Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possibly infected with Virtumonde or Trojan Horse Generic12?


  • This topic is locked This topic is locked
12 replies to this topic

#1 Controlled Chaos

Controlled Chaos

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:25 AM

Posted 14 January 2009 - 10:49 PM

Hi there,

I've recently been stymied by an array of pop up windows in Firefox that I can't seem to get to go away. I have AVG installed, and upon scanning the software has detected various security threats & malware starting initially with files infected with Virtumonde. After supposively healing these infected files and restarting the computer, a second scan detected a variety of files infected with "Trojan Horse Generic12.AOVI". I sat down this evening to dig a little deeper into the issues when I began getting an Antivirus 2009 pop up screen that hijacks the browser. Occassionaly it attempts to hijack Internet Explorer as well, popping up the program even though I never use it. So needless to say, I'm stumped and quickly losing control of my system. I'm not the only one who uses this computer, so I'm unsure as to how this began. The computer is running quite slowly now as well. If any further info is needed to help solve this issue, just let me know and I'll get whatever is needed. Any help would be greatly appreciated!

Many thanks,
Larry


DDS (Ver_09-01-07.01) - NTFSx86
Run by Owner at 22:20:18.79 on Wed 01/14/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.210 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\AvidSDMService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxdwcoms.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\LTMSG.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Lexmark 7600 Series\lxdwmon.exe
C:\Program Files\Lexmark 7600 Series\lxdwMsdMon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Portrait Displays\forteManager\DTHtml.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
C:\Program Files\TiVo\Desktop\TiVoNotify.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files\TiVo\Desktop\TiVoServer.exe
C:\Program Files\Microsoft Money\System\mnyschdl.exe
C:\Program Files\Microsoft Money\System\misuser.exe
C:\Program Files\Microsoft Money\System\mis.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = localhost
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: {52bb9c3f-cb45-4f57-9655-ecbbc7f2036c} - c:\windows\system32\yaywvVmL.dll
BHO: {8a3a9c2b-3b88-a658-9fc4-d110471b1e65}: {56e1b174-011d-4cf9-856a-88b3b2c9a3a8} - c:\windows\system32\sypxig.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {87e7c41f-6ad6-42fe-94c0-f1040cbf08ae} - c:\windows\system32\futofeto.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - c:\program files\lexmark printable web\bho.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: HP View: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
EB: hp view: {8f4902b6-6c04-4ade-8052-aa58578a21bd} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [RecordNow!]
uRun: [TivoTransfer] "c:\program files\common files\tivo shared\transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer
uRun: [TivoNotify] "c:\program files\tivo\desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
uRun: [TivoServer] "c:\program files\tivo\desktop\TiVoServer.exe" /service /registry /auto:TivoServer
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HPHUPD05] c:\program files\hp\{45b6180b-dcab-4093-8ee8-6164457517f0}\hphupd05.exe
mRun: [HPHmon05] c:\windows\system32\hphmon05.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [VTTimer] VTTimer.exe
mRun: [LTMSG] LTMSG.exe 7
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [Sunkist2k] c:\program files\multimedia card reader\shwicon2k.exe
mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [lxdwmon.exe] "c:\program files\lexmark 7600 series\lxdwmon.exe"
mRun: [lxdwamon] "c:\program files\lexmark 7600 series\lxdwamon.exe"
mRun: [Lexmark 7600 Series Fax Server] "c:\program files\lexmark 7600 series\fm3032.exe" /s
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [DT LGE] c:\program files\portrait displays\fortemanager\DTHtml.exe -startup_folder
mRun: [domefawume] Rundll32.exe "c:\windows\system32\tabayate.dll",s
mRun: [44a77496] rundll32.exe "c:\windows\system32\wuwijaba.dll",b
mRun: [CPM4794470a] Rundll32.exe "c:\windows\system32\yubihimo.dll",a
StartupFolder: c:\documents and settings\owner\start menu\programs\startup\PowerReg Scheduler V3.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nkbmon~1.lnk - c:\program files\nikon\pictureproject\NkbMonitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\tabuse~1.lnk - c:\windows\system32\wtablet\TabUserW.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: ddcCTMfd - ddcCTMfd.dll
Notify: igfxcui - igfxsrvc.dll
AppInit_DLLs: avgrsstx.dll c:\windows\system32\dozoduko.dll sypxig.dll c:\windows\system32\yubihimo.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\yubihimo.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\yubihimo.dll
SEH: {D2376FB3-3D0D-414D-83AA-3AD6AD6B111F} - No File
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\yaywvVmL
LSA: Notification Packages = scecli c:\windows\system32\dozoduko.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\ibi0vb6a.default\
FF - prefs.js: browser.startup.homepage - hxxp://digg.com/|http://www.deviantart.com/
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbarff\components\vmAVGConnector.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\real\realone player\netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprpjplug.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\defaults\pref\activexFF10.js - pref("capability.policy.default.ClassID.CID4E7FF8BB-0A5A-4AA3-B764-B39BA9A13E38", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activexFF10.js - pref("capability.policy.default.ClassID.CIDB24F189F-FB14-4EFD-8B9D-217EC6C84EA1", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activexFF10.js - pref("capability.policy.default.ClassID.CID86ED3659-02F6-465D-8F19-A9334614CCC3", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activexFF10.js - pref("capability.policy.default.ClassID.CID5D7F48C0-CB49-4ea6-97D4-04F4EACC2F3B", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activexFF10.js - pref("capability.policy.default.ClassID.CID4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activexFF10.js - pref("capability.policy.default.ClassID.CIDA43C6FC7-09F6-4E04-B8E3-683F3BDFEF7C", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activexFF10.js - pref("capability.policy.default.ClassID.CID4C8D6404-A9F6-4236-8488-6C5732CB3BFA", "AllAccess");
============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-7-13 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-7-13 26824]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [2008-6-6 396480]
R4 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
R4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-7-13 875288]
R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-7-13 231704]
R4 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-7-13 76040]
R4 lxdw_device;lxdw_device;c:\windows\system32\lxdwcoms.exe -service --> c:\windows\system32\lxdwcoms.exe -service [?]
R4 TivoBeacon2;TiVo Beacon;c:\program files\common files\tivo shared\beacon\TiVoBeacon.exe [2008-4-4 868864]
S1 PDIDRV;PDIDRV; [x]
S4 asc3550p;asc3550p; [x]
S4 lxdwCATSCustConnectService;lxdwCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdwserv.exe [2008-12-25 98984]

=============== Created Last 30 ================

2009-01-14 22:16 120 ---sh--- c:\windows\system32\abajiwuw.ini
2009-01-14 22:16 131,646 a--sh--- c:\windows\system32\sypxig.dll
2009-01-11 04:07 120 ---sh--- c:\windows\system32\epevohiy.ini
2009-01-10 01:39 120 ---sh--- c:\windows\system32\ikanabum.ini
2009-01-09 08:11 120 ---sh--- c:\windows\system32\aroleden.ini
2009-01-08 08:12 120 ---sh--- c:\windows\system32\utigaman.ini
2009-01-07 17:29 120 ---sh--- c:\windows\system32\ezezabiv.ini
2009-01-06 21:07 120 ---sh--- c:\windows\system32\olubunab.ini
2009-01-06 07:31 120 ---sh--- c:\windows\system32\oviluzur.ini
2009-01-05 23:59 116,568 a------- c:\windows\system32\rn.tmp
2009-01-05 19:27 120 ---sh--- c:\windows\system32\upazifez.ini
2009-01-04 13:57 1,262,075 ---sh--- c:\windows\system32\ajesejod.ini
2009-01-04 11:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-01-03 11:41 741 a--sh--- c:\windows\system32\hPAJlUtv.ini
2009-01-03 11:35 198,716 a------- c:\windows\system32\wpv621229907565.cpx
2009-01-03 01:53 11,776 a------- c:\windows\system32\drivers\pdiddcci.sys
2009-01-03 01:53 15,920 a------- c:\windows\system32\drivers\PdiPorts.sys
2008-12-25 23:52 <DIR> --d----- c:\docume~1\owner\applic~1\7600 Series
2008-12-25 23:41 <DIR> --d----- c:\docume~1\owner\applic~1\Lexmark Productivity Studio
2008-12-25 23:40 <DIR> --d----- c:\documents and settings\all users\Lx_cats
2008-12-25 23:37 <DIR> --d----- C:\logs
2008-12-25 23:36 40,960 a------- c:\windows\system32\lxdwvs.dll
2008-12-25 23:36 360,448 a------- c:\windows\system32\lxdwcoin.dll
2008-12-25 23:35 61,218 a------- c:\windows\system32\lxdwprpr.chm
2008-12-25 23:35 87,040 ac------ c:\windows\system32\dllcache\wiafbdrv.dll
2008-12-25 23:35 15,104 ac------ c:\windows\system32\dllcache\usbscan.sys
2008-12-25 23:35 87,040 a------- c:\windows\system32\wiafbdrv.dll
2008-12-25 23:35 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2008-12-25 23:34 1,036,288 a------- c:\windows\system32\lxdwdrs.dll
2008-12-25 23:34 81,920 a------- c:\windows\system32\lxdwcaps.dll
2008-12-25 23:34 69,632 a------- c:\windows\system32\lxdwcnv4.dll
2008-12-25 23:33 45,056 a------- c:\windows\system32\LXDWPMON.DLL
2008-12-25 23:33 32,768 a------- c:\windows\system32\LXDWFXPU.DLL
2008-12-25 23:33 339,968 a------- c:\windows\system32\IMGMAN32.DLL
2008-12-25 23:33 98,345 a------- c:\windows\system32\IMHOST32.DLL
2008-12-25 23:33 98,304 a------- c:\windows\system32\IM31XPNG.DEL
2008-12-25 23:33 86,016 a------- c:\windows\system32\lxdwoem.dll
2008-12-25 23:33 69,632 a------- c:\windows\system32\IM31XTIF.DEL
2008-12-25 23:33 49,152 a------- c:\windows\system32\IM31IMG.DIL
2008-12-25 23:33 <DIR> --d----- c:\docume~1\alluse~1\applic~1\7600 Series
2008-12-25 23:32 <DIR> --d----- c:\program files\Abbyy FineReader 6.0 Sprint
2008-12-25 23:28 <DIR> --d----- c:\program files\Lexmark Toolbar
2008-12-25 23:28 <DIR> --d----- c:\program files\Lexmark Printable Web
2008-12-25 23:28 44 a------- c:\windows\system32\lxdwrwrd.ini
2008-12-25 23:28 352,256 a------- c:\windows\system32\LXDWwupd.dll
2008-12-25 23:28 17,064 a------- c:\windows\system32\LXDWwupd.exe
2008-12-25 23:26 389,120 a------- c:\windows\system32\LXDWinst.dll
2008-12-25 23:26 438,272 a------- c:\windows\system32\LXDWhcp.dll
2008-12-25 23:25 <DIR> --d----- c:\program files\Lexmark 7600 Series

