Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with sagispul (I believe)


  • This topic is locked This topic is locked
9 replies to this topic

#1 pavendan

pavendan

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:01:21 PM

Posted 03 January 2009 - 10:17 PM

All of the sudden screen started to pop up. Every time I open the Privacy tab in Internet Options the setting has been changed to Accept All Cookies


DDS (Version 1.1.0) - NTFSx86
Run by Patricio Avendano at 21:03:58.26 on Sat 01/03/2009
Internet Explorer: 6.0.2900.5512

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.dell4me.com/mywaybiz
uWindow Title = Microsoft Internet Explorer presented by Comcast
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mWindow Title = Microsoft Internet Explorer presented by Comcast
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.comcast.net/toolbar2.0/search/
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: {02478d38-c3f9-4efb-9b51-7695eca05670} - Yahoo! Toolbar Helper
BHO: NoExplorer - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\4.1.805.4472\swg.dll
BHO: {B3C87E36-26F3-42BF-8DD8-B56FA0C0F1DC} - No File
BHO: {e19ad931-6940-4031-bc23-171903bd5be9} - c:\windows\system32\fcccaaBq.dll
BHO: {E5EF1800-0E1D-476E-B379-4A1D66A9722F} - No File
BHO: {341ee992-619b-17ea-7324-d8c483d9036f}: {f6309d38-4c8d-4237-ae71-b916299ee143} - c:\windows\system32\vfrcos.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dll
TB: Comcast Toolbar: {4e7bd74f-2b8d-469e-93be-be2df4d9ae29} - c:\progra~1\comcas~2\COMCAS~1.DLL
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {CE0C2586-DA36-452B-ACDB-320D9BCB19BF} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [LXBTCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXBTtime.dll,_RunDLLEntry@16
mRun: [<NO NAME>]
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [64f0e3e9] rundll32.exe "c:\windows\system32\lxusmfqt.dll",b
IE: &Search - ?p=ZUxdm080YYUS
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/
IE: {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/
IE: {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\rodrigo avendano\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\windows\system32\msjava.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: igfxcui - igfxsrvc.dll
Notify: mlJDwUOi - mlJDwUOi.dll
AppInit_DLLs: grcrpt.dll,sigvsj.dll,dfvivc.dll,avgrsstx.dll vfrcos.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\fcccaaBq

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-01-03 20:37 202,399,744 a------- C:\Backup.bkf
2009-01-02 18:11 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-01-02 18:04 132,608 a------- c:\windows\system32\vfrcos.dll
2009-01-02 18:04 132,608 a------- c:\windows\system32\riiovrmb.dll
2009-01-02 18:01 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-01-02 18:01 97,928 a------- c:\windows\system32\drivers\avgldx86.sys
2009-01-02 18:01 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-01-02 18:01 <DIR> --d----- c:\docume~1\patric~1\applic~1\AVGTOOLBAR
2009-01-02 18:01 120 ---sh--- c:\windows\system32\tqfmsuxl.ini
2009-01-02 18:01 90,112 a------- c:\windows\system32\lxusmfqt.dll
2009-01-02 18:01 <DIR> --d----- c:\program files\AVG
2009-01-02 18:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-01-02 17:30 675,602 a--sh--- c:\windows\system32\qBaacccf.ini2
2009-01-01 18:04 120 ---sh--- c:\windows\system32\oiijygbh.ini
2009-01-01 18:04 90,112 a------- c:\windows\system32\hbgyjiio.dll
2009-01-01 17:58 132,608 a------- c:\windows\system32\dfvivc.dll
2009-01-01 17:58 132,608 a------- c:\windows\system32\amysnhih.dll
2008-12-31 19:53 130,560 a------- c:\windows\system32\sigvsj.dll
2008-12-31 19:53 130,560 a------- c:\windows\system32\jtfsxijh.dll
2008-12-31 19:47 120 ---sh--- c:\windows\system32\edjlbwsi.ini
2008-12-31 19:47 675,602 a--sh--- c:\windows\system32\qBaacccf.ini
2008-12-31 01:03 120 ---sh--- c:\windows\system32\equvamiy.ini
2008-12-31 01:02 89,600 a------- c:\windows\system32\yimavuqe.dll
2008-12-31 00:57 130,560 a------- c:\windows\system32\grcrpt.dll
2008-12-31 00:56 130,560 a------- c:\windows\system32\oibyjwgx.dll
2008-12-30 20:46 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2008-12-30 20:46 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2008-12-30 20:08 <DIR> --d----- c:\program files\Lavasoft
2008-12-30 01:02 89,088 a------- c:\windows\system32\ejxvphkt.dll
2008-12-30 00:56 126,976 a------- c:\windows\system32\yojgrw.dll
2008-12-30 00:56 126,976 a------- c:\windows\system32\fjcxystm.dll
2008-12-26 11:26 1,299,082 a--sh--- c:\windows\system32\ympmdyhq.ini
2008-12-25 11:31 0 a------- c:\windows\system32\mcrh.tmp
2008-12-23 23:49 136,192 a------- c:\windows\system32\onxqmc.dll
2008-12-23 23:49 136,192 a------- c:\windows\system32\tqlnfprs.dll

==================== Find3M ====================

2008-12-12 11:01 3,067,904 -------- c:\windows\system32\dllcache\mshtml.dll
2008-10-24 05:21 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 06:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-23 06:36 286,720 -------- c:\windows\system32\dllcache\gdi32.dll
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-10-15 19:00 666,112 a------- c:\windows\system32\wininet.dll
2008-10-15 19:00 666,112 -------- c:\windows\system32\dllcache\wininet.dll
2008-10-15 19:00 619,520 -------- c:\windows\system32\dllcache\urlmon.dll
2008-10-15 19:00 1,499,136 -------- c:\windows\system32\dllcache\shdocvw.dll
2008-10-15 10:34 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
2007-01-07 11:39 774,144 a------- c:\program files\RngInterstitial.dll
2000-12-12 10:17 100,432 -------- c:\program files\Win2000PPAHotfix.exe
2006-04-18 15:00 667,412 a--sh--- c:\windows\system32\nqtss.ini2

