Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware detected


  • This topic is locked This topic is locked
14 replies to this topic

#1 marklopez

marklopez

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:19 PM

Posted 16 January 2009 - 05:59 PM

I have been trying to repair viruses on a PC. I have been able to clean up 6 or 7 of them but there appears to be at least one more. In using hijackthis and analyzing from http://www.hijackthis.de/ it says that I have a virus that needs to be removed wirth Malwarebytes' Anti-Malware oer this formum link http://www.bleepingcomputer.com/malware-re...undo-virtumonde. However the system will not load the malware program. Another symptom is the system cannot find any of the downloads sites for new virus defs.


DDS (Ver_09-01-07.01) - NTFSx86
Run by backup at 14:23:41.81 on Fri 01/16/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1024.636 [GMT -8:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\rundll32.exe
E:\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: NoExplorer - No File
BHO: {13240afd-ff33-440e-be04-4e7b1e9a48d6} - c:\windows\system32\tuvTkkkk.dll
BHO: {2f992e85-dfe6-40bf-88de-4aec67e72d07} - c:\windows\system32\jezosudo.dll
BHO: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\qoMeDwXN.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {95e03aca-7b54-ddb9-8b54-c30b89fc29e7}: {7e92cf98-b03c-45b8-9bdd-45b7aca30e59} - c:\windows\system32\etmwsa.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Mirar: {d280c9e4-1464-4e08-9410-106b90fc79b3} - c:\windows\system32\winma77.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [58035802] rundll32.exe "c:\windows\system32\vdkivxwa.dll",b
mRun: [digadeyake] Rundll32.exe "c:\windows\system32\fonoriga.dll",s
IE: E&xport to Microsoft Excel - e:\micros~1\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: dubhappy.com
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: NavLogon - c:\windows\system32\NavLogon.dll
Notify: qoMeDwXN - qoMeDwXN.dll
AppInit_DLLs: ,etmwsa.dll,c:\windows\system32\nezusena.dll
SEH: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\qoMeDwXN.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\tuvTkkkk
LSA: Notification Packages = scecli c:\windows\system32\nezusena.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\backup\applic~1\mozilla\firefox\profiles\5p0cf1dc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.stardoll.com/en/
FF - plugin: c:\program files\mozilla firefox\plugins\NPMyWebS.dll

============= SERVICES / DRIVERS ===============

R3 NAVAP;NAVAP;c:\progra~1\symant~1\symant~1\NAVAP.sys [2003-5-2 224256]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20081222.005\NAVENG.sys [2008-12-23 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20081222.005\NAVEX15.sys [2008-12-23 876112]
R4 NAVAPEL;NAVAPEL;c:\program files\symantec_client_security\symantec antivirus\Navapel.sys [2003-5-2 30208]
R4 Norton AntiVirus Server;Symantec AntiVirus Client;c:\progra~1\symant~1\symant~1\Rtvscan.exe [2003-5-21 610304]

=============== Created Last 30 ================

2009-01-16 10:07 129,024 a------- c:\windows\system32\etmwsa.dll
2009-01-16 10:07 129,024 a------- c:\windows\system32\xdusfoig.dll
2009-01-16 10:06 1,402,103 ---sh--- c:\windows\system32\awxvikdv.ini
2009-01-16 10:06 72,704 a------- c:\windows\system32\vdkivxwa.dll
2009-01-15 21:04 129,024 a------- c:\windows\system32\zzbzsh.dll
2009-01-15 21:04 129,024 a------- c:\windows\system32\hflbdwhf.dll
2009-01-15 21:04 1,375,225 ---sh--- c:\windows\system32\jkmftxyv.ini
2009-01-15 21:04 72,704 a------- c:\windows\system32\vyxtfmkj.dll
2009-01-14 21:03 1,365,469 ---sh--- c:\windows\system32\aanxqynl.ini
2009-01-14 21:03 72,704 a------- c:\windows\system32\lnyqxnaa.dll
2009-01-14 21:02 129,024 a------- c:\windows\system32\gkyfwt.dll
2009-01-14 21:02 129,024 a------- c:\windows\system32\csyrvetw.dll
2008-12-27 13:49 1,261,704 ---sh--- c:\windows\system32\esiniwil.ini
2008-12-23 18:38 129,024 a------- c:\windows\system32\nylxse.dll
2008-12-23 18:38 129,024 a------- c:\windows\system32\uuttdxlj.dll
2008-12-23 18:35 1,661,209 ---sh--- c:\windows\system32\mfdskdfc.ini
2008-12-23 18:35 72,704 a------- c:\windows\system32\cfdksdfm.dll
2008-12-23 18:34 384,000 a------- c:\windows\system32\winscenter.exe
2008-12-23 18:34 134,149 a------- c:\windows\reged.exe
2008-12-23 18:34 18,941 a------- c:\windows\vmreg.dll
2008-12-23 18:34 1,003,957 a------- c:\windows\sysexplorer.exe
2008-12-23 18:34 51,197 a------- c:\windows\spoolsystem.exe
2008-12-23 18:34 50,620 a------- c:\windows\sys.com
2008-12-23 18:34 47,872 a------- c:\windows\syscert.exe
2008-12-23 18:34 29,189 a------- c:\docume~1\alluse~1\applic~1\svhost.exe
2008-12-23 00:05 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-22 19:11 129,024 a------- c:\windows\system32\rpuisn.dll
2008-12-22 19:11 129,024 a------- c:\windows\system32\whiklcxl.dll
2008-12-22 19:08 1,661,209 ---sh--- c:\windows\system32\nkyfnran.ini
2008-12-22 19:08 72,704 a------- c:\windows\system32\narnfykn.dll
2008-12-22 15:28 <DIR> --d----- C:\ProgramData
2008-12-22 15:28 <DIR> --d----- c:\program files\Angle Interactive
2008-12-22 13:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\CrucialSoft Ltd
2008-12-22 11:05 1,603,449 ---sh--- c:\windows\system32\itugozav.ini
2008-12-21 19:08 1,661,209 ---sh--- c:\windows\system32\mnhaivyh.ini
2008-12-21 19:08 72,704 a------- c:\windows\system32\hyviahnm.dll
2008-12-21 19:01 1,681,067 a--sh--- c:\windows\system32\kkkkTvut.ini2
2008-12-21 19:01 1,681,067 a--sh--- c:\windows\system32\kkkkTvut.ini
2008-12-21 19:01 302,592 a------- c:\windows\system32\tuvTkkkk.dll
2008-12-21 18:51 34,816 a------- c:\windows\system32\qoMeDwXN.dll
2008-12-21 18:51 <DIR> --d----- c:\program files\GetModule
2008-12-21 18:51 <DIR> --d----- c:\program files\iCheck
2008-12-21 18:51 198,716 a------- c:\windows\system32\wpv011229907513.cpx
2008-12-21 18:51 22,016 a------- c:\windows\system32\~.exe