==================== Find3M ====================

2009-01-14 22:16 131,646 a--sh--- c:\windows\system32\lotijoti.dll
2009-01-14 22:16 99,476 a--sh--- c:\windows\system32\yubihimo.dll
2009-01-14 22:16 86,694 a--sh--- c:\windows\system32\wuwijaba.dll
2009-01-12 18:47 63,083 a--sh--- c:\windows\system32\zivahosu.dll
2008-11-10 05:43 410,984 a------- c:\windows\system32\deploytk.dll
2008-10-23 07:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-03-02 12:34 20 ----h--- c:\docume~1\alluse~1\applic~1\PKP_DLds.DAT
2008-03-02 12:14 20 ----h--- c:\docume~1\alluse~1\applic~1\PKP_DLec.DAT
0000-00-00 00:00 63,083 a--sh--- c:\windows\system32\dozoduko.dll
0000-00-00 00:00 63,083 a--sh--- c:\windows\system32\futofeto.dll
0000-00-00 00:00 63,083 a--sh--- c:\windows\system32\tabayate.dll
2008-01-15 22:37 32,768 a--sh--- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 22:23:09.39 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 16 January 2009 - 04:24 AM

Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.



NEXT


Please download GMER and unzip it to your Desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.


Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GMER result..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 Controlled Chaos

Controlled Chaos
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:25 AM

Posted 17 January 2009 - 01:34 PM

Things seem 1000% better now. I ended up running 2 malwarebyte scans because I accidentaly ran the first one as a Quick Scan. Both of the final log scans for Malwarebytes are as follows:

SCAN 1 (Quick Scan)

Scan type: Quick Scan
Objects scanned: 98993
Time elapsed: 29 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 6
Registry Keys Infected: 17
Registry Values Infected: 6
Registry Data Items Infected: 5
Folders Infected: 2
Files Infected: 59

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\jizodetu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\sabelowo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\zatajipi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\vowatuke.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\mufikada.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\zulqnj.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cd490774-0fa5-4ad3-843e-1dbf93d8a4c2} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cd490774-0fa5-4ad3-843e-1dbf93d8a4c2} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{87e7c41f-6ad6-42fe-94c0-f1040cbf08ae} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{87e7c41f-6ad6-42fe-94c0-f1040cbf08ae} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{87e7c41f-6ad6-42fe-94c0-f1040cbf08ae} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cd490774-0fa5-4ad3-843e-1dbf93d8a4c2} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d2376fb3-3d0d-414d-83aa-3ad6ad6b111f} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\asc3550p (Rootkit.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\44a77496 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\domefawume (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm4794470a (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{d2376fb3-3d0d-414d-83aa-3ad6ad6b111f} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\jizodetu.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\jizodetu.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\jizodetu.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\mufikada.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\mufikada.dll -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\Owner\Application Data\bfgtoolbar (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\bfgtoolbar\NewCfg (Adware.OneToolBar) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\zulqnj.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\sabelowo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\owolebas.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wuwijaba.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\abajiwuw.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vowatuke.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\mufikada.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\zatajipi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\jizodetu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\dinizuha.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fesejami.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\habewiki.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hapeweze.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hpsanj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jojejodi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lotijoti.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sayadaso.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sisofeda.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sypxig.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tivivapi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vakimotu.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wpv621229907565.cpx (Adware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yerakuha.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yubihimo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\bfgtoolbar\1.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\bfgtoolbar\10.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\bfgtoolbar\2.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\bfgtoolbar\20off.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\bfgtoolbar\3.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\bfgtoolbar\4.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\bfgtoolbar\5.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\bfgtoolbar\6.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\bfgtoolbar\7.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\bfgtoolbar\8.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\bfgtoolbar\9.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\bfgtoolbar\action.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\bfgtoolbar\atlantis.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\bfgtoolbar\bfgtoolbarDLL.zip (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\bfgtoolbar\bfgtoolbartb0500.cfg (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\bfgtoolbar\bfg_greetings.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\bfgtoolbar\card.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\bfgtoolbar\COMBOSEARCH.acs (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\bfgtoolbar\logo.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\bfgtoolbar\mahjong.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\bfgtoolbar\mygames.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\bfgtoolbar\mygamestoolbar.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\bfgtoolbar\new.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\bfgtoolbar\newgames.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\bfgtoolbar\newgames.bmp195403500 (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\bfgtoolbar\puzzle.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\bfgtoolbar\search.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\bfgtoolbar\thereef.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\bfgtoolbar\topten.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\bfgtoolbar\webgames.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\bfgtoolbar\word.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\BM4794470a.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM4794470a.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\smdat32m.sys (Rootkit.Agent) -> Quarantined and deleted successfully.


SCAN 2 (FULL SCAN)


1/17/2009 8:44:22 AM
mbam-log-2009-01-17 (08-44-22).txt

Scan type: Full Scan (C:\|)
Objects scanned: 318638
Time elapsed: 2 hour(s), 32 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP220\A0037152.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP220\A0037153.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP220\A0037154.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP220\A0037155.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP220\A0037156.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP220\A0037159.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP220\A0037175.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

#4 Controlled Chaos

Controlled Chaos
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:25 AM

Posted 17 January 2009 - 01:37 PM

RSIT Log:

Logfile of random's system information tool 1.05 (written by random/random)
Run by Owner at 2009-01-17 08:46:50
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 72 GB (39%) free of 186 GB
Total RAM: 511 MB (32% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:47:14 AM, on 1/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\AvidSDMService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxdwcoms.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\LTMSG.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Lexmark 7600 Series\lxdwmon.exe
C:\Program Files\Lexmark 7600 Series\lxdwMsdMon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Portrait Displays\forteManager\DTHtml.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files\TiVo\Desktop\TiVoNotify.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\TiVo\Desktop\TiVoServer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Money\System\mnyschdl.exe
C:\Program Files\Microsoft Money\System\misuser.exe
C:\Program Files\Microsoft Money\System\mis.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: (no name) - {52BB9C3F-CB45-4F57-9655-ECBBC7F2036C} - C:\WINDOWS\system32\yaywvVmL.dll (file missing)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Lexmark Printable Web - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [lxdwmon.exe] "C:\Program Files\Lexmark 7600 Series\lxdwmon.exe"
O4 - HKLM\..\Run: [lxdwamon] "C:\Program Files\Lexmark 7600 Series\lxdwamon.exe"
O4 - HKLM\..\Run: [Lexmark 7600 Series Fax Server] "C:\Program Files\Lexmark 7600 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [DT LGE] C:\Program Files\Portrait Displays\forteManager\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer
O4 - HKCU\..\Run: [TivoNotify] "C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry /auto:TivoServer
O4 - HKUS\S-1-5-19\..\Run: [domefawume] Rundll32.exe "C:\WINDOWS\system32\vowatuke.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [domefawume] Rundll32.exe "C:\WINDOWS\system32\vowatuke.dll",s (User 'NETWORK SERVICE')
O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: ASE Scheduler.lnk = C:\Program Files\Aluria Software\ASE\ASE Scheduler.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: Organize.lnk = ? (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll zulqnj.dll
O20 - Winlogon Notify: ddcCTMfd - ddcCTMfd.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Avid SDM Service (AvidSDMService) - Avid Technology, Inc. - C:\WINDOWS\system32\AvidSDMService.exe
O23 - Service: Avid Startup (AvidStartup) - Unknown owner - C:\WINDOWS\system32\AvidStartup.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxdwCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdwserv.exe
O23 - Service: lxdw_device - - C:\WINDOWS\system32\lxdwcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe

--
End of file - 9448 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Easy Internet Sign-up.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}]
Lexmark Toolbar - C:\Program Files\Lexmark Toolbar\toolband.dll [2008-10-07 372736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{52BB9C3F-CB45-4F57-9655-ECBBC7F2036C}]
C:\WINDOWS\system32\yaywvVmL.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-07-13 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2C5E510-BE6D-42CC-9F61-E4F939078474}]
Lexmark Printable Web - C:\Program Files\Lexmark Printable Web\bho.dll [2008-05-21 180224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - HP View - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll [2003-09-03 98304]

{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-07-13 2055960]
{1017A80C-6F09-4548-A84D-EDD6AC9525F0} - Lexmark Toolbar - C:\Program Files\Lexmark Toolbar\toolband.dll [2008-10-07 372736]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"=c:\windows\system\hpsysdrv.exe [1998-05-07 52736]
"HPHUPD05"=c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe [2003-08-21 49152]
"HPHmon05"=C:\WINDOWS\System32\hphmon05.exe [2003-08-21 483328]
"KBD"=C:\HP\KBD\KBD.EXE [2003-02-11 61440]
"UpdateManager"=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2003-08-19 110592]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2004-01-20 151597]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2003-11-03 221184]
"VTTimer"=VTTimer.exe []
"LTMSG"=LTMSG.exe 7 []
"PS2"=C:\WINDOWS\system32\ps2.exe [2002-10-16 81920]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-02 13529088]
"nwiz"=nwiz.exe /install []
"Sunkist2k"=C:\Program Files\Multimedia Card Reader\shwicon2k.exe [2003-10-29 135168]
"mmtask"=C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe [2003-12-11 53248]
"AlcxMonitor"=C:\WINDOWS\ALCXMNTR.EXE [2004-09-07 57344]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-03-28 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-03-30 267048]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-02 86016]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-01-03 1261336]
"lxdwmon.exe"=C:\Program Files\Lexmark 7600 Series\lxdwmon.exe [2008-05-21 676520]
"lxdwamon"=C:\Program Files\Lexmark 7600 Series\lxdwamon.exe [2008-05-21 16040]
"Lexmark 7600 Series Fax Server"=C:\Program Files\Lexmark 7600 Series\fm3032.exe [2008-05-21 311976]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-10 136600]
"DT LGE"=C:\Program Files\Portrait Displays\forteManager\DTHtml.exe [2007-02-01 285696]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"RecordNow!"= []
"TivoTransfer"=C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe [2008-04-04 1193984]
"TivoNotify"=C:\Program Files\TiVo\Desktop\TiVoNotify.exe [2008-04-04 394240]
"TivoServer"=C:\Program Files\TiVo\Desktop\TiVoServer.exe [2008-04-04 1879552]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe

C:\Documents and Settings\Owner\Start Menu\Programs\Startup
PowerReg Scheduler V3.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll zulqnj.dll "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ddcCTMfd]
ddcCTMfd.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2003-11-18 323584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\yaywvVmL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mshta.exe"="C:\WINDOWS\system32\mshta.exe:*:Enabled:Microsoft ® HTML Application host"
"C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe"="C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe:*:Disabled:BackWeb-137903"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe"="C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe:LocalSubNet:Enabled:TiVo Beacon Service"
"C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe"="C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe:LocalSubNet:Enabled:TiVo Transfer Service"
"C:\Program Files\TiVo\Desktop\TiVoServer.exe"="C:\Program Files\TiVo\Desktop\TiVoServer.exe:LocalSubNet:Enabled:TiVo Server Service"
"C:\Program Files\TiVo\Desktop\TiVoDesktop.exe"="C:\Program Files\TiVo\Desktop\TiVoDesktop.exe:LocalSubNet:Enabled:TiVo Desktop User Interface"
"C:\Program Files\TiVo\Desktop\curl.exe"="C:\Program Files\TiVo\Desktop\curl.exe:LocalSubNet:Enabled:TiVo Curl Service"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\TVAnts\Tvants.exe"="C:\Program Files\TVAnts\Tvants.exe:*:Enabled:TVAnts"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\lxdwcoms.exe"="C:\WINDOWS\system32\lxdwcoms.exe:*:Enabled:7600 Series Server"
"C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:rundll32"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe"="C:\Program Files\Trend Micro\HijackThis\HijackThis.exe:*:Enabled:HijackThis"
"C:\Program Files\AVG\AVG8\avgui.exe"="C:\Program Files\AVG\AVG8\avgui.exe:*:Enabled:avgui"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
shell\AutoRun\command - D:\Info.exe folder.htt 480 480


======List of files/folders created in the last 3 months======

65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\zivahosu.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\yakiwafo.dll.tmp
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\vosehene.dll.tmp
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\tuyowile.dll.tmp
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\tabayate.dll.tmp
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\liyajuwa.dll.tmp
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\futofeto.dll.tmp
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\fajupodu.dll.tmp
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\dozoduko.dll.tmp
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\beragize.dll.tmp
2009-01-17 08:46:50 ----D---- C:\rsit
2009-01-15 22:56:31 ----D---- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2009-01-15 22:56:21 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-15 22:56:21 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-01-15 08:21:24 ----A---- C:\WINDOWS\IE4 Error Log.txt
2009-01-11 04:07:55 ----SH---- C:\WINDOWS\system32\epevohiy.ini
2009-01-10 01:39:05 ----SH---- C:\WINDOWS\system32\ikanabum.ini
2009-01-09 08:11:45 ----SH---- C:\WINDOWS\system32\aroleden.ini
2009-01-08 08:12:18 ----SH---- C:\WINDOWS\system32\utigaman.ini
2009-01-07 17:29:16 ----SH---- C:\WINDOWS\system32\ezezabiv.ini
2009-01-06 21:07:19 ----SH---- C:\WINDOWS\system32\olubunab.ini
2009-01-06 07:31:53 ----SH---- C:\WINDOWS\system32\oviluzur.ini
2009-01-05 23:59:45 ----A---- C:\WINDOWS\system32\rn.tmp
2009-01-05 19:27:36 ----SH---- C:\WINDOWS\system32\upazifez.ini
2009-01-04 13:57:03 ----SH---- C:\WINDOWS\system32\ajesejod.ini
2009-01-04 11:01:08 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-03 11:41:37 ----ASH---- C:\WINDOWS\system32\hPAJlUtv.ini
2008-12-29 07:23:49 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-29 07:23:49 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-29 07:23:49 ----A---- C:\WINDOWS\system32\java.exe
2008-12-25 23:52:28 ----D---- C:\Documents and Settings\Owner\Application Data\7600 Series
2008-12-25 23:41:26 ----D---- C:\Documents and Settings\Owner\Application Data\Lexmark Productivity Studio
2008-12-25 23:37:28 ----D---- C:\logs
2008-12-25 23:36:30 ----A---- C:\WINDOWS\system32\lxdwvs.dll
2008-12-25 23:36:16 ----A---- C:\WINDOWS\system32\lxdwcoin.dll
2008-12-25 23:35:15 ----A---- C:\WINDOWS\system32\wiafbdrv.dll
2008-12-25 23:34:44 ----A---- C:\WINDOWS\system32\lxdwdrs.dll
2008-12-25 23:34:44 ----A---- C:\WINDOWS\system32\lxdwcaps.dll
2008-12-25 23:34:42 ----A---- C:\WINDOWS\system32\lxdwcnv4.dll
2008-12-25 23:33:59 ----A---- C:\WINDOWS\system32\LXDWPMON.DLL
2008-12-25 23:33:59 ----A---- C:\WINDOWS\system32\LXDWFXPU.DLL
2008-12-25 23:33:39 ----A---- C:\WINDOWS\system32\lxdwoem.dll
2008-12-25 23:33:39 ----A---- C:\WINDOWS\system32\IMHOST32.DLL
2008-12-25 23:33:39 ----A---- C:\WINDOWS\system32\IMGMAN32.DLL
2008-12-25 23:33:32 ----D---- C:\Documents and Settings\All Users\Application Data\7600 Series
2008-12-25 23:32:18 ----D---- C:\Program Files\Abbyy FineReader 6.0 Sprint
2008-12-25 23:28:55 ----D---- C:\Program Files\Lexmark Toolbar
2008-12-25 23:28:35 ----D---- C:\Program Files\Lexmark Printable Web
2008-12-25 23:28:21 ----A---- C:\WINDOWS\system32\lxdwrwrd.ini
2008-12-25 23:28:06 ----A---- C:\WINDOWS\system32\LXDWwupd.exe
2008-12-25 23:28:06 ----A---- C:\WINDOWS\system32\LXDWwupd.dll
2008-12-25 23:26:01 ----A---- C:\WINDOWS\system32\LXDWinst.dll
2008-12-25 23:26:00 ----A---- C:\WINDOWS\system32\LXDWhcp.dll
2008-12-25 23:25:59 ----A---- C:\WINDOWS\system32\lxdwinpa.dll
2008-12-25 23:25:59 ----A---- C:\WINDOWS\system32\lxdwiesc.dll
2008-12-25 23:25:58 ----A---- C:\WINDOWS\system32\lxdwutil.dll
2008-12-25 23:25:57 ----A---- C:\WINDOWS\system32\lxdwusb1.dll
2008-12-25 23:25:56 ----A---- C:\WINDOWS\system32\lxdwserv.dll
2008-12-25 23:25:55 ----A---- C:\WINDOWS\system32\lxdwpmui.dll
2008-12-25 23:25:54 ----A---- C:\WINDOWS\system32\lxdwlmpm.dll
2008-12-25 23:25:53 ----A---- C:\WINDOWS\system32\lxdwjswr.dll
2008-12-25 23:25:52 ----A---- C:\WINDOWS\system32\lxdwinsr.dll
2008-12-25 23:25:52 ----A---- C:\WINDOWS\system32\lxdwinsb.dll
2008-12-25 23:25:51 ----A---- C:\WINDOWS\system32\lxdwins.dll
2008-12-25 23:25:51 ----A---- C:\WINDOWS\system32\lxdwih.exe
2008-12-25 23:25:50 ----A---- C:\WINDOWS\system32\lxdwhbn3.dll
2008-12-25 23:25:49 ----A---- C:\WINDOWS\system32\lxdwgrd.dll
2008-12-25 23:25:48 ----A---- C:\WINDOWS\system32\lxdwgf.dll
2008-12-25 23:25:47 ----A---- C:\WINDOWS\system32\lxdwcub.dll
2008-12-25 23:25:46 ----A---- C:\WINDOWS\system32\lxdwcur.dll
2008-12-25 23:25:46 ----A---- C:\WINDOWS\system32\lxdwcu.dll
2008-12-25 23:25:46 ----A---- C:\WINDOWS\system32\lxdwcoms.exe
2008-12-25 23:25:44 ----A---- C:\WINDOWS\system32\lxdwcomm.dll
2008-12-25 23:25:44 ----A---- C:\WINDOWS\system32\lxdwcomc.dll
2008-12-25 23:25:42 ----A---- C:\WINDOWS\system32\lxdwcfg.exe
2008-12-25 23:25:41 ----A---- C:\WINDOWS\system32\LXDWcfg.dll
2008-12-25 23:25:15 ----D---- C:\Program Files\Lexmark 7600 Series
2008-12-18 08:10:36 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$
2008-12-10 08:22:20 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-10 08:21:15 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2008-12-10 08:20:37 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-10 08:20:25 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-10 08:19:58 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-10 00:34:52 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-11-13 07:14:54 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-13 07:14:23 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-13 07:13:47 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-10-29 08:03:23 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$