============= FINISH: 21:06:06.20 ===============



==== Installed Programs ======================

3D Groove Playback Engine
Add-ons
Adobe Acrobat 6.0.1 Professional
Adobe Flash Player ActiveX
Adobe Reader 6.0.1
Adobe Shockwave Player
Advanced Tetric v5.1
Annotations
Annotations Help
AnswerWorks 4.0 Runtime - English
AOL Uninstaller (Choose which Products to Remove)
Apple Mobile Device Support
Apple Software Update
AVG Free 8.0
Backyardigans Mission to Mars
Banctec Service Agreement
Block Diagrams
Block Diagrams Help
Borders and Backgrounds
Borders and Backgrounds Help
Broadcom Management Programs
Building Architecture
Building Architecture Help
Building Services
Building Services Help
CAD Drawing Converter
CAD Drawing Converter Help
CAD Drawing Display
Callouts and Connectors
Callouts and Connectors Help
Camp Funshine: Carrie the Caregiver 3
Clip Art and Symbols
Clip Art and Symbols Help
Comcast High-Speed Internet Install Wizard
Comcast Toolbar
Conexant D850 56K V.9x DFVc Modem
Curious George ABCs
Custom Patterns
Custom Properties Editor
Database Wizard
Dell Digital Jukebox Driver
Dell Media Experience
Dell Networking Guide
Dell Support 5.0.0 (766)
Developing Visio Solutions Help
Disney's Winnie the Pooh Kindergarten
ebgcInfra
ebgcRes
ebgcSDK
Electrical Engineering
Electrical Engineering Help
Equipment Selector
Equipment Selector Furniture Database
Equipment Selector Help
Facilities Management
Facilities Management Help
Flowcharts
Flowcharts Help
Fluid Power
Fluid Power Help
Forms and Charts
Forms and Charts Help
Foundation technical
Google Earth
Google Toolbar for Internet Explorer
Google Updater
Graphics Filters
Help and Support Customization
Help for Visio 2000 (HTML Help)
Help_Technical
Hotfix for Windows XP (KB952287)
Intel® Extreme Graphics Driver
Internet Explorer Default Page
Iomega App Services
ItsDeductible Express
iTunes
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Java 2 Runtime Environment, SE v1.4.2_03
JumpStart Kindergarten v2.4b
Lexmark 5200 Series
Lexmark Fax Solutions
Lexmark Printer Software Uninstall
Maps
Maps Help
Mechanical Engineering
Mechanical Engineering Help
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Office Standard Edition 2003
Microsoft Repository
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visio 2000
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual Studio Service Pack 3
NetWaiting
Network Diagrams
Network Diagrams Help
Norton Security Scan
Norton Security Scan (Symantec Corporation)
Office Layout
Office Layout Help
Organization Charts
Organization Charts Help
Page Layout Wizard
Process Engineering
Process Engineering Help
Professor Teaches Windows XP Home Edition
Program Files
Program Files Help
Program Files Technical
Project Schedules
Project Schedules Help
Property Reporting Wizard
QuickTime
Reader Rabbit 2nd Grade
RealPlayer
Release Notes Technical
Rhapsody Player Engine
Save as HTML
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB960714)
Shape Explorer Help
Solutions
Sonic RecordNow!
Sonic Update Manager
SpongeBob Diner Dash 2
Spybot - Search & Destroy
Symantec Technical Support Web Controls
The Game of Life - SpongeBob SquarePants Edition
The Sims Carnival SnapCity
Thomas & Friends - The Great Festival Adventure
TurboTax Basic 2004
TurboTax Basic 2005
TurboTax Basic 2006
TurboTax Deluxe 2007
TurboTax ItsDeductible 2005
TurboTax ItsDeductible 2006
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
VBA
VideoLAN VLC media player 0.8.4a
Visio
Visio Core Files
Visio Technical Core Files
WebFldrs XP
WexTech AnswerWorks
Windows Backup Utility
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Live Mail
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
WordPerfect Office 12

==== End Of File ===========================

BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:21 AM

Posted 05 January 2009 - 02:50 AM

Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.



NEXT


Please download GMER and unzip it to your Desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.


Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GMER result..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 pavendan

pavendan
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:01:21 PM

Posted 05 January 2009 - 11:10 PM

fenzodahl512,

Attached are the logs requested. Thanks for your help!

Malwarebytes'
Malwarebytes' Anti-Malware 1.32
Database version: 1621
Windows 5.1.2600 Service Pack 3

1/5/2009 9:06:44 PM
mbam-log-2009-01-05 (21-06-44).txt

Scan type: Full Scan (C:\|)
Objects scanned: 196078
Time elapsed: 1 hour(s), 55 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 19
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 20
Files Infected: 156

