8821-e2c77ca74b7a} - C:\WINDOWS\system32\pebubolo.dll
O4 - HKLM\..\Run: [CPM165a20e4] Rundll32.exe "c:\windows\system32\jenanibi.dll",a
O4 - HKLM\..\Run: [dahogusomi] Rundll32.exe "C:\WINDOWS\system32\fohitoti.dll",s
O4 - HKUS\S-1-5-20\..\Run: [dahogusomi] Rundll32.exe "C:\WINDOWS\system32\fohitoti.dll",s (User 'NETWORK SERVICE')
O20 - AppInit_DLLs: c:\windows\system32\nosamoti.dll C:\WINDOWS\system32\ratebadi.dll c:\windows\system32\jenanibi.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\jenanibi.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\jenanibi.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O2 - BHO: (no name) - {8ca65119-aabe-495b-8821-e2c77ca74b7a} - C:\WINDOWS\system32\pebubolo.dll (file missing)
O4 - HKLM\..\Run: [CPM165a20e4] Rundll32.exe "c:\windows\system32\jenanibi.dll",a
O4 - HKLM\..\Run: [dahogusomi] Rundll32.exe "C:\WINDOWS\system32\fohitoti.dll",s
O4 - HKUS\S-1-5-20\..\Run: [dahogusomi] Rundll32.exe "C:\WINDOWS\system32\fohitoti.dll",s (User 'NETWORK SERVICE')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\ratebadi.dll c:\windows\system32\jenanibi.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\jenanibi.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\jenanibi.dll
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O2 - BHO: (no name) - {8ca65119-aabe-495b-8821-e2c77ca74b7a} - C:\WINDOWS\system32\pebubolo.dll (file missing)
O4 - HKLM\..\Run: [CPM165a20e4] Rundll32.exe "c:\windows\system32\jenanibi.dll",a
O4 - HKLM\..\Run: [dahogusomi] Rundll32.exe "C:\WINDOWS\system32\fohitoti.dll",s
O4 - HKUS\S-1-5-19\..\Run: [dahogusomi] Rundll32.exe "C:\WINDOWS\system32\fohitoti.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [dahogusomi] Rundll32.exe "C:\WINDOWS\system32\fohitoti.dll",s (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O20 - AppInit_DLLs: c:\windows\system32\jenanibi.dll,C:\WINDOWS\system32\ratebadi.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\jenanibi.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\jenanibi.dll

======Security center information======

AV: AVG Anti-Virus Free

System event log

Computer Name: LAPTOP1
Event Code: 4201
Message: The system detected that network adapter \DEVICE\TCPIP_{AE1AD104-90BD-4162-82B2-6CAE5A2E1BFC} was connected to the network,
and has initiated normal operation over the network adapter.

Record Number: 58684
Source Name: Tcpip
Time Written: 20081208153414.000000-300
Event Type: information
User:

Computer Name: LAPTOP1
Event Code: 4201
Message: The system detected that network adapter \DEVICE\TCPIP_{AE1AD104-90BD-4162-82B2-6CAE5A2E1BFC} was connected to the network,
and has initiated normal operation over the network adapter.

Record Number: 58683
Source Name: Tcpip
Time Written: 20081208151749.000000-300
Event Type: information
User:

Computer Name: LAPTOP1
Event Code: 59
Message: Generate Activation Context failed for C:\Program Files\IncrediMail\bin\MFC80U.DLL.
Reference error message: The operation completed successfully.
.

Record Number: 58682
Source Name: SideBySide
Time Written: 20081208145420.000000-300
Event Type: error
User:

Computer Name: LAPTOP1
Event Code: 59
Message: Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC.
Reference error message: The referenced assembly is not installed on your system.
.

Record Number: 58681
Source Name: SideBySide
Time Written: 20081208145420.000000-300
Event Type: error
User:

Computer Name: LAPTOP1
Event Code: 32
Message: Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last Error was The referenced assembly is not installed on your system.


Record Number: 58680
Source Name: SideBySide
Time Written: 20081208145420.000000-300
Event Type: error
User:

Application event log

Computer Name: LAPTOP1
Event Code: 11729
Message: Product: Microsoft Office Professional Edition 2003 -- Configuration failed.

Record Number: 9357
Source Name: MsiInstaller
Time Written: 20081128001452.000000-300
Event Type: information
User: LAPTOP1\rtinsky

Computer Name: LAPTOP1
Event Code: 1024
Message: Product: Microsoft Office Professional Edition 2003 - Update 'Security Update for Publisher 2003 (KB894542): MSPUB' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Record Number: 9356
Source Name: MsiInstaller
Time Written: 20081128001452.000000-300
Event Type: error
User: LAPTOP1\rtinsky

Computer Name: LAPTOP1
Event Code: 11311
Message: Product: Microsoft Office Professional Edition 2003 -- Error 1311. Source file not found(cabinet): D:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\PA561401.CAB. Verify that the file exists and that you can access it.

Record Number: 9355
Source Name: MsiInstaller
Time Written: 20081128001452.000000-300
Event Type: error
User: LAPTOP1\rtinsky

Computer Name: LAPTOP1
Event Code: 11729
Message: Product: Microsoft Office Professional Edition 2003 -- Configuration failed.

Record Number: 9354
Source Name: MsiInstaller
Time Written: 20081128001445.000000-300
Event Type: information
User: LAPTOP1\rtinsky

Computer Name: LAPTOP1
Event Code: 1024
Message: Product: Microsoft Office Professional Edition 2003 - Update 'Update for Outlook 2003: Junk E-mail Filter (KB957832): OUTLFLTR' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Record Number: 9353
Source Name: MsiInstaller
Time Written: 20081128001445.000000-300
Event Type: error
User: LAPTOP1\rtinsky

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0d08
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip

-----------------EOF-----------------

#8 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:05:59 AM

Posted 09 January 2009 - 08:02 AM

Lets do this instead...


Please download AVPTool by Kaspersky and save it to your desktop.
  • Please reboot into Safe Mode
  • Once you are in Safe Mode, double click the setup file to run and install it.
  • By default it will install to your Desktop (as Kaspersky Lab Tool folder)
  • A Kaspersky Virus Removal Tool window will open. There will be a tab that says Automatic Scan.
  • Under Automatic Scan make sure these are checked.
    • [1.] System Memory
      [2.] Startup Objects
      [3.] Disk Boot Sectors.
      [4.] My Computer.
      [5.] Also any other drives (Removable that you may have)
  • After that click on Security level then choose Customize then click on the tab that says Heuristic Analyzer then choose Enable Deep rootkit search then choose ok.
  • Then choose OK again then you are back to the main screen.
  • Then click on Scan button.
  • It will automatically Neutralize any objects found.
  • If some objects are left unneutralized then click the button that says Neutralize all
  • If it says it cannot be Neutralized, then chooose the Delete option when prompted.
  • After that is done click on the Report button at the bottom and save it to file name as Kas.
  • Save it somewhere convenient like your Desktop and just post only the detected Virus\malware in the report. It will be at the very top under Detected. Post those results in your next reply.
  • When you close the AVPTool, you will be asked to uninstall the program.. Choose Yes..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#9 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:05:59 AM

Posted 16 January 2009 - 04:16 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users