======List of files/folders modified in the last 3 months======

2009-01-17 08:47:14 ----D---- C:\WINDOWS\Temp
2009-01-17 08:46:32 ----D---- C:\WINDOWS\Prefetch
2009-01-17 08:46:30 ----D---- C:\Program Files\Mozilla Firefox
2009-01-16 01:52:52 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-16 01:52:33 ----D---- C:\WINDOWS\system32
2009-01-16 01:51:59 ----D---- C:\WINDOWS\Minidump
2009-01-16 01:51:59 ----D---- C:\WINDOWS
2009-01-16 01:31:27 ----A---- C:\WINDOWS\ntbtlog.txt
2009-01-16 01:28:57 ----D---- C:\Program Files\SopCast
2009-01-16 00:30:52 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-15 23:33:18 ----RD---- C:\Program Files
2009-01-15 23:33:18 ----D---- C:\WINDOWS\system32\drivers
2009-01-15 22:50:43 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-01-15 07:15:10 ----D---- C:\Program Files\Mozilla Thunderbird
2009-01-15 07:14:26 ----HD---- C:\$AVG8.VAULT$
2009-01-14 00:01:55 ----SD---- C:\WINDOWS\Tasks
2009-01-07 00:35:11 ----D---- C:\Documents and Settings\Owner\Application Data\Adobe
2009-01-04 22:07:15 ----HD---- C:\WINDOWS\inf
2009-01-04 14:26:10 ----D---- C:\WINDOWS\wt
2009-01-04 13:02:16 ----A---- C:\WINDOWS\system32\4f84b0e8-.txt
2009-01-04 11:39:52 ----A---- C:\WINDOWS\wininit.ini
2009-01-03 09:58:34 ----A---- C:\WINDOWS\win.ini
2009-01-03 09:32:31 ----SHD---- C:\WINDOWS\Installer
2009-01-03 09:32:31 ----SHD---- C:\Config.Msi
2009-01-03 09:32:31 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-01-03 09:30:28 ----HD---- C:\Program Files\InstallShield Installation Information
2009-01-03 08:28:57 ----D---- C:\Documents and Settings\All Users\Application Data\RetroExp
2009-01-02 22:11:48 ----D---- C:\Program Files\Adobe
2009-01-02 22:08:53 ----D---- C:\Artwork
2009-01-02 21:03:00 ----D---- C:\Clients
2008-12-29 07:23:46 ----D---- C:\Program Files\Java
2008-12-25 23:35:26 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-25 23:35:21 ----D---- C:\WINDOWS\twain_32
2008-12-18 08:07:41 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-12 12:01:00 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-10 08:22:34 ----A---- C:\WINDOWS\imsins.BAK
2008-11-20 09:29:46 ----D---- C:\WINDOWS\Help
2008-11-13 07:12:29 ----D---- C:\WINDOWS\WinSxS
2008-10-23 07:36:14 ----A---- C:\WINDOWS\system32\gdi32.dll
2008-10-23 05:06:59 ----A---- C:\WINDOWS\system32\tzchange.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 AmdK8;AMD Athlon64 Processor Driver; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [2003-11-07 35328]
R1 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [2001-02-01 25244]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-09-23 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-07-13 26824]
R1 SiSkp;SiSkp; C:\WINDOWS\System32\DRIVERS\srvkp.sys [2003-12-05 11392]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032]
R2 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-07-13 76040]
R2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [2002-09-26 76288]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB); C:\WINDOWS\system32\DRIVERS\A3AB.sys [2004-10-21 396480]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-10-01 2279424]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 ltmodem5;Agere Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2003-07-02 652497]
R3 MxlW2k;MxlW2k; C:\WINDOWS\system32\drivers\MxlW2k.sys [2008-07-15 28256]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2008-05-02 6554496]
R3 pdiddcci;DDC/CI monitor; C:\WINDOWS\System32\DRIVERS\pdiddcci.sys [2006-11-16 11776]
R3 PdiPorts;Portrait Displays low level device driver; C:\WINDOWS\System32\Drivers\PdiPorts.sys [2006-11-16 15920]
R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368]
R3 Ps2;PS2; C:\WINDOWS\System32\DRIVERS\PS2.sys [2001-06-04 14112]
R3 SunkFilt;Alcor Micro Corp - 9360; \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys []
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-13 37760]
S1 PDIDRV;PDIDRV; C:\WINDOWS\system32\drivers\PDIDRV.sys []
S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel® Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-11-20 122110]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel® Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-11-20 99002]
S3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-12-12 391424]
S3 grmnusb;grmnusb; C:\WINDOWS\system32\drivers\grmnusb.sys [2007-03-08 8320]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2003-11-20 95579]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 NVENET;NVIDIA nForce MCP Networking Controller Driver; C:\WINDOWS\System32\DRIVERS\NVENET.sys [2003-04-22 54784]
S3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\System32\DRIVERS\R8139n51.SYS [2002-10-04 46976]
S3 SiS315;SiS315; C:\WINDOWS\System32\DRIVERS\sisgrp.sys [2003-12-06 429440]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 Sunkfiltp;HP && Alcor Micro Corp for Phison; \??\C:\WINDOWS\System32\Drivers\sunkfiltp.sys []
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 viagfx;viagfx; C:\WINDOWS\System32\DRIVERS\vtmini.sys [2003-10-17 117760]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2008-04-13 5504]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-07-13 611664]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-09-06 110592]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-09-23 875288]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-01-03 231704]
R2 AvidSDMService;Avid SDM Service; C:\WINDOWS\system32\AvidSDMService.exe [2003-05-01 57344]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 DTSRVC;Portrait Displays Display Tune Service; C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe [2007-02-01 73728]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-10 152984]
R2 lxdw_device;lxdw_device; C:\WINDOWS\system32\lxdwcoms.exe [2008-05-16 594600]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-02 159812]
R2 TabletService;TabletService; C:\WINDOWS\system32\Tablet.exe [2005-02-28 737280]
R2 TivoBeacon2;TiVo Beacon; C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe [2008-04-04 868864]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-03-30 504104]
S2 AvidStartup;Avid Startup; C:\WINDOWS\system32\AvidStartup.exe [2003-07-02 241664]
S2 lxdwCATSCustConnectService;lxdwCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdwserv.exe [2008-05-16 98984]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2005-12-11 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------





RSIT Info:

info.txt logfile of random's system information tool 1.05 2009-01-17 08:47:20

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\System32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
-->c:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\Setup.exe"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\Setup.exe"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\Setup.exe"
-->RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /X{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe After Effects 6.5-->MsiExec.exe /I{61CEB2D7-8D3B-4247-B75E-A95F6699B90A}
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Illustrator CS2-->msiexec /I {B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Apple Mobile Device Support-->MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Avid Xpress Pro-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9B4EFFE4-B700-4CF2-87C1-459289E2E7BD}\setup.exe" -l0x9
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
DIRECTV SUPERCAST-->msiexec /qb /x {F9335A34-A982-E441-CF26-4DF7B9CFF8AF}
eMule-->"C:\Program Files\eMule\Uninstall.exe"
forteManager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1883A84D-94AA-432C-9519-FA31B6B118B9}\setup.exe" -l0x9 -removeonly
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Deskjet Preloaded Printer Drivers-->MsiExec.exe /X{F419D20A-7719-4639-8E30-C073A040D878}
HP Image Zone 3.5-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Image Zone Plus 3.5-->C:\Program Files\HP\Digital Imaging\{C6C44651-7C66-4b11-92E8-17565D3D22DD}\setup\hpzscr01.exe -datfile hpdscr01.dat
HP Instant Support-->C:\PROGRA~1\HPINST~1\UNWISE.EXE C:\PROGRA~1\HPINST~1\INSTALL.LOG
HP Photo & Imaging 3.5 - HP Devices-->C:\Program Files\HP\Digital Imaging\{15B9DC72-73F9-4d99-9E28-848D66DA8D99}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP PSC & OfficeJet 3.0-->"C:\Program Files\HP\Digital Imaging\{F38FA38A-7E5A-4209-88ED-4DE21CD20EEF}\setup\hpzscr01.exe" -datfile hposcr03.dat
HP Software Update-->MsiExec.exe /X{34957B51-9676-41CE-9E52-44AE91B73F1C}
HP Unload DLL Patch-->MsiExec.exe /X{595D0DE8-C38A-4432-B851-47DECC1A99BD}
HPIZ350-->MsiExec.exe /X{F247869D-3643-4A9F-821B-3534145928E3}
IntelliMover Data Transfer Demo-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14589F05-C658-4594-9429-D437BA688686}\Setup.exe" -l0x9
InterVideo WinDVD Creator 2-->"C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
InterVideo WinDVD Player-->"C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
iTunes-->MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Java 2 Runtime Environment Standard Edition v1.3.0_02-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\JavaSoft\JRE\1.3.0_02\Uninst.isu"
Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
KBD-->C:\HP\KBD\KBD.EXE uninstalled
Lexmark 7600 Series-->C:\Program Files\Lexmark 7600 Series\Install\x86\Uninst.exe
Lexmark Printable Web-->regsvr32.exe /s /u "C:\Program Files\Lexmark Printable Web\bho.dll"
Lexmark Toolbar-->regsvr32.exe /s /u "C:\Program Files\Lexmark Toolbar\toolband.dll"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Memories Disc Creator 2.0-->MsiExec.exe /X{2E132061-C78A-48D4-A899-1D13B9D189FA}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft .NET Framework 3.5-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Money 2004 System Pack-->MsiExec.exe /I{8C64E145-54BA-11D6-91B1-00500462BE80}
Microsoft Money 2004-->MsiExec.exe /I{1D643CD7-4DD6-11D7-A4E0-000874180BB3}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Digital Media Edition-->MsiExec.exe /I{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.19)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Multimedia Card Reader-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{EF9967D8-1999-4260-ACC2-86901AA36650}
MUSICMATCH® Jukebox-->C:\PROGRA~1\MUSICM~1\MUSICM~1\unmatch.exe
Nikon Message Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\Setup.exe" -l0x9 UNINSTALL
NVIDIA Display Driver-->C:\WINDOWS\System32\nvudisp.exe Uninstall C:\WINDOWS\System32\nvdisp.nvu,NVIDIA Display Driver
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA Ethernet Driver-->C:\WINDOWS\System32\nvuenet.exe Uninstall C:\WINDOWS\System32\Nvenet.nvu,NVIDIA Ethernet Driver
NVIDIA GART Driver-->C:\WINDOWS\System32\nvugart.exe Uninstall C:\WINDOWS\System32\Nvgart.nvu,NVIDIA GART Driver
PC-Doctor for Windows-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\Setup.exe"
Photosmart 140,240,7200,7600,7700,7900 Series-->C:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\setup\hpzscr01.exe -datfile hphscr01.dat
PictureProject In Touch Downloader 1.0-->C:\Program Files\PictureProject In Touch Downloader\uninst.exe
PictureProject-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF3999BE-1A7B-4738-88AA-97BF14094A4A}\Setup.exe" -l0x9 UNINSTALL
PS2-->C:\WINDOWS\system32\ps2.exe uninstall
Python 2.2 combined Win32 extensions-->C:\Python22\Lib\SITE-P~1\UNWISE~1.EXE C:\Python22\Lib\SITE-P~1\w32inst.log
Python 2.2.1-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
QuickTime-->MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RealOne Player-->C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0
RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
SDK-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}\setup.exe" -l0x9
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Sentinel System Driver 5.41.0 (32-bit)-->MsiExec.exe /I{791CAF6C-90A3-11D4-8306-00D0B72E1DB9}
Sonic Update Manager-->MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Supercast-->MsiExec.exe /I{F9335A34-A982-E441-CF26-4DF7B9CFF8AF}
Tablet-->C:\Program Files\Tablet\Remove.exe /u
TiVo Desktop 2.6.1-->MsiExec.exe /X{4E839090-3B68-436A-B3CF-A2A08C38DD26}
Toolkit View(HP)-->c:\Windows\HPTK\unhptkit.exe
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Updates from HP-->C:\WINDOWS\BWUnin-6.2.3.66.exe -AppId 137903
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