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\SYSTEM32\dfvivc.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f6309d38-4c8d-4237-ae71-b916299ee143} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f6309d38-4c8d-4237-ae71-b916299ee143} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{77e3ba96-04ca-4327-8a9d-fcefc4e32361} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4e7bd74f-2b8d-469e-86bd-fd60bb9aae3a} (Adware.OneToolBar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\bfgtoolbar (Adware.OneToolBar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\64f0e3e9 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{4e7bd74f-2b8d-469e-86bd-fd60bb9aae3a} (Adware.OneToolBar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\WinBudget (Adware.AdMedia) -> Quarantined and deleted successfully.
C:\Program Files\WinBudget\bin (Adware.AdMedia) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rodrigo Avendano\Application Data\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rodrigo Avendano\Application Data\ShoppingReport\cs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patricia Leon\Application Data\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patricia Leon\Application Data\ShoppingReport\cs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nicole Avendano\Application Data\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nicole Avendano\Application Data\ShoppingReport\cs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Application Data\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Application Data\ShoppingReport\cs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rodrigo Avendano\Application Data\bfgtoolbar (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rodrigo Avendano\Application Data\bfgtoolbar\NewCfg (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patricio Avendano\Application Data\bfgtoolbar (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patricio Avendano\Application Data\bfgtoolbar\NewCfg (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patricia Leon\Application Data\bfgtoolbar (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patricia Leon\Application Data\bfgtoolbar\NewCfg (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nicole Avendano\Application Data\bfgtoolbar (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nicole Avendano\Application Data\bfgtoolbar\NewCfg (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Application Data\bfgtoolbar (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Application Data\bfgtoolbar\NewCfg (Adware.OneToolBar) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\vfrcos.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\dfvivc.dll (Trojan.Vundo) -> Delete on reboot.
C:\Documents and Settings\Rodrigo Avendano\Local Settings\Temp\xrun.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\fjcxystm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\yojgrw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\ejxvphkt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rodrigo Avendano\Application Data\bfgtoolbar\1.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rodrigo Avendano\Application Data\bfgtoolbar\10.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rodrigo Avendano\Application Data\bfgtoolbar\2.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rodrigo Avendano\Application Data\bfgtoolbar\20off.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rodrigo Avendano\Application Data\bfgtoolbar\3.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rodrigo Avendano\Application Data\bfgtoolbar\4.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rodrigo Avendano\Application Data\bfgtoolbar\5.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rodrigo Avendano\Application Data\bfgtoolbar\6.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rodrigo Avendano\Application Data\bfgtoolbar\7.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rodrigo Avendano\Application Data\bfgtoolbar\8.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rodrigo Avendano\Application Data\bfgtoolbar\9.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rodrigo Avendano\Application Data\bfgtoolbar\action.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rodrigo Avendano\Application Data\bfgtoolbar\atlantis.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rodrigo Avendano\Application Data\bfgtoolbar\bfg_greetings.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rodrigo Avendano\Application Data\bfgtoolbar\card.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rodrigo Avendano\Application Data\bfgtoolbar\COMBOSEARCH.acs (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rodrigo Avendano\Application Data\bfgtoolbar\ErrorLog.txt (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rodrigo Avendano\Application Data\bfgtoolbar\logo.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rodrigo Avendano\Application Data\bfgtoolbar\mahjong.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rodrigo Avendano\Application Data\bfgtoolbar\mygames.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rodrigo Avendano\Application Data\bfgtoolbar\mygamestoolbar.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rodrigo Avendano\Application Data\bfgtoolbar\new.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rodrigo Avendano\Application Data\bfgtoolbar\newgames.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rodrigo Avendano\Application Data\bfgtoolbar\puzzle.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rodrigo Avendano\Application Data\bfgtoolbar\search.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rodrigo Avendano\Application Data\bfgtoolbar\thereef.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rodrigo Avendano\Application Data\bfgtoolbar\Thumbs.db (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rodrigo Avendano\Application Data\bfgtoolbar\topten.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rodrigo Avendano\Application Data\bfgtoolbar\webgames.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rodrigo Avendano\Application Data\bfgtoolbar\word.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patricio Avendano\Application Data\bfgtoolbar\1.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patricio Avendano\Application Data\bfgtoolbar\10.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patricio Avendano\Application Data\bfgtoolbar\2.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patricio Avendano\Application Data\bfgtoolbar\20off.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patricio Avendano\Application Data\bfgtoolbar\3.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patricio Avendano\Application Data\bfgtoolbar\4.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patricio Avendano\Application Data\bfgtoolbar\5.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patricio Avendano\Application Data\bfgtoolbar\6.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patricio Avendano\Application Data\bfgtoolbar\7.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patricio Avendano\Application Data\bfgtoolbar\8.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patricio Avendano\Application Data\bfgtoolbar\9.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patricio Avendano\Application Data\bfgtoolbar\action.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patricio Avendano\Application Data\bfgtoolbar\atlantis.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patricio Avendano\Application Data\bfgtoolbar\bfg_greetings.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patricio Avendano\Application Data\bfgtoolbar\card.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patricio Avendano\Application Data\bfgtoolbar\COMBOSEARCH.acs (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patricio Avendano\Application Data\bfgtoolbar\logo.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patricio Avendano\Application Data\bfgtoolbar\mahjong.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patricio Avendano\Application Data\bfgtoolbar\mygames.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patricio Avendano\Application Data\bfgtoolbar\mygamestoolbar.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patricio Avendano\Application Data\bfgtoolbar\new.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patricio Avendano\Application Data\bfgtoolbar\newgames.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patricio Avendano\Application Data\bfgtoolbar\puzzle.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patricio Avendano\Application Data\bfgtoolbar\search.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patricio Avendano\Application Data\bfgtoolbar\thereef.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patricio Avendano\Application Data\bfgtoolbar\Thumbs.db (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patricio Avendano\Application Data\bfgtoolbar\topten.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patricio Avendano\Application Data\bfgtoolbar\webgames.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patricio Avendano\Application Data\bfgtoolbar\word.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patricia Leon\Application Data\bfgtoolbar\1.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patricia Leon\Application Data\bfgtoolbar\10.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patricia Leon\Application Data\bfgtoolbar\2.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patricia Leon\Application Data\bfgtoolbar\20off.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patricia Leon\Application Data\bfgtoolbar\3.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patricia Leon\Application Data\bfgtoolbar\4.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patricia Leon\Application Data\bfgtoolbar\5.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patricia Leon\Application Data\bfgtoolbar\6.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patricia Leon\Application Data\bfgtoolbar\7.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patricia Leon\Application Data\bfgtoolbar\8.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patricia Leon\Application Data\bfgtoolbar\9.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patricia Leon\Application Data\bfgtoolbar\action.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patricia Leon\Application Data\bfgtoolbar\atlantis.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patricia Leon\Application Data\bfgtoolbar\bfgtoolbartb0500.cfg (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patricia Leon\Application Data\bfgtoolbar\bfg_greetings.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patricia Leon\Application Data\bfgtoolbar\card.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patricia Leon\Application Data\bfgtoolbar\COMBOSEARCH.acs (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patricia Leon\Application Data\bfgtoolbar\logo.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patricia Leon\Application Data\bfgtoolbar\mahjong.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patricia Leon\Application Data\bfgtoolbar\mygames.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patricia Leon\Application Data\bfgtoolbar\mygamestoolbar.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patricia Leon\Application Data\bfgtoolbar\new.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patricia Leon\Application Data\bfgtoolbar\newgames.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patricia Leon\Application Data\bfgtoolbar\puzzle.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patricia Leon\Application Data\bfgtoolbar\search.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patricia Leon\Application Data\bfgtoolbar\thereef.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patricia Leon\Application Data\bfgtoolbar\Thumbs.db (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patricia Leon\Application Data\bfgtoolbar\topten.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patricia Leon\Application Data\bfgtoolbar\webgames.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patricia Leon\Application Data\bfgtoolbar\word.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nicole Avendano\Application Data\bfgtoolbar\1.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nicole Avendano\Application Data\bfgtoolbar\10.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nicole Avendano\Application Data\bfgtoolbar\2.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nicole Avendano\Application Data\bfgtoolbar\20off.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nicole Avendano\Application Data\bfgtoolbar\3.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nicole Avendano\Application Data\bfgtoolbar\4.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nicole Avendano\Application Data\bfgtoolbar\5.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nicole Avendano\Application Data\bfgtoolbar\6.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nicole Avendano\Application Data\bfgtoolbar\7.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nicole Avendano\Application Data\bfgtoolbar\8.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nicole Avendano\Application Data\bfgtoolbar\9.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nicole Avendano\Application Data\bfgtoolbar\action.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nicole Avendano\Application Data\bfgtoolbar\atlantis.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nicole Avendano\Application Data\bfgtoolbar\bfgtoolbartb0500.cfg (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nicole Avendano\Application Data\bfgtoolbar\bfg_greetings.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nicole Avendano\Application Data\bfgtoolbar\card.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nicole Avendano\Application Data\bfgtoolbar\card.bmp64084109 (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nicole Avendano\Application Data\bfgtoolbar\COMBOSEARCH.acs (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nicole Avendano\Application Data\bfgtoolbar\logo.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nicole Avendano\Application Data\bfgtoolbar\mahjong.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nicole Avendano\Application Data\bfgtoolbar\mygames.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nicole Avendano\Application Data\bfgtoolbar\mygamestoolbar.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nicole Avendano\Application Data\bfgtoolbar\new.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nicole Avendano\Application Data\bfgtoolbar\newgames.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nicole Avendano\Application Data\bfgtoolbar\puzzle.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nicole Avendano\Application Data\bfgtoolbar\search.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nicole Avendano\Application Data\bfgtoolbar\thereef.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nicole Avendano\Application Data\bfgtoolbar\Thumbs.db (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nicole Avendano\Application Data\bfgtoolbar\topten.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nicole Avendano\Application Data\bfgtoolbar\webgames.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nicole Avendano\Application Data\bfgtoolbar\word.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Application Data\bfgtoolbar\1.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Application Data\bfgtoolbar\10.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Application Data\bfgtoolbar\2.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Application Data\bfgtoolbar\20off.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Application Data\bfgtoolbar\3.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Application Data\bfgtoolbar\4.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Application Data\bfgtoolbar\5.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Application Data\bfgtoolbar\6.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Application Data\bfgtoolbar\7.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Application Data\bfgtoolbar\8.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Application Data\bfgtoolbar\9.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Application Data\bfgtoolbar\action.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Application Data\bfgtoolbar\atlantis.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Application Data\bfgtoolbar\bfgtoolbartb0500.cfg (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Application Data\bfgtoolbar\bfg_greetings.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Application Data\bfgtoolbar\card.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Application Data\bfgtoolbar\COMBOSEARCH.acs (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Application Data\bfgtoolbar\logo.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Application Data\bfgtoolbar\mahjong.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Application Data\bfgtoolbar\mygames.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Application Data\bfgtoolbar\mygamestoolbar.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Application Data\bfgtoolbar\new.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Application Data\bfgtoolbar\newgames.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Application Data\bfgtoolbar\puzzle.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Application Data\bfgtoolbar\search.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Application Data\bfgtoolbar\Thumbs.db (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Application Data\bfgtoolbar\topten.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Application Data\bfgtoolbar\webgames.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Application Data\bfgtoolbar\word.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.

RSIT log.txt
Logfile of random's system information tool 1.05 (written by random/random)
Run by Patricio Avendano at 2009-01-05 21:16:45
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 31 GB (43%) free of 73 GB
Total RAM: 510 MB (33% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:18:47 PM, on 1/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Documents and Settings\Patricio Avendano\Desktop\RSIT.exe
C:\Program Files\trend micro\Patricio Avendano.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: (no name) - {B3C87E36-26F3-42BF-8DD8-B56FA0C0F1DC} - (no file)
O2 - BHO: (no name) - {E19AD931-6940-4031-BC23-171903BD5BE9} - C:\WINDOWS\system32\fcccaaBq.dll (file missing)
O2 - BHO: (no name) - {E5EF1800-0E1D-476E-B379-4A1D66A9722F} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O8 - Extra context menu item: &Search - ?p=ZUxdm080YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Rodrigo Avendano\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: grcrpt.dll,sigvsj.dll,dfvivc.dll,avgrsstx.dll vfrcos.dll
O20 - Winlogon Notify: mlJDwUOi - mlJDwUOi.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Iomega Activity Disk2 - Iomega Corporation - C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbtcoms.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 7379 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\ISP signup reminder 1.job
C:\WINDOWS\tasks\Norton Security Scan for Patricio Avendano.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
Yahoo! Toolbar Helper

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2009-01-02 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-23 652784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B3C87E36-26F3-42BF-8DD8-B56FA0C0F1DC}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E19AD931-6940-4031-BC23-171903BD5BE9}]
C:\WINDOWS\system32\fcccaaBq.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E5EF1800-0E1D-476E-B379-4A1D66A9722F}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BA52B914-B692-46c4-B683-905236F6F655}
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar3.dll [2007-01-19 2403392]
{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - Comcast Toolbar - C:\PROGRA~1\COMCAS~2\COMCAS~1.DLL [2006-11-07 1821184]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2009-01-02 2055960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"LXBTCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll []
""= []
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2007-12-11 286720]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2007-12-11 267048]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-01-02 1261336]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-06-13 68856]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-07-07 2156368]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="grcrpt.dll,sigvsj.dll,dfvivc.dll,avgrsstx.dll vfrcos.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-02-10 339968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mlJDwUOi]
mlJDwUOi.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\fcccaaBq

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
shell\AutoRun\command - E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a3b64c02-3c9d-11dc-bc04-00038a000015}]
shell\AutoRun\command - E:\system\viewer\FlipVideoforPC.exe
shell\Flip Video for PC\command - E:\system\viewer\FlipVideoforPC.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b714276e-d45a-11dc-bc39-00038a000015}]
shell\AutoRun\command - E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d1b82b8f-68ec-11d9-b962-00038a000015}]
shell\AutoRun\command - E:\JDSecure\Windows\JDSecure20.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{df4a2836-4776-11db-bba7-00038a000015}]
shell\AutoRun\command - setupSNK.exe


======List of files/folders created in the last 3 months======

2009-01-05 21:16:46 ----D---- C:\Program Files\trend micro
2009-01-05 21:16:45 ----D---- C:\rsit
2009-01-05 19:04:27 ----D---- C:\Documents and Settings\Patricio Avendano\Application Data\Malwarebytes
2009-01-05 19:04:16 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-01-05 19:04:15 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-02 18:11:01 ----HD---- C:\$AVG8.VAULT$
2009-01-02 18:01:47 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-01-02 18:01:28 ----D---- C:\Documents and Settings\Patricio Avendano\Application Data\AVGTOOLBAR
2009-01-02 18:01:23 ----SH---- C:\WINDOWS\system32\tqfmsuxl.ini
2009-01-02 18:01:09 ----D---- C:\Program Files\AVG
2009-01-02 18:01:08 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-01-02 17:30:35 ----ASH---- C:\WINDOWS\system32\qBaacccf.ini2
2009-01-01 18:04:08 ----SH---- C:\WINDOWS\system32\oiijygbh.ini
2008-12-31 19:47:34 ----SH---- C:\WINDOWS\system32\edjlbwsi.ini
2008-12-31 19:47:27 ----ASH---- C:\WINDOWS\system32\qBaacccf.ini
2008-12-31 01:03:06 ----SH---- C:\WINDOWS\system32\equvamiy.ini
2008-12-30 20:46:21 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-30 20:46:21 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-30 20:08:59 ----D---- C:\Program Files\Lavasoft
2008-12-30 20:08:57 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-12-26 17:54:38 ----SHD---- C:\Config.Msi
2008-12-26 11:26:38 ----ASH---- C:\WINDOWS\system32\ympmdyhq.ini
2008-12-22 23:41:25 ----A---- C:\WINDOWS\system32\6fd32797-.txt
2008-12-19 03:01:50 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$
2008-12-11 03:10:00 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-11 03:05:51 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2008-12-11 03:04:34 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-11 03:02:38 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-11 03:02:21 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-11-27 12:45:15 ----D---- C:\Program Files\Nick Arcade
2008-11-27 08:05:04 ----D---- C:\Program Files\Disney Interactive
2008-11-12 03:03:46 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 03:02:52 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-12 03:01:23 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-10-24 02:01:35 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-15 02:08:39 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-15 02:08:30 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-15 02:08:18 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-15 02:05:43 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-15 02:05:28 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-15 02:01:53 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-10-08 17:05:44 ----A---- C:\WINDOWS\cgabc.ini
2008-10-08 17:05:31 ----D---- C:\CGABC