=====HijackThis Backups=====

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us10.hpwis.com/
O4 - S-1-5-18 Startup: ASE Scheduler.lnk = C:\Program Files\Aluria Software\ASE\ASE Scheduler.exe (User 'SYSTEM')
O4 - HKLM\..\Run: [BM4794470a] Rundll32.exe "C:\WINDOWS\system32\sxjvches.dll",s
O4 - HKLM\..\Run: [44a77496] rundll32.exe "C:\WINDOWS\system32\resianuj.dll",b
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT Startup: Organize.lnk = ? (User 'Default user')
O4 - .DEFAULT Startup: ASE Scheduler.lnk = C:\Program Files\Aluria Software\ASE\ASE Scheduler.exe (User 'Default user')
O4 - S-1-5-18 Startup: Organize.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
O4 - .DEFAULT User Startup: ASE Scheduler.lnk = C:\Program Files\Aluria Software\ASE\ASE Scheduler.exe (User 'Default user')
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - EMC Dantz - C:\PROGRA~1\RETROS~1\RETROS~1.1\retrorun.exe
O4 - .DEFAULT User Startup: Organize.lnk = ? (User 'Default user')
O2 - BHO: (no name) - {429D5E57-7172-46D6-903B-05AF9840D071} - C:\WINDOWS\system32\byXqoNHX.dll (file missing)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT Startup: ASE Scheduler.lnk = C:\Program Files\Aluria Software\ASE\ASE Scheduler.exe (User 'Default user')
O4 - .DEFAULT User Startup: ASE Scheduler.lnk = C:\Program Files\Aluria Software\ASE\ASE Scheduler.exe (User 'Default user')
O4 - .DEFAULT User Startup: Organize.lnk = ? (User 'Default user')
O20 - Winlogon Notify: mlJBqPGW - mlJBqPGW.dll (file missing)
O2 - BHO: (no name) - {D2376FB3-3D0D-414D-83AA-3AD6AD6B111F} - C:\WINDOWS\system32\mlJBqPGW.dll (file missing)
O4 - S-1-5-18 Startup: ASE Scheduler.lnk = C:\Program Files\Aluria Software\ASE\ASE Scheduler.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Organize.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: Organize.lnk = ? (User 'Default user')

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: AVG Anti-Virus Free

System event log

Computer Name: DOWNSTAIRSPC
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 5532
Source Name: Tcpip
Time Written: 20081108172037.000000-300
Event Type: warning
User:

Computer Name: DOWNSTAIRSPC
Event Code: 4201
Message: The system detected that network adapter \DEVICE\TCPIP_{DE8188DC-8F59-42B3-9A6C-5E56F051F828} was connected to the network,
and has initiated normal operation over the network adapter.

Record Number: 5531
Source Name: Tcpip
Time Written: 20081108170705.000000-300
Event Type: information
User:

Computer Name: DOWNSTAIRSPC
Event Code: 7036
Message: The Windows Image Acquisition (WIA) service entered the running state.

Record Number: 5530
Source Name: Service Control Manager
Time Written: 20081108170704.000000-300
Event Type: information
User:

Computer Name: DOWNSTAIRSPC
Event Code: 4201
Message: The system detected that network adapter \DEVICE\TCPIP_{DE8188DC-8F59-42B3-9A6C-5E56F051F828} was connected to the network,
and has initiated normal operation over the network adapter.

Record Number: 5529
Source Name: Tcpip
Time Written: 20081108170658.000000-300
Event Type: information
User:

Computer Name: DOWNSTAIRSPC
Event Code: 7036
Message: The Windows Image Acquisition (WIA) service entered the running state.

Record Number: 5528
Source Name: Service Control Manager
Time Written: 20081108113047.000000-300
Event Type: information
User:

Application event log

Computer Name: DOWNSTAIRSPC
Event Code: 1002
Message: The shell stopped unexpectedly and Explorer.exe was restarted.

Record Number: 315
Source Name: Winlogon
Time Written: 20080714191804.000000-300
Event Type: information
User:

Computer Name: DOWNSTAIRSPC
Event Code: 0
Message:
Record Number: 314
Source Name: iPod Service
Time Written: 20080714080008.000000-300
Event Type: information
User:

Computer Name: DOWNSTAIRSPC
Event Code: 1800
Message: The Windows Security Center Service has started.

Record Number: 313
Source Name: SecurityCenter
Time Written: 20080714080004.000000-300
Event Type: information
User:

Computer Name: DOWNSTAIRSPC
Event Code: 1
Message:
Record Number: 312
Source Name: avg8emc
Time Written: 20080714075921.000000-300
Event Type: information
User:

Computer Name: DOWNSTAIRSPC
Event Code: 1
Message:
Record Number: 311
Source Name: Bonjour Service
Time Written: 20080714075848.000000-300
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\services;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 8, AuthenticAMD
"PROCESSOR_REVISION"=0408
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"VERSION"=3.5.0
"SESSIONID"=1210689793985g1u0358c.austin.hp.com-5a02915:11a58e66344:-150c
"COLLECTIONID"=COL6400
"ITEMID"=ps-19683-3
"UPDATEDIR"=C:\DOCUME~1\Owner\LOCALS~1\Temp\radA5020.tmp
"TOOLPATH"=/c:\Program%20Files\HP\HP%20Software%20Update\install.htm
"HMSERVER"=https://vausnzisprob.austin.hp.com/wuss/servlet/WUSSServlet
"SWUTVER"=1.0.22.20030804
"OSVER"=winXPH
"LANG"=1033
"TIMEOUT"=0
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip

-----------------EOF-----------------

GMER Result Attached. Thanks again for all of this help!

Attached Files



#5 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 17 January 2009 - 03:52 PM

I'm happy that your computer is getting a lot better, but your logs suggest otherwise, lets do below :thumbsup:


IMPORTANT!! Uninstall these programs first (if present..) so that they won't interfere with our fixes..

1. Lavasoft Ad-Aware
2. Spybot - Search & Destroy
3. Viewpoint (all of them..)


And also, uninstall these program..

Java 2 Runtime Environment Standard Edition v1.3.0_02
Java 2 Runtime Environment, SE v1.4.2_03
Java™ 6 Update 5
Java™ 6 Update 6
Java™ 6 Update 7



Please re-open HijackThis and click on Do a system scan only. Check the boxes next to all the entries listed below.

O2 - BHO: (no name) - {52BB9C3F-CB45-4F57-9655-ECBBC7F2036C} - C:\WINDOWS\system32\yaywvVmL.dll (file missing)
O4 - HKUS\S-1-5-19\..\Run: [domefawume] Rundll32.exe "C:\WINDOWS\system32\vowatuke.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [domefawume] Rundll32.exe "C:\WINDOWS\system32\vowatuke.dll",s (User 'NETWORK SERVICE')
O20 - AppInit_DLLs: avgrsstx.dll zulqnj.dll
O20 - Winlogon Notify: ddcCTMfd - ddcCTMfd.dll (file missing)


Now close all windows other than HijackThis, then click Fix checked. Close HijackThis.




NEXT


Please download the OTMoveIt3 by OldTimer
  • Save it to your Desktop.
  • Please double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Let the Unregister Dll's and Ocx's remain ticked and Zip Files After Moves remain unticked..
  • Copy the codebox contents and paste it to the "Paste List of Files/Folders to Move" window (under the light Yellow bar)

    :processes
    explorer.exe
    
    :services
    
    :files
    C:\WINDOWS\system32\yaywvVmL.dll
    C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
    C:\WINDOWS\system32\vowatuke.dll
    C:\WINDOWS\system32\zivahosu.dll
    C:\WINDOWS\system32\yakiwafo.dll.tmp
    C:\WINDOWS\system32\vosehene.dll.tmp
    C:\WINDOWS\system32\tuyowile.dll.tmp
    C:\WINDOWS\system32\tabayate.dll.tmp
    C:\WINDOWS\system32\liyajuwa.dll.tmp
    C:\WINDOWS\system32\futofeto.dll.tmp
    C:\WINDOWS\system32\fajupodu.dll.tmp
    C:\WINDOWS\system32\dozoduko.dll.tmp
    C:\WINDOWS\system32\beragize.dll.tmp
    C:\WINDOWS\system32\epevohiy.ini
    C:\WINDOWS\system32\ikanabum.ini
    C:\WINDOWS\system32\aroleden.ini
    C:\WINDOWS\system32\utigaman.ini
    C:\WINDOWS\system32\ezezabiv.ini
    C:\WINDOWS\system32\olubunab.ini
    C:\WINDOWS\system32\oviluzur.ini
    C:\WINDOWS\system32\rn.tmp
    C:\WINDOWS\system32\upazifez.ini
    C:\WINDOWS\system32\ajesejod.ini
    
    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS"="avgrsstx.dll"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
    
    :commands
    [purity]
    [emptytemp]
    [start explorer]
    [reboot]
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Run RSIT again... Post these logs in your next reply..

1. OTMoveIt3
2. RSIT log.txt

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#6 Controlled Chaos

Controlled Chaos
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:25 AM

Posted 17 January 2009 - 05:46 PM

Alright, ran the new scans. I uninstalled Lavasoft Ad-Aware beforehand. I don't believe I had Spybot Search & Destroy or Viewpoint installed. If you see something that seems as though I did, please let me know. I didn't have any trace of these in the add/remove programs or in the Program Files folder.

Thanks yet again for your continued help!

Here's the OTMoveIT results:

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== FILES ==========
File/Folder C:\WINDOWS\system32\yaywvVmL.dll not found.
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe moved successfully.
File/Folder C:\WINDOWS\system32\vowatuke.dll not found.
LoadLibrary failed for C:\WINDOWS\system32\zivahosu.dll
C:\WINDOWS\system32\zivahosu.dll NOT unregistered.
C:\WINDOWS\system32\zivahosu.dll moved successfully.
C:\WINDOWS\system32\yakiwafo.dll.tmp moved successfully.
C:\WINDOWS\system32\vosehene.dll.tmp moved successfully.
C:\WINDOWS\system32\tuyowile.dll.tmp moved successfully.
C:\WINDOWS\system32\tabayate.dll.tmp moved successfully.
C:\WINDOWS\system32\liyajuwa.dll.tmp moved successfully.
C:\WINDOWS\system32\futofeto.dll.tmp moved successfully.
C:\WINDOWS\system32\fajupodu.dll.tmp moved successfully.
C:\WINDOWS\system32\dozoduko.dll.tmp moved successfully.
C:\WINDOWS\system32\beragize.dll.tmp moved successfully.
C:\WINDOWS\system32\epevohiy.ini moved successfully.
C:\WINDOWS\system32\ikanabum.ini moved successfully.
C:\WINDOWS\system32\aroleden.ini moved successfully.
C:\WINDOWS\system32\utigaman.ini moved successfully.
C:\WINDOWS\system32\ezezabiv.ini moved successfully.
C:\WINDOWS\system32\olubunab.ini moved successfully.
C:\WINDOWS\system32\oviluzur.ini moved successfully.
C:\WINDOWS\system32\rn.tmp moved successfully.
C:\WINDOWS\system32\upazifez.ini moved successfully.
C:\WINDOWS\system32\ajesejod.ini moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_DLLS"|"avgrsstx.dll" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\"Authentication Packages"|hex(7):6d,73,76,31,5f,30,00,00 /E : value set successfully!
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D\\ deleted successfully.
========== COMMANDS ==========
C:\Program Files\Common Files\ѕecurity\ѕecurity moved successfully.
C:\Program Files\Common Files\ѕecurity moved successfully.
File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\etilqs_xFT5bXepg2mbzkAjtxJ8 scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_e8.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\ibi0vb6a.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\ibi0vb6a.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\ibi0vb6a.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\ibi0vb6a.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\ibi0vb6a.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01172009_171145

Files moved on Reboot...
File C:\DOCUME~1\Owner\LOCALS~1\Temp\etilqs_xFT5bXepg2mbzkAjtxJ8 not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_e8.dat not found!
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\ibi0vb6a.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\ibi0vb6a.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\ibi0vb6a.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\ibi0vb6a.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\ibi0vb6a.default\urlclassifier3.sqlite moved successfully.


and here is the RSIT log.txt:

Logfile of random's system information tool 1.05 (written by random/random)
Run by Owner at 2009-01-17 17:38:21
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 76 GB (41%) free of 186 GB
Total RAM: 511 MB (17% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:38:50 PM, on 1/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\AvidSDMService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxdwcoms.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\LTMSG.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Lexmark 7600 Series\lxdwmon.exe
C:\Program Files\Lexmark 7600 Series\lxdwMsdMon.exe
C:\Program Files\Portrait Displays\forteManager\DTHtml.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
C:\Program Files\TiVo\Desktop\TiVoNotify.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files\TiVo\Desktop\TiVoServer.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Lexmark Printable Web - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [lxdwmon.exe] "C:\Program Files\Lexmark 7600 Series\lxdwmon.exe"
O4 - HKLM\..\Run: [lxdwamon] "C:\Program Files\Lexmark 7600 Series\lxdwamon.exe"
O4 - HKLM\..\Run: [Lexmark 7600 Series Fax Server] "C:\Program Files\Lexmark 7600 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [DT LGE] C:\Program Files\Portrait Displays\forteManager\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer
O4 - HKCU\..\Run: [TivoNotify] "C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry /auto:TivoServer
O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: ASE Scheduler.lnk = C:\Program Files\Aluria Software\ASE\ASE Scheduler.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: Organize.lnk = ? (User 'Default user')
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Avid SDM Service (AvidSDMService) - Avid Technology, Inc. - C:\WINDOWS\system32\AvidSDMService.exe
O23 - Service: Avid Startup (AvidStartup) - Unknown owner - C:\WINDOWS\system32\AvidStartup.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxdwCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdwserv.exe
O23 - Service: lxdw_device - - C:\WINDOWS\system32\lxdwcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe

--
End of file - 9042 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Easy Internet Sign-up.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}]
Lexmark Toolbar - C:\Program Files\Lexmark Toolbar\toolband.dll [2008-10-07 372736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-07-13 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2C5E510-BE6D-42CC-9F61-E4F939078474}]
Lexmark Printable Web - C:\Program Files\Lexmark Printable Web\bho.dll [2008-05-21 180224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - HP View - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll [2003-09-03 98304]

{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-07-13 2055960]
{1017A80C-6F09-4548-A84D-EDD6AC9525F0} - Lexmark Toolbar - C:\Program Files\Lexmark Toolbar\toolband.dll [2008-10-07 372736]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"=c:\windows\system\hpsysdrv.exe [1998-05-07 52736]
"HPHUPD05"=c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe [2003-08-21 49152]
"HPHmon05"=C:\WINDOWS\System32\hphmon05.exe [2003-08-21 483328]
"KBD"=C:\HP\KBD\KBD.EXE [2003-02-11 61440]
"UpdateManager"=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2003-08-19 110592]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2003-11-03 221184]
"VTTimer"=VTTimer.exe []
"LTMSG"=LTMSG.exe 7 []
"PS2"=C:\WINDOWS\system32\ps2.exe [2002-10-16 81920]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-02 13529088]
"nwiz"=nwiz.exe /install []
"Sunkist2k"=C:\Program Files\Multimedia Card Reader\shwicon2k.exe [2003-10-29 135168]
"mmtask"=C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe [2003-12-11 53248]
"AlcxMonitor"=C:\WINDOWS\ALCXMNTR.EXE [2004-09-07 57344]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-03-28 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-03-30 267048]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-02 86016]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-01-03 1261336]
"lxdwmon.exe"=C:\Program Files\Lexmark 7600 Series\lxdwmon.exe [2008-05-21 676520]
"lxdwamon"=C:\Program Files\Lexmark 7600 Series\lxdwamon.exe [2008-05-21 16040]
"Lexmark 7600 Series Fax Server"=C:\Program Files\Lexmark 7600 Series\fm3032.exe [2008-05-21 311976]
"DT LGE"=C:\Program Files\Portrait Displays\forteManager\DTHtml.exe [2007-02-01 285696]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-10 136600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"RecordNow!"= []
"TivoTransfer"=C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe [2008-04-04 1193984]
"TivoNotify"=C:\Program Files\TiVo\Desktop\TiVoNotify.exe [2008-04-04 394240]
"TivoServer"=C:\Program Files\TiVo\Desktop\TiVoServer.exe [2008-04-04 1879552]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2003-11-18 323584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mshta.exe"="C:\WINDOWS\system32\mshta.exe:*:Enabled:Microsoft ® HTML Application host"
"C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe"="C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe:*:Disabled:BackWeb-137903"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe"="C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe:LocalSubNet:Enabled:TiVo Beacon Service"
"C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe"="C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe:LocalSubNet:Enabled:TiVo Transfer Service"
"C:\Program Files\TiVo\Desktop\TiVoServer.exe"="C:\Program Files\TiVo\Desktop\TiVoServer.exe:LocalSubNet:Enabled:TiVo Server Service"
"C:\Program Files\TiVo\Desktop\TiVoDesktop.exe"="C:\Program Files\TiVo\Desktop\TiVoDesktop.exe:LocalSubNet:Enabled:TiVo Desktop User Interface"
"C:\Program Files\TiVo\Desktop\curl.exe"="C:\Program Files\TiVo\Desktop\curl.exe:LocalSubNet:Enabled:TiVo Curl Service"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\TVAnts\Tvants.exe"="C:\Program Files\TVAnts\Tvants.exe:*:Enabled:TVAnts"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\lxdwcoms.exe"="C:\WINDOWS\system32\lxdwcoms.exe:*:Enabled:7600 Series Server"
"C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:rundll32"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe"="C:\Program Files\Trend Micro\HijackThis\HijackThis.exe:*:Enabled:HijackThis"
"C:\Program Files\AVG\AVG8\avgui.exe"="C:\Program Files\AVG\AVG8\avgui.exe:*:Enabled:avgui"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 3 months======