======List of files/folders modified in the last 3 months======

2009-01-05 21:16:46 ----RD---- C:\Program Files
2009-01-05 21:12:00 ----D---- C:\WINDOWS\Temp
2009-01-05 21:11:56 ----AD---- C:\WINDOWS
2009-01-05 21:10:29 ----A---- C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt
2009-01-05 21:09:42 ----AD---- C:\WINDOWS\SYSTEM32
2009-01-05 21:09:41 ----AD---- C:\WINDOWS\system32\DRIVERS
2009-01-05 21:09:18 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-05 19:04:27 ----D---- C:\WINDOWS\Prefetch
2009-01-05 18:53:59 ----D---- C:\WINDOWS\system32\NtmsData
2009-01-05 17:49:01 ----D---- C:\WINDOWS\Registration
2009-01-05 17:35:52 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-04 19:11:56 ----D---- C:\WINDOWS\network diagnostic
2009-01-04 05:31:27 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-01-03 20:43:47 ----SHD---- C:\System Volume Information
2009-01-03 20:37:44 ----HD---- C:\WINDOWS\INF
2009-01-03 20:37:38 ----AD---- C:\WINDOWS\REPAIR
2009-01-03 20:28:47 ----SHD---- C:\WINDOWS\Installer
2009-01-02 21:48:29 ----D---- C:\WINDOWS\system32\Restore
2009-01-02 21:47:42 ----SD---- C:\WINDOWS\Tasks
2009-01-02 20:49:41 ----SD---- C:\Documents and Settings\Patricio Avendano\Application Data\Microsoft
2009-01-02 20:20:03 ----D---- C:\Program Files\Lx_cats
2009-01-02 18:01:03 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-01-02 18:01:02 ----D---- C:\WINDOWS\WinSxS
2009-01-02 17:58:40 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2009-01-02 17:58:23 ----D---- C:\Program Files\Common Files
2008-12-30 21:37:57 ----A---- C:\WINDOWS\wininit.ini
2008-12-29 18:13:43 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-12-29 18:07:54 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-28 10:12:17 ----D---- C:\Program Files\Yahoo! Games
2008-12-28 10:11:52 ----D---- C:\Documents and Settings\Patricio Avendano\Application Data\Viewpoint
2008-12-27 22:24:18 ----D---- C:\Program Files\Norton Security Scan
2008-12-27 22:11:13 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-12-27 22:08:41 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-27 09:24:56 ----D---- C:\Program Files\Windows Live Toolbar
2008-12-27 09:09:50 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-26 17:54:27 ----D---- C:\Program Files\iPod
2008-12-24 13:03:16 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2008-12-24 13:03:10 ----D---- C:\Program Files\Internet Explorer
2008-12-24 12:15:14 ----D---- C:\Program Files\GlobalStar Software
2008-12-24 12:13:44 ----D---- C:\Program Files\iWin.com
2008-12-24 12:09:57 ----D---- C:\Program Files\Chill
2008-12-24 12:09:17 ----D---- C:\Program Files\AOL Games
2008-12-23 21:43:05 ----D---- C:\Program Files\Camp Funshine - Carrie the Caregiver 3
2008-12-20 15:29:48 ----A---- C:\WINDOWS\OEWABLog.txt
2008-12-20 15:01:15 ----D---- C:\Documents and Settings\All Users\Application Data\iWin Games
2008-12-19 03:00:50 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-12 11:01:00 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-11 21:33:36 ----D---- C:\WINDOWS\system32\WBEM
2008-12-11 21:33:36 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-11 03:10:07 ----A---- C:\WINDOWS\imsins.BAK
2008-12-11 03:08:19 ----A---- C:\WINDOWS\WIN.INI
2008-12-10 17:00:28 ----A---- C:\WINDOWS\IE4 Error Log.txt
2008-12-09 17:24:37 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-06 18:56:44 ----D---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-06 18:50:59 ----D---- C:\Program Files\Shockwave.com
2008-12-02 13:04:45 ----D---- C:\WINDOWS\Help
2008-11-28 18:49:58 ----A---- C:\WINDOWS\hegames.ini
2008-11-28 18:13:25 ----D---- C:\hegames
2008-11-27 08:05:15 ----RSD---- C:\WINDOWS\Fonts
2008-11-20 17:13:47 ----D---- C:\WINDOWS\Minidump
2008-10-23 06:36:14 ----A---- C:\WINDOWS\system32\gdi32.dll
2008-10-23 04:06:59 ----A---- C:\WINDOWS\system32\tzchange.exe
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-10-16 14:12:22 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-10-16 14:12:20 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wups2.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\cdm.dll
2008-10-16 14:09:40 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-10-16 14:08:58 ----A---- C:\WINDOWS\system32\wups.dll
2008-10-16 14:07:44 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-10-16 14:07:14 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\muweb.dll
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-10-15 19:00:11 ----A---- C:\WINDOWS\system32\wininet.dll
2008-10-15 19:00:11 ----A---- C:\WINDOWS\system32\urlmon.dll
2008-10-15 19:00:10 ----A---- C:\WINDOWS\system32\shdocvw.dll
2008-10-15 10:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-01-02 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-01-02 26824]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\System32\DRIVERS\omci.sys [2002-11-08 17217]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys [2003-05-23 43136]
R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2006-09-19 15664]
R3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2004-02-10 681469]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-11-18 591808]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys [2003-01-10 33588]
R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2008-04-13 42752]
S3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2004-08-03 701440]
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2004-08-03 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2004-08-03 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2004-08-03 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2004-08-03 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2004-08-03 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2004-08-03 19455]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2004-08-03 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2004-08-03 19551]
S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys []
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2004-08-03 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2004-08-03 23615]
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 USB_RNDIS;D-Link DCM-202 Broadband Cable Modem; C:\WINDOWS\System32\DRIVERS\usb8023.sys [2008-04-13 12800]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2007-10-31 30464]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 sr;System Restore Filter Driver; C:\WINDOWS\System32\DRIVERS\sr.sys [2008-04-13 73472]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AOL ACS;AOL Connectivity Service; C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe [2004-04-21 1434848]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-10-31 110592]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-01-02 231704]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-23 168432]
R2 Iomega Activity Disk2;Iomega Activity Disk2; C:\PROGRA~1\Iomega\System32\ActivityDisk.exe [2001-09-17 61440]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-19 322120]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2005-01-28 38912]
R2 WANMiniportService;WAN Miniport (ATW) Service; C:\WINDOWS\wanmpsvc.exe [2003-01-10 65536]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe []
S3 lxbt_device;lxbt_device; C:\WINDOWS\System32\lxbtcoms.exe [2004-02-20 421888]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Symantec RemoteAssist;Symantec RemoteAssist; C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe [2008-01-29 394704]

-----------------EOF-----------------


RSIT info.txt
info.txt logfile of random's system information tool 1.05 2009-01-05 21:18:52

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\System32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
-->C:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3D Groove Playback Engine-->RunDll32 C:\WINDOWS\DOWNLO~1\GrooveAX.dll,_RemoveGroove@16
Adobe Acrobat 6.0.1 Professional-->MsiExec.exe /I{AC76BA86-1033-0000-7760-000000000001}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 6.0.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Adobe Shockwave Player-->C:\WINDOWS\SYSTEM32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Adobe\SHOCKW~1\Install.log
Advanced Tetric v5.1-->"C:\Program Files\MyPlayCity.com\Advanced Tetric\unins000.exe"
AnswerWorks 4.0 Runtime - English-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9 -removeonly
AOL Uninstaller (Choose which Products to Remove)-->C:\Program Files\Common Files\AOL\uninstaller.exe
Apple Mobile Device Support-->MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Backyardigans Mission to Mars-->"C:\Program Files\Activision Value\Backyardigans Mission to Mars\unins000.exe"
Broadcom Management Programs-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{89EE857B-8970-4F9F-AB58-A1C873AC72B3} /l1033
Camp Funshine: Carrie the Caregiver 3-->"C:\Program Files\Camp Funshine - Carrie the Caregiver 3\Uninstall.exe"
Comcast High-Speed Internet Install Wizard-->C:\Program Files\support.com\uninstall\chsi_uninstaller.exe
Comcast Toolbar-->C:\Program Files\ComcastToolbar\uninstall.exe
Conexant D850 56K V.9x DFVc Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
Curious George ABCs-->C:\WINDOWS\uninst.exe -fC:\CGABC\DeIsL1.isu
Dell Digital Jukebox Driver-->C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Media Experience-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
Dell Support 5.0.0 (766)-->rundll32 C:\PROGRA~1\DELLSU~1\AUInst.dll,ExUninstall
ebgcInfra-->MsiExec.exe /X{39B1BD87-561E-4762-AED9-7C5213B06C24}
ebgcRes-->MsiExec.exe /X{5380B111-5047-413D-A6E5-70D69391D08E}
ebgcSDK-->MsiExec.exe /X{13AD768A-9E04-499D-AE80-967A65DCCBA5}
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar3.dll"
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Intel® Extreme Graphics Driver-->RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Internet Explorer Default Page-->MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
Iomega App Services-->C:\WINDOWS\unvise32.exe C:\Program Files\Iomega\System32\uninstal.log
ItsDeductible Express-->MsiExec.exe /X{36495C59-089C-49D1-BD15-9E5BD86DC9A1}
iTunes-->MsiExec.exe /I{18388EF8-E0A3-442B-8BFE-E2F1B3D05C91}
Jasc Paint Shop Photo Album-->MsiExec.exe /I{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}
Jasc Paint Shop Pro 8 Dell Edition-->MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
JumpStart Kindergarten v2.4b-->C:\WINDOWS\uninst.exe -fC:\KA\KG\DeIsL1.isu
Lexmark 5200 Series-->C:\WINDOWS\System32\spool\drivers\w32x86\3\LXBTUNST.EXE -NOLICENSE
Lexmark Fax Solutions-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\8\INTEL3~1\IDriver.exe /M{764C0C8F-B1B1-49BF-AEDC-4E48E857A667} /l1033 /z/U
Lexmark Printer Software Uninstall-->C:\Program Files\Lexmark\Install\Uninstall.exe
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
NetWaiting-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Norton Security Scan (Symantec Corporation)-->"C:\Program Files\Common Files\Symantec Shared\NSSSetup\{3FADAA19-E595-44CA-A072-58B6B0851768}_2_0_0\NSSSetup.exe" /X
Norton Security Scan-->MsiExec.exe /X{3FADAA19-E595-44CA-A072-58B6B0851768}
Professor Teaches Windows XP Home Edition-->C:\Documents and Settings\All Users\Application Data\Individual Software\Professor Teaches Windows XP Home Edition\UNINSTALL.EXE C:\PROGRA~1\INDIVI~1\PROFES~1\INSTALL.LOG
QuickTime-->MsiExec.exe /I{E0D51394-1D45-460A-B62D-383BC4F8B335}
Reader Rabbit 2nd Grade-->C:\Program Files\The Learning Company\Reader Rabbit 2nd Grade\uninstal.exe
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager-->MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
SpongeBob Diner Dash 2-->C:\DOCUME~1\ALLUSE~1\APPLIC~1\PLAYFI~1\Games\SPONGE~1\UNWISE.EXE C:\DOCUME~1\ALLUSE~1\APPLIC~1\PLAYFI~1\Games\SPONGE~1\INSTALL.LOG
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Symantec Technical Support Web Controls-->MsiExec.exe /X{20C53FA2-4307-4671-A93F-9463B29DFCF1}
The Game of Life - SpongeBob SquarePants Edition-->C:\PROGRA~1\NICKAR~1\THEGAM~1\UNWISE.EXE C:\PROGRA~1\NICKAR~1\THEGAM~1\INSTALL.LOG
The Sims Carnival SnapCity-->"C:\Program Files\Chill\The Sims Carnival SnapCity\Uninstall.exe" "C:\Program Files\Chill\The Sims Carnival SnapCity\install.log"
Thomas & Friends - The Great Festival Adventure-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hasbro Interactive\The Great Festival Adventure\Uninst.isu"
TurboTax Basic 2004-->C:\Program Files\TurboTax\Basic 2004\TaxUnst.EXE "C:\Program Files\TurboTax\Basic 2004\Uninstall.log" -NoGui
TurboTax Basic 2005-->C:\Program Files\TurboTax\Basic 2005\TaxUnst.EXE "C:\Program Files\TurboTax\Basic 2005\Uninstall.log" -NoGui
TurboTax Basic 2006-->C:\Program Files\TurboTax\Basic 2006\TaxUnst.EXE "C:\Program Files\TurboTax\Basic 2006\Uninstall.log" -NoGui
TurboTax Deluxe 2007-->C:\Program Files\TurboTax\Deluxe 2007\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2007\Uninstall.log" -NoGui
TurboTax ItsDeductible 2005-->MsiExec.exe /X{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}
TurboTax ItsDeductible 2006-->MsiExec.exe /X{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
VideoLAN VLC media player 0.8.4a-->C:\Program Files\VideoLAN\VLC\uninstall.exe
WexTech AnswerWorks-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}\SETUP.EXE" -l0x9 -eliminate
Windows Backup Utility-->MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WordPerfect Office 12-->MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48}