2009-01-17 17:10:51 ----D---- C:\_OTMoveIt
2009-01-17 16:15:16 ----A---- C:\WINDOWS\system32\javaw.exe
2009-01-17 16:15:16 ----A---- C:\WINDOWS\system32\java.exe
2009-01-17 08:49:39 ----A---- C:\WINDOWS\gmer.ini
2009-01-17 08:49:37 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2009-01-17 08:49:36 ----A---- C:\WINDOWS\gmer.exe
2009-01-17 08:49:36 ----A---- C:\WINDOWS\gmer.dll
2009-01-17 08:46:50 ----D---- C:\rsit
2009-01-15 22:56:31 ----D---- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2009-01-15 22:56:21 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-15 22:56:21 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-01-15 08:21:24 ----A---- C:\WINDOWS\IE4 Error Log.txt
2009-01-04 11:01:08 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-03 11:41:37 ----ASH---- C:\WINDOWS\system32\hPAJlUtv.ini
2008-12-29 07:23:49 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-25 23:52:28 ----D---- C:\Documents and Settings\Owner\Application Data\7600 Series
2008-12-25 23:41:26 ----D---- C:\Documents and Settings\Owner\Application Data\Lexmark Productivity Studio
2008-12-25 23:37:28 ----D---- C:\logs
2008-12-25 23:36:30 ----A---- C:\WINDOWS\system32\lxdwvs.dll
2008-12-25 23:36:16 ----A---- C:\WINDOWS\system32\lxdwcoin.dll
2008-12-25 23:35:15 ----A---- C:\WINDOWS\system32\wiafbdrv.dll
2008-12-25 23:34:44 ----A---- C:\WINDOWS\system32\lxdwdrs.dll
2008-12-25 23:34:44 ----A---- C:\WINDOWS\system32\lxdwcaps.dll
2008-12-25 23:34:42 ----A---- C:\WINDOWS\system32\lxdwcnv4.dll
2008-12-25 23:33:59 ----A---- C:\WINDOWS\system32\LXDWPMON.DLL
2008-12-25 23:33:59 ----A---- C:\WINDOWS\system32\LXDWFXPU.DLL
2008-12-25 23:33:39 ----A---- C:\WINDOWS\system32\lxdwoem.dll
2008-12-25 23:33:39 ----A---- C:\WINDOWS\system32\IMHOST32.DLL
2008-12-25 23:33:39 ----A---- C:\WINDOWS\system32\IMGMAN32.DLL
2008-12-25 23:33:32 ----D---- C:\Documents and Settings\All Users\Application Data\7600 Series
2008-12-25 23:32:18 ----D---- C:\Program Files\Abbyy FineReader 6.0 Sprint
2008-12-25 23:28:55 ----D---- C:\Program Files\Lexmark Toolbar
2008-12-25 23:28:35 ----D---- C:\Program Files\Lexmark Printable Web
2008-12-25 23:28:21 ----A---- C:\WINDOWS\system32\lxdwrwrd.ini
2008-12-25 23:28:06 ----A---- C:\WINDOWS\system32\LXDWwupd.exe
2008-12-25 23:28:06 ----A---- C:\WINDOWS\system32\LXDWwupd.dll
2008-12-25 23:26:01 ----A---- C:\WINDOWS\system32\LXDWinst.dll
2008-12-25 23:26:00 ----A---- C:\WINDOWS\system32\LXDWhcp.dll
2008-12-25 23:25:59 ----A---- C:\WINDOWS\system32\lxdwinpa.dll
2008-12-25 23:25:59 ----A---- C:\WINDOWS\system32\lxdwiesc.dll
2008-12-25 23:25:58 ----A---- C:\WINDOWS\system32\lxdwutil.dll
2008-12-25 23:25:57 ----A---- C:\WINDOWS\system32\lxdwusb1.dll
2008-12-25 23:25:56 ----A---- C:\WINDOWS\system32\lxdwserv.dll
2008-12-25 23:25:55 ----A---- C:\WINDOWS\system32\lxdwpmui.dll
2008-12-25 23:25:54 ----A---- C:\WINDOWS\system32\lxdwlmpm.dll
2008-12-25 23:25:53 ----A---- C:\WINDOWS\system32\lxdwjswr.dll
2008-12-25 23:25:52 ----A---- C:\WINDOWS\system32\lxdwinsr.dll
2008-12-25 23:25:52 ----A---- C:\WINDOWS\system32\lxdwinsb.dll
2008-12-25 23:25:51 ----A---- C:\WINDOWS\system32\lxdwins.dll
2008-12-25 23:25:51 ----A---- C:\WINDOWS\system32\lxdwih.exe
2008-12-25 23:25:50 ----A---- C:\WINDOWS\system32\lxdwhbn3.dll
2008-12-25 23:25:49 ----A---- C:\WINDOWS\system32\lxdwgrd.dll
2008-12-25 23:25:48 ----A---- C:\WINDOWS\system32\lxdwgf.dll
2008-12-25 23:25:47 ----A---- C:\WINDOWS\system32\lxdwcub.dll
2008-12-25 23:25:46 ----A---- C:\WINDOWS\system32\lxdwcur.dll
2008-12-25 23:25:46 ----A---- C:\WINDOWS\system32\lxdwcu.dll
2008-12-25 23:25:46 ----A---- C:\WINDOWS\system32\lxdwcoms.exe
2008-12-25 23:25:44 ----A---- C:\WINDOWS\system32\lxdwcomm.dll
2008-12-25 23:25:44 ----A---- C:\WINDOWS\system32\lxdwcomc.dll
2008-12-25 23:25:42 ----A---- C:\WINDOWS\system32\lxdwcfg.exe
2008-12-25 23:25:41 ----A---- C:\WINDOWS\system32\LXDWcfg.dll
2008-12-25 23:25:15 ----D---- C:\Program Files\Lexmark 7600 Series
2008-12-18 08:10:36 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$
2008-12-10 08:22:20 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-10 08:21:15 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2008-12-10 08:20:37 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-10 08:20:25 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-10 08:19:58 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-10 00:34:52 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-11-13 07:14:54 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-13 07:14:23 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-13 07:13:47 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-10-29 08:03:23 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$

======List of files/folders modified in the last 3 months======

2009-01-17 17:38:50 ----D---- C:\WINDOWS\Temp
2009-01-17 17:37:10 ----D---- C:\Program Files\Mozilla Firefox
2009-01-17 17:32:40 ----D---- C:\WINDOWS\Prefetch
2009-01-17 17:19:12 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-17 17:18:57 ----D---- C:\WINDOWS\system32
2009-01-17 17:17:26 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-17 16:54:13 ----RD---- C:\Program Files
2009-01-17 16:50:37 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-01-17 16:50:28 ----D---- C:\Program Files\Movie Maker
2009-01-17 16:48:11 ----HD---- C:\$AVG8.VAULT$
2009-01-17 16:44:54 ----D---- C:\Program Files\Common Files
2009-01-17 16:44:07 ----D---- C:\Documents and Settings\Owner\Application Data\Real
2009-01-17 16:41:22 ----D---- C:\Stock images
2009-01-17 16:39:24 ----D---- C:\Program Files\Java
2009-01-17 16:17:33 ----SHD---- C:\Config.Msi
2009-01-17 16:15:15 ----SHD---- C:\WINDOWS\Installer
2009-01-17 16:14:48 ----D---- C:\WINDOWS
2009-01-17 16:10:35 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-01-17 16:10:29 ----D---- C:\WINDOWS\system32\drivers
2009-01-17 15:43:27 ----D---- C:\WINDOWS\WinSxS
2009-01-17 15:43:13 ----D---- C:\Program Files\Adobe
2009-01-17 15:15:14 ----D---- C:\Program Files\Mozilla Thunderbird
2009-01-16 01:51:59 ----D---- C:\WINDOWS\Minidump
2009-01-16 01:31:27 ----A---- C:\WINDOWS\ntbtlog.txt
2009-01-15 22:50:43 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-01-14 00:01:55 ----SD---- C:\WINDOWS\Tasks
2009-01-07 00:35:11 ----D---- C:\Documents and Settings\Owner\Application Data\Adobe
2009-01-04 22:07:15 ----HD---- C:\WINDOWS\inf
2009-01-04 14:26:10 ----D---- C:\WINDOWS\wt
2009-01-04 13:02:16 ----A---- C:\WINDOWS\system32\4f84b0e8-.txt
2009-01-04 11:39:52 ----A---- C:\WINDOWS\wininit.ini
2009-01-03 09:58:34 ----A---- C:\WINDOWS\win.ini
2009-01-03 09:30:28 ----HD---- C:\Program Files\InstallShield Installation Information
2009-01-03 08:28:57 ----D---- C:\Documents and Settings\All Users\Application Data\RetroExp
2009-01-02 22:08:53 ----D---- C:\Artwork
2009-01-02 21:03:00 ----D---- C:\Clients
2008-12-25 23:35:21 ----D---- C:\WINDOWS\twain_32
2008-12-18 08:07:41 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-12 12:01:00 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-10 08:22:34 ----A---- C:\WINDOWS\imsins.BAK
2008-11-20 09:29:46 ----D---- C:\WINDOWS\Help
2008-10-23 07:36:14 ----A---- C:\WINDOWS\system32\gdi32.dll
2008-10-23 05:06:59 ----A---- C:\WINDOWS\system32\tzchange.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 AmdK8;AMD Athlon64 Processor Driver; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [2003-11-07 35328]
R1 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [2001-02-01 25244]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-09-23 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-07-13 26824]
R1 SiSkp;SiSkp; C:\WINDOWS\System32\DRIVERS\srvkp.sys [2003-12-05 11392]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032]
R2 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-07-13 76040]
R2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [2002-09-26 76288]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB); C:\WINDOWS\system32\DRIVERS\A3AB.sys [2004-10-21 396480]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-10-01 2279424]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ltmodem5;Agere Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2003-07-02 652497]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MxlW2k;MxlW2k; C:\WINDOWS\system32\drivers\MxlW2k.sys [2008-07-15 28256]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2008-05-02 6554496]
R3 pdiddcci;DDC/CI monitor; C:\WINDOWS\System32\DRIVERS\pdiddcci.sys [2006-11-16 11776]
R3 PdiPorts;Portrait Displays low level device driver; C:\WINDOWS\System32\Drivers\PdiPorts.sys [2006-11-16 15920]
R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368]
R3 Ps2;PS2; C:\WINDOWS\System32\DRIVERS\PS2.sys [2001-06-04 14112]
R3 SunkFilt;Alcor Micro Corp - 9360; \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys []
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-13 37760]
S1 PDIDRV;PDIDRV; C:\WINDOWS\system32\drivers\PDIDRV.sys []
S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel® Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-11-20 122110]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel® Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-11-20 99002]
S3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-12-12 391424]
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2009-01-17 85969]
S3 grmnusb;grmnusb; C:\WINDOWS\system32\drivers\grmnusb.sys [2007-03-08 8320]
S3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2003-11-20 95579]
S3 NVENET;NVIDIA nForce MCP Networking Controller Driver; C:\WINDOWS\System32\DRIVERS\NVENET.sys [2003-04-22 54784]
S3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\System32\DRIVERS\R8139n51.SYS [2002-10-04 46976]
S3 SiS315;SiS315; C:\WINDOWS\System32\DRIVERS\sisgrp.sys [2003-12-06 429440]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 Sunkfiltp;HP && Alcor Micro Corp for Phison; \??\C:\WINDOWS\System32\Drivers\sunkfiltp.sys []
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 viagfx;viagfx; C:\WINDOWS\System32\DRIVERS\vtmini.sys [2003-10-17 117760]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2008-04-13 5504]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-09-06 110592]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-09-23 875288]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-01-03 231704]
R2 AvidSDMService;Avid SDM Service; C:\WINDOWS\system32\AvidSDMService.exe [2003-05-01 57344]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 DTSRVC;Portrait Displays Display Tune Service; C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe [2007-02-01 73728]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-10 152984]
R2 lxdw_device;lxdw_device; C:\WINDOWS\system32\lxdwcoms.exe [2008-05-16 594600]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-02 159812]
R2 TabletService;TabletService; C:\WINDOWS\system32\Tablet.exe [2005-02-28 737280]
R2 TivoBeacon2;TiVo Beacon; C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe [2008-04-04 868864]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-03-30 504104]
S2 AvidStartup;Avid Startup; C:\WINDOWS\system32\AvidStartup.exe [2003-07-02 241664]
S2 lxdwCATSCustConnectService;lxdwCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdwserv.exe [2008-05-16 98984]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2005-12-11 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

#7 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 17 January 2009 - 05:49 PM

Log looks great.. Lets do an online scan to see what might we missed..


Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


How's the computer now? :thumbsup:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#8 Controlled Chaos

Controlled Chaos
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:25 AM

Posted 17 January 2009 - 08:10 PM

Alright, the computer is definitely working better! I ran the Eset Online Scanner and upon completion, my AVG Antivirus software gave me a threat detection for Trojan Horse BHO.GYU

Here's the log from the Eset scan:

# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3774 (20090117)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=a880c030ffe30648a76728057a873615
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2009-01-18 01:05:02
# local_time=2009-01-17 08:05:02 (-0500, Eastern Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=656280
# found=52
# scan_time=7484
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-3cc0c1a2-61af7ed3.zip multiple infiltrations (deleted) 00000000000000000000000000000000
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-3cc0c1a2-61af7ed3.zip »ZIP »Gummy.class Java/Bytverify trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-3cc0c1a2-61af7ed3.zip »ZIP »Beyond.class a variant of Java/ClassLoader.K trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-60445f44-3cfa930a.zip multiple infiltrations (deleted) 00000000000000000000000000000000
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-60445f44-3cfa930a.zip »ZIP »Gummy.class Java/Bytverify trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-60445f44-3cfa930a.zip »ZIP »Beyond.class a variant of Java/ClassLoader.K trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\nocheat.jar-67b60e84-623e6098.zip Java/TrojanDownloader.OpenConnection.S trojan (deleted) 00000000000000000000000000000000
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\nocheat.jar-67b60e84-623e6098.zip »ZIP »Matrix.class Java/TrojanDownloader.OpenConnection.S trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde3.zip Win32/Bagle.gen.zip worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WildTangent14.zip Win32/Bagle.gen.zip worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WildTangent33.zip Win32/Bagle.gen.zip worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-3cc0c1a2-61af7ed3.zip multiple infiltrations (deleted) 00000000000000000000000000000000
C:\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-3cc0c1a2-61af7ed3.zip »ZIP »Gummy.class Java/Bytverify trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-3cc0c1a2-61af7ed3.zip »ZIP »Beyond.class a variant of Java/ClassLoader.K trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-60445f44-3cfa930a.zip multiple infiltrations (deleted) 00000000000000000000000000000000
C:\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-60445f44-3cfa930a.zip »ZIP »Gummy.class Java/Bytverify trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-60445f44-3cfa930a.zip »ZIP »Beyond.class a variant of Java/ClassLoader.K trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\nocheat.jar-67b60e84-623e6098.zip Java/TrojanDownloader.OpenConnection.S trojan (deleted) 00000000000000000000000000000000
C:\Documents and Settings\Default User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\nocheat.jar-67b60e84-623e6098.zip »ZIP »Matrix.class Java/TrojanDownloader.OpenConnection.S trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Nicky.DOWNSTAIRSPC\Application Data\Sun\Java\Deployment\cache\6.0\22\4ecb26d6-344ebb49 multiple infiltrations (deleted) 00000000000000000000000000000000
C:\Documents and Settings\Nicky.DOWNSTAIRSPC\Application Data\Sun\Java\Deployment\cache\6.0\22\4ecb26d6-344ebb49 »ZIP »Gummy.class Java/Bytverify trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Nicky.DOWNSTAIRSPC\Application Data\Sun\Java\Deployment\cache\6.0\22\4ecb26d6-344ebb49 »ZIP »Beyond.class a variant of Java/ClassLoader.K trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Nicky.DOWNSTAIRSPC\Application Data\Sun\Java\Deployment\cache\6.0\36\1c3e97a4-312e30f1 multiple infiltrations (deleted) 00000000000000000000000000000000
C:\Documents and Settings\Nicky.DOWNSTAIRSPC\Application Data\Sun\Java\Deployment\cache\6.0\36\1c3e97a4-312e30f1 »ZIP »Gummy.class Java/Bytverify trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Nicky.DOWNSTAIRSPC\Application Data\Sun\Java\Deployment\cache\6.0\36\1c3e97a4-312e30f1 »ZIP »Beyond.class a variant of Java/ClassLoader.K trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Nicky.DOWNSTAIRSPC\Application Data\Sun\Java\Deployment\cache\6.0\51\64611073-60ed0cce Java/TrojanDownloader.OpenConnection.S trojan (deleted) 00000000000000000000000000000000
C:\Documents and Settings\Nicky.DOWNSTAIRSPC\Application Data\Sun\Java\Deployment\cache\6.0\51\64611073-60ed0cce »ZIP »Matrix.class Java/TrojanDownloader.OpenConnection.S trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Nicky.DOWNSTAIRSPC\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-3cc0c1a2-61af7ed3.zip multiple infiltrations (deleted) 00000000000000000000000000000000
C:\Documents and Settings\Nicky.DOWNSTAIRSPC\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-3cc0c1a2-61af7ed3.zip »ZIP »Gummy.class Java/Bytverify trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Nicky.DOWNSTAIRSPC\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-3cc0c1a2-61af7ed3.zip »ZIP »Beyond.class a variant of Java/ClassLoader.K trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Nicky.DOWNSTAIRSPC\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-60445f44-3cfa930a.zip multiple infiltrations (deleted) 00000000000000000000000000000000
C:\Documents and Settings\Nicky.DOWNSTAIRSPC\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-60445f44-3cfa930a.zip »ZIP »Gummy.class Java/Bytverify trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Nicky.DOWNSTAIRSPC\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-60445f44-3cfa930a.zip »ZIP »Beyond.class a variant of Java/ClassLoader.K trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Nicky.DOWNSTAIRSPC\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\nocheat.jar-67b60e84-623e6098.zip Java/TrojanDownloader.OpenConnection.S trojan (deleted) 00000000000000000000000000000000
C:\Documents and Settings\Nicky.DOWNSTAIRSPC\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\nocheat.jar-67b60e84-623e6098.zip »ZIP »Matrix.class Java/TrojanDownloader.OpenConnection.S trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Nicolina\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-3cc0c1a2-61af7ed3.zip multiple infiltrations (deleted) 00000000000000000000000000000000
C:\Documents and Settings\Nicolina\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-3cc0c1a2-61af7ed3.zip »ZIP »Gummy.class Java/Bytverify trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Nicolina\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-3cc0c1a2-61af7ed3.zip »ZIP »Beyond.class a variant of Java/ClassLoader.K trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Nicolina\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-60445f44-3cfa930a.zip multiple infiltrations (deleted) 00000000000000000000000000000000
C:\Documents and Settings\Nicolina\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-60445f44-3cfa930a.zip »ZIP »Gummy.class Java/Bytverify trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Nicolina\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-60445f44-3cfa930a.zip »ZIP »Beyond.class a variant of Java/ClassLoader.K trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Nicolina\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\nocheat.jar-67b60e84-623e6098.zip Java/TrojanDownloader.OpenConnection.S trojan (deleted) 00000000000000000000000000000000
C:\Documents and Settings\Nicolina\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\nocheat.jar-67b60e84-623e6098.zip »ZIP »Matrix.class Java/TrojanDownloader.OpenConnection.S trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\RECYCLER\S-1-5-21-3870318462-4282315794-2507283615-1007\Dc25\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-3cc0c1a2-61af7ed3.zip multiple infiltrations (deleted) 00000000000000000000000000000000
C:\RECYCLER\S-1-5-21-3870318462-4282315794-2507283615-1007\Dc25\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-3cc0c1a2-61af7ed3.zip »ZIP »Gummy.class Java/Bytverify trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\RECYCLER\S-1-5-21-3870318462-4282315794-2507283615-1007\Dc25\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-3cc0c1a2-61af7ed3.zip »ZIP »Beyond.class a variant of Java/ClassLoader.K trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\RECYCLER\S-1-5-21-3870318462-4282315794-2507283615-1007\Dc25\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-60445f44-3cfa930a.zip multiple infiltrations (deleted) 00000000000000000000000000000000
C:\RECYCLER\S-1-5-21-3870318462-4282315794-2507283615-1007\Dc25\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-60445f44-3cfa930a.zip »ZIP »Gummy.class Java/Bytverify trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\RECYCLER\S-1-5-21-3870318462-4282315794-2507283615-1007\Dc25\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-60445f44-3cfa930a.zip »ZIP »Beyond.class a variant of Java/ClassLoader.K trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\RECYCLER\S-1-5-21-3870318462-4282315794-2507283615-1007\Dc25\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\nocheat.jar-67b60e84-623e6098.zip Java/TrojanDownloader.OpenConnection.S trojan (deleted) 00000000000000000000000000000000
C:\RECYCLER\S-1-5-21-3870318462-4282315794-2507283615-1007\Dc25\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\nocheat.jar-67b60e84-623e6098.zip »ZIP »Matrix.class Java/TrojanDownloader.OpenConnection.S trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\RECYCLER\S-1-5-21-3870421902-2301968625-1653170847-1003\Dc5.html JS/StartPage.X trojan (unable to clean - deleted) 00000000000000000000000000000000

#9 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 18 January 2009 - 02:40 AM

my AVG Antivirus software gave me a threat detection for Trojan Horse BHO.GYU



Can you tell me the exact location of the threat?.. Screenshot would be nice.. :thumbsup:

Have a full scan with your AVG and remove everything that its find.. Tell me more about it :)

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#10 Controlled Chaos

Controlled Chaos
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:25 AM

Posted 18 January 2009 - 12:41 PM

Okay, so I ran the full AVG scan and the Trojan Horse BHO.GYU threat was found in the zivahosu.dll file that is now located in the OTMoveIt\MovedFiles folder from yesterday. AVG did say it healed this file. So now, should I delete the folder of MovedFiles, or keep it in place? The computer seems to be zipping along now. None of the previous issues are occurring any more. I really do appreciate all of your help!

#11 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 20 January 2009 - 05:07 AM

Lets do some cleanup...


Please download OTCleanIt and save it to Desktop.
  • Make sure you have internet connection..
  • Double-click OTCleanIt.exe
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes



Please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware

Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :thumbsup:



Have a safe and happy computing day!


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#12 Controlled Chaos

Controlled Chaos
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:25 AM

Posted 21 January 2009 - 11:27 AM

I just finished all of the cleanup steps and defragging the hard drive. The computer is running as smooth as ever and is clicking right along. Thank you so much for all of this help. The computer is working like it did when I first purchased it a few years ago!

#13 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 21 January 2009 - 03:41 PM

You are very welcome, I'm glad that we could help.

I will now close this topic. If you need this topic to be re-open, please pm me or Moderators regarding the matter..

If you have any new malware related questions or issues in the future please start a new topic.

Cheers and Happy Computing !

fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users