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: AVG Anti-Virus Free

System event log

Computer Name: D8STHK51
Event Code: 7036
Message: The Background Intelligent Transfer Service service entered the running state.

Record Number: 53978
Source Name: Service Control Manager
Time Written: 20080927111158.000000-300
Event Type: information
User:

Computer Name: D8STHK51
Event Code: 7035
Message: The Background Intelligent Transfer Service service was successfully sent a start control.

Record Number: 53977
Source Name: Service Control Manager
Time Written: 20080927111156.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: D8STHK51
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 53976
Source Name: W32Time
Time Written: 20080927100615.000000-300
Event Type: warning
User:

Computer Name: D8STHK51
Event Code: 7035
Message: The McAfee Inc. mferkdk service was successfully sent a start control.

Record Number: 53975
Source Name: Service Control Manager
Time Written: 20080926215804.000000-300
Event Type: information
User: D8STHK51\Patricio Avendano

Computer Name: D8STHK51
Event Code: 7036
Message: The McAfee Scanner service entered the running state.

Record Number: 53974
Source Name: Service Control Manager
Time Written: 20080926215713.000000-300
Event Type: information
User:

Application event log

Computer Name: D8STHK51
Event Code: 701
Message: msnmsgr (2836) Online defragmentation has completed a full pass on database '\\.\C:\Documents and Settings\Patricia Leon\Local Settings\Application Data\Microsoft\Messenger\pattyleon14@hotmail.com\SharingMetadata\Working\database_9C64_F105_64F0_E346\dfsr.db'.

Record Number: 731
Source Name: ESENT
Time Written: 20081028210007.000000-300
Event Type: information
User:

Computer Name: D8STHK51
Event Code: 700
Message: msnmsgr (2836) Online defragmentation is beginning a full pass on database '\\.\C:\Documents and Settings\Patricia Leon\Local Settings\Application Data\Microsoft\Messenger\pattyleon14@hotmail.com\SharingMetadata\Working\database_9C64_F105_64F0_E346\dfsr.db'.

Record Number: 730
Source Name: ESENT
Time Written: 20081028210007.000000-300
Event Type: information
User:

Computer Name: D8STHK51
Event Code: 701
Message: msnmsgr (2836) Online defragmentation has completed a full pass on database '\\.\C:\Documents and Settings\Patricia Leon\Local Settings\Application Data\Microsoft\Messenger\pattyleon14@hotmail.com\SharingMetadata\Working\database_9C64_F105_64F0_E346\dfsr.db'.

Record Number: 729
Source Name: ESENT
Time Written: 20081028200007.000000-300
Event Type: information
User:

Computer Name: D8STHK51
Event Code: 700
Message: msnmsgr (2836) Online defragmentation is beginning a full pass on database '\\.\C:\Documents and Settings\Patricia Leon\Local Settings\Application Data\Microsoft\Messenger\pattyleon14@hotmail.com\SharingMetadata\Working\database_9C64_F105_64F0_E346\dfsr.db'.

Record Number: 728
Source Name: ESENT
Time Written: 20081028200007.000000-300
Event Type: information
User:

Computer Name: D8STHK51
Event Code: 701
Message: msnmsgr (2836) Online defragmentation has completed a full pass on database '\\.\C:\Documents and Settings\Patricia Leon\Local Settings\Application Data\Microsoft\Messenger\pattyleon14@hotmail.com\SharingMetadata\Working\database_9C64_F105_64F0_E346\dfsr.db'.

Record Number: 727
Source Name: ESENT
Time Written: 20081028190007.000000-300
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip

-----------------EOF-----------------


GMER result
GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-01-05 21:55:20
Windows 5.1.2600 Service Pack 3


---- Kernel code sections - GMER 1.0.14 ----

? ghbb.sys The system cannot find the file specified. !

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.14 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{005AA08E-F378-CDEA-4494-80FA2A9BE74E}\Insertable@
Reg HKLM\SOFTWARE\Classes\CLSID\{005AA08E-F378-CDEA-4494-80FA2A9BE74E}\Ole1Class@ MPlayer
Reg HKLM\SOFTWARE\Classes\CLSID\{005AA08E-F378-CDEA-4494-80FA2A9BE74E}\ProgID@ MPlayer
Reg HKLM\SOFTWARE\Classes\CLSID\{005AA08E-F378-CDEA-4494-80FA2A9BE74E}\TreatAs@ {00022601-0000-0000-C000-000000000046}
Reg HKLM\SOFTWARE\Classes\CLSID\{AFF5BF3E-DA3B-193D-3650-FED7112135DC}\Verb\0
Reg HKLM\SOFTWARE\Classes\CLSID\{AFF5BF3E-DA3B-193D-3650-FED7112135DC}\Verb\0@ &Edit,0,2
Reg HKLM\SOFTWARE\Classes\CLSID\{AFF5BF3E-DA3B-193D-3650-FED7112135DC}\Verb\1
Reg HKLM\SOFTWARE\Classes\CLSID\{AFF5BF3E-DA3B-193D-3650-FED7112135DC}\Verb\1@ &Open,0,2
Reg HKLM\SOFTWARE\Classes\CLSID\{FD41D149-A388-0587-6F3A-AB80C8365A87}\InProcServer32@ mmsys.cpl
Reg HKLM\SOFTWARE\Classes\CLSID\{FD41D149-A388-0587-6F3A-AB80C8365A87}\InProcServer32@ThreadingModel Apartment

---- EOF - GMER 1.0.14 ----

#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:21 AM

Posted 06 January 2009 - 01:39 AM

IMPORTANT!! Uninstall these programs before proceed with our fixes..

1. Spybot S&D




NEXT


Please download JavaRa to your desktop and unzip it to its own folder. <<MIRROR>>
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
Then, please download and install the latest Java from HERE



NEXT


Please download the OTMoveIt3 by OldTimer
  • Save it to your Desktop.
  • Please double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Let the Unregister Dll's and Ocx's remain ticked and Zip Files After Moves remain unticked..
  • Copy the codebox contents and paste it to the "Paste List of Files/Folders to Move" window (under the light Yellow bar)

    :processes
    explorer.exe
    
    :files
    C:\WINDOWS\system32\fcccaaBq.dll
    C:\WINDOWS\system32\tqfmsuxl.ini
    C:\WINDOWS\system32\qBaacccf.ini2
    C:\WINDOWS\system32\oiijygbh.ini
    C:\WINDOWS\system32\edjlbwsi.ini
    C:\WINDOWS\system32\qBaacccf.ini
    C:\WINDOWS\system32\equvamiy.ini
    C:\WINDOWS\system32\ympmdyhq.ini
    
    :reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B3C87E36-26F3-42BF-8DD8-B56FA0C0F1DC}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E19AD931-6940-4031-BC23-171903BD5BE9}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E5EF1800-0E1D-476E-B379-4A1D66A9722F}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{BA52B914-B692-46c4-B683-905236F6F655}"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mlJDwUOi]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS"="avgrsstx.dll"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
    
    :commands
    [purity]
    [emptytemp]
    [start explorer]
    [reboot]
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Run RSIT again.. Post these logs in your next reply..

1. OTMoveIt3
2. RSIT log.txt

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 pavendan

pavendan
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:01:21 PM

Posted 06 January 2009 - 08:28 PM

Attached are the logs requested

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
File/Folder C:\WINDOWS\system32\fcccaaBq.dll not found.
C:\WINDOWS\system32\tqfmsuxl.ini moved successfully.
C:\WINDOWS\system32\qBaacccf.ini2 moved successfully.
C:\WINDOWS\system32\oiijygbh.ini moved successfully.
C:\WINDOWS\system32\edjlbwsi.ini moved successfully.
C:\WINDOWS\system32\qBaacccf.ini moved successfully.
C:\WINDOWS\system32\equvamiy.ini moved successfully.
C:\WINDOWS\system32\ympmdyhq.ini moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B3C87E36-26F3-42BF-8DD8-B56FA0C0F1DC}\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E19AD931-6940-4031-BC23-171903BD5BE9}\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E5EF1800-0E1D-476E-B379-4A1D66A9722F}\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{BA52B914-B692-46c4-B683-905236F6F655} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA52B914-B692-46c4-B683-905236F6F655}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mlJDwUOi\\ deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_DLLS"|"avgrsstx.dll" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\"Authentication Packages"|hex(7):6d,73,76,31,5f,30,00,00 /E : value set successfully!
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_128.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01062009_191543

Files moved on Reboot...
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_128.dat not found!


Logfile of random's system information tool 1.05 (written by random/random)
Run by Patricio Avendano at 2009-01-06 19:24:21
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 31 GB (43%) free of 73 GB
Total RAM: 510 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:24:42 PM, on 1/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Patricio Avendano\Desktop\RSIT.exe
C:\Program Files\trend micro\Patricio Avendano.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

http://www.comcast.net/toolbar2.0/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer

presented by Comcast
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} -

C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program

Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program

Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program

Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat

6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program

files\google\googletoolbar3.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} -

C:\PROGRA~1\COMCAS~2\COMCAS~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} -

C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [LXBTCATS] rundll32

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online

9.0\aoltray.exe
O8 - Extra context menu item: &Search - ?p=ZUxdm080YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file

missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/

(file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/

(file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} -

http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and

Settings\Rodrigo Avendano\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) -

http://javadl.sun.com/webapps/download/AutoDL?BundleId=26688
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program

Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. -

C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. -

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google

Updater\GoogleUpdaterService.exe
O23 - Service: Iomega Activity Disk2 - Iomega Corporation -

C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program

Files\Java\jre6\bin\jqs.exe
O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbtcoms.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec

Shared\Support Controls\ssrc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. -

C:\WINDOWS\wanmpsvc.exe

--
End of file - 7036 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\ISP signup reminder 1.job
C:\WINDOWS\tasks\Norton Security Scan for Patricio Avendano.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
Yahoo! Toolbar Helper

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-06 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2009-01-02 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll

[2008-10-23 652784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-06 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-06

73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat

6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar3.dll

[2007-01-19 2403392]
{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - Comcast Toolbar - C:\PROGRA~1\COMCAS~2\COMCAS~1.DLL

[2006-11-07 1821184]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[2009-01-02 2055960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"LXBTCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll []
""= []
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2007-12-11 286720]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2007-12-11 267048]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-01-02 1261336]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-01-06 136600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-06-13 68856]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-02-10 339968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardp

rofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainpro

file\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
shell\AutoRun\command - E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a3b64c02-3c9d-11dc

-bc04-00038a000015}]
shell\AutoRun\command - E:\system\viewer\FlipVideoforPC.exe
shell\Flip Video for PC\command - E:\system\viewer\FlipVideoforPC.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b714276e-d45a-11dc

-bc39-00038a000015}]
shell\AutoRun\command - E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d1b82b8f-68ec-11d9

-b962-00038a000015}]
shell\AutoRun\command - E:\JDSecure\Windows\JDSecure20.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{df4a2836-4776-11db

-bba7-00038a000015}]
shell\AutoRun\command - setupSNK.exe


======List of files/folders created in the last 1 months======

2009-01-06 19:15:43 ----D---- C:\_OTMoveIt
2009-01-06 16:56:52 ----A---- C:\WINDOWS\system32\javaws.exe
2009-01-06 16:56:52 ----A---- C:\WINDOWS\system32\javaw.exe
2009-01-06 16:56:52 ----A---- C:\WINDOWS\system32\java.exe
2009-01-06 16:56:52 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-01-05 21:24:20 ----A---- C:\WINDOWS\gmer.ini
2009-01-05 21:24:18 ----RA---- C:\WINDOWS\gmer.exe
2009-01-05 21:24:18 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2009-01-05 21:24:18 ----A---- C:\WINDOWS\gmer.dll
2009-01-05 21:16:46 ----D---- C:\Program Files\trend micro
2009-01-05 21:16:45 ----D---- C:\rsit
2009-01-05 19:04:27 ----D---- C:\Documents and Settings\Patricio Avendano\Application

Data\Malwarebytes
2009-01-05 19:04:16 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-01-05 19:04:15 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-02 18:11:01 ----HD---- C:\$AVG8.VAULT$
2009-01-02 18:01:47 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-01-02 18:01:28 ----D---- C:\Documents and Settings\Patricio Avendano\Application Data\AVGTOOLBAR
2009-01-02 18:01:09 ----D---- C:\Program Files\AVG
2009-01-02 18:01:08 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-12-30 20:46:21 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-30 20:46:21 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search &

Destroy
2008-12-30 20:08:59 ----D---- C:\Program Files\Lavasoft
2008-12-30 20:08:57 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-12-26 17:54:38 ----SHD---- C:\Config.Msi
2008-12-22 23:41:25 ----A---- C:\WINDOWS\system32\6fd32797-.txt
2008-12-19 03:01:50 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$
2008-12-11 03:10:00 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-11 03:05:51 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2008-12-11 03:04:34 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-11 03:02:38 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-11 03:02:21 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$

======List of files/folders modified in the last 1 months======

2009-01-06 19:19:34 ----AD---- C:\WINDOWS
2009-01-06 19:19:32 ----D---- C:\WINDOWS\Temp
2009-01-06 19:18:09 ----A---- C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt
2009-01-06 19:17:07 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-06 19:15:43 ----AD---- C:\WINDOWS\SYSTEM32
2009-01-06 19:09:31 ----D---- C:\WINDOWS\network diagnostic
2009-01-06 16:58:14 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-01-06 16:56:34 ----SHD---- C:\WINDOWS\Installer
2009-01-06 16:56:32 ----D---- C:\Program Files\Java
2009-01-06 16:54:53 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-05 21:28:50 ----D---- C:\WINDOWS\Prefetch
2009-01-05 21:24:18 ----AD---- C:\WINDOWS\system32\DRIVERS
2009-01-05 21:16:46 ----RD---- C:\Program Files
2009-01-05 18:54:53 ----D---- C:\WINDOWS\system32\NtmsData
2009-01-05 17:49:01 ----D---- C:\WINDOWS\Registration
2009-01-04 05:31:27 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-01-03 20:43:47 ----SHD---- C:\System Volume Information
2009-01-03 20:37:44 ----HD---- C:\WINDOWS\INF
2009-01-03 20:37:38 ----AD---- C:\WINDOWS\REPAIR
2009-01-02 21:48:29 ----D---- C:\WINDOWS\system32\Restore
2009-01-02 21:47:42 ----SD---- C:\WINDOWS\Tasks
2009-01-02 20:49:41 ----SD---- C:\Documents and Settings\Patricio Avendano\Application Data\Microsoft
2009-01-02 20:20:03 ----D---- C:\Program Files\Lx_cats
2009-01-02 18:01:03 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-01-02 18:01:02 ----D---- C:\WINDOWS\WinSxS
2009-01-02 17:58:40 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2009-01-02 17:58:23 ----D---- C:\Program Files\Common Files
2008-12-30 21:37:57 ----A---- C:\WINDOWS\wininit.ini
2008-12-29 18:13:43 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-12-28 10:12:17 ----D---- C:\Program Files\Yahoo! Games
2008-12-28 10:11:52 ----D---- C:\Documents and Settings\Patricio Avendano\Application Data\Viewpoint
2008-12-27 22:24:18 ----D---- C:\Program Files\Norton Security Scan
2008-12-27 22:11:13 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-12-27 22:08:41 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-27 09:24:56 ----D---- C:\Program Files\Windows Live Toolbar
2008-12-27 09:09:50 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-26 17:54:27 ----D---- C:\Program Files\iPod
2008-12-24 13:03:16 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2008-12-24 13:03:10 ----D---- C:\Program Files\Internet Explorer
2008-12-24 12:15:14 ----D---- C:\Program Files\GlobalStar Software
2008-12-24 12:13:44 ----D---- C:\Program Files\iWin.com
2008-12-24 12:09:57 ----D---- C:\Program Files\Chill
2008-12-24 12:09:17 ----D---- C:\Program Files\AOL Games
2008-12-23 21:43:05 ----D---- C:\Program Files\Camp Funshine - Carrie the Caregiver 3
2008-12-20 15:29:48 ----A---- C:\WINDOWS\OEWABLog.txt
2008-12-20 15:01:15 ----D---- C:\Documents and Settings\All Users\Application Data\iWin Games
2008-12-19 03:00:50 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-12 11:01:00 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-11 21:33:36 ----D---- C:\WINDOWS\system32\WBEM
2008-12-11 21:33:36 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-11 03:10:07 ----A---- C:\WINDOWS\imsins.BAK
2008-12-11 03:08:19 ----A---- C:\WINDOWS\WIN.INI
2008-12-10 17:00:28 ----A---- C:\WINDOWS\IE4 Error Log.txt
2008-12-09 17:24:37 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-01-02

97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys

[2009-01-02 26824]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\System32\DRIVERS\omci.sys [2002-11-08 17217]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver;

C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys [2003-05-23 43136]
R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2006-09-19 15664]
R3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2004-02-10 681469]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17

16128]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-11-18 591808]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver;

C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver;

C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys [2003-01-10 33588]
R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2008-04-13 42752]
S3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2004-08-03 701440]
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys

[2001-08-17 66591]
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2009-01-05 85969]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2004-08-03 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2004-08-03 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2004-08-03 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2004-08-03 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2004-08-03 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2004-08-03 19455]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2004-08-03 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2004-08-03 19551]
S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys []
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2004-08-03 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2004-08-03 23615]
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 USB_RNDIS;D-Link DCM-202 Broadband Cable Modem; C:\WINDOWS\System32\DRIVERS\usb8023.sys [2008-04-13

12800]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2007-10-31 30464]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13

32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 sr;System Restore Filter Driver; C:\WINDOWS\System32\DRIVERS\sr.sys [2008-04-13 73472]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AOL ACS;AOL Connectivity Service; C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe [2004-04-21 1434848]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe [2007-10-31 110592]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-01-02 231704]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google

Updater\GoogleUpdaterService.exe [2008-10-23 168432]
R2 Iomega Activity Disk2;Iomega Activity Disk2; C:\PROGRA~1\Iomega\System32\ActivityDisk.exe

[2001-09-17 61440]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-06

152984]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

[2003-06-19 322120]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2005-01-28 38912]
R2 WANMiniportService;WAN Miniport (ATW) Service; C:\WINDOWS\wanmpsvc.exe [2003-01-10 65536]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

[2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86;

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe []
S3 lxbt_device;lxbt_device; C:\WINDOWS\System32\lxbtcoms.exe [2004-02-20 421888]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

[2003-07-28 89136]
S3 Symantec RemoteAssist;Symantec RemoteAssist; C:\Program Files\Common Files\Symantec Shared\Support

Controls\ssrc.exe [2008-01-29 394704]

-----------------EOF-----------------

#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:21 AM

Posted 07 January 2009 - 03:11 AM

Looks good.. How's the computer now?.. Lets do an online scan to make sure we get all of them..


Please open Notepad >> Go to Format tab >> untick Word Wrap

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#7 pavendan

pavendan
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:01:21 PM

Posted 07 January 2009 - 09:35 PM

Hi,
The computer is doing much better! No more pop up screens!

Attached is the log you requested

# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3749 (20090107)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=c2986a3634c5714dab07a602c9bf546b
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2009-01-08 02:28:55
# local_time=2009-01-07 08:28:55 (-0600, Central Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=374138
# found=2
# scan_time=5880
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WildTangent36.zip Win32/Bagle.gen.zip worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WildTangent66.zip Win32/Bagle.gen.zip worm (unable to clean - deleted) 00000000000000000000000000000000

#8 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:21 AM

Posted 08 January 2009 - 02:06 AM

Awesome!.. Lets do some cleanup...

Please download OTCleanIt and save it to Desktop.
  • Make sure you have internet connection..
  • Double-click OTCleanIt.exe
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes


Please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware

Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :thumbsup:



Have a safe and happy computing day!


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#9 pavendan

pavendan
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:01:21 PM

Posted 08 January 2009 - 06:38 PM

fenzodahl512,
The computer is running great!
Was the computer infected or what? I am sorry, I just know how to use them!

Once again, Thanks for your help!

Patricio

#10 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:21 AM

Posted 09 January 2009 - 09:39 AM

Yup, it was infected with Vundo Trojan..

You are very welcome, I'm glad that we could help.

I will now close this topic. If you need this topic to be re-open, please pm me or Moderators regarding the matter..

If you have any new malware related questions or issues in the future please start a new topic.

Cheers and Happy Computing !

fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users