==================== Find3M ====================

2009-01-16 11:10 61,679 a--sh--- c:\windows\system32\pivetupa.dll
2009-01-15 11:12 68,891 a--sh--- c:\windows\system32\duvotihe.dll
2009-01-14 20:06 64,733 a--sh--- c:\windows\system32\hozirave.dll
2008-12-27 13:47 87,209 a--sh--- c:\windows\system32\liwinise.dll
2008-12-27 13:47 64,223 a--sh--- c:\windows\system32\meyagabu.dll
2008-12-24 14:23 84,143 a--sh--- c:\windows\system32\sikizela.dll
2008-12-23 16:50 61,691 a------- c:\windows\system32\dewukobe.dll
2008-12-21 19:08 63,598 a--sh--- c:\windows\system32\yehifuni.dll
2008-12-10 21:35 17,920 a------- c:\docume~1\backup\applic~1\GDIPFONTCACHEV1.DAT
2008-11-21 20:15 401,408 a------- c:\windows\system32\winma77.dll
2008-10-23 04:36 286,720 a------- c:\windows\system32\gdi32.dll
0000-00-00 00:00 61,679 a--sh--- c:\windows\system32\fonoriga.dll
0000-00-00 00:00 61,679 a--sh--- c:\windows\system32\jezosudo.dll
0000-00-00 00:00 61,679 a--sh--- c:\windows\system32\nezusena.dll
2008-07-25 17:51 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008072520080726\index.dat

============= FINISH: 14:31:30.21 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:19 AM

Posted 17 January 2009 - 06:49 AM

Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.



NEXT


Please download GMER and unzip it to your Desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.


Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GMER result..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 marklopez

marklopez
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:19 PM

Posted 18 January 2009 - 06:54 PM

Hi,

Thanks for your response.I tried your suggestion and still can't get mkbam-setup.exe to run. It will show up in the proc list but never grabs any cpu. Eventually the setup disappears from the proclist.I also have tried to run the setup in safe and safe with network modes with the same results.



Mark

#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:19 AM

Posted 20 January 2009 - 06:47 AM

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from HERE or HERE or HERE and save it to your Desktop.

During the download, rename Combofix to Combo-Fix as follows:

Posted Image

Posted Image


It is important you rename Combofix during the download, but not after.

**NOTE: If you are using Firefox, make sure that your download settings are as follows:
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".

After that, double-click and run Combo-Fix. Let it finish its job and post the log here

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 marklopez

marklopez
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:19 PM

Posted 21 January 2009 - 02:38 AM

Thanks again for the response.

I stopped the windows firewall as well as symantec Virus scan. I tried to get combo-fix to run but the UI never appeared. I forgot to mention that I have been downloading the tools to a safe computer and moving files to the infected one. This is due to getting into a never endinding cycle of requests to load spywate fixes.

Can you think of another way of determining which malwares are running on the infected system.

#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:19 AM

Posted 21 January 2009 - 05:52 AM

Can you run Combo-Fix via Safe Mode?

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#7 marklopez

marklopez
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:19 PM

Posted 21 January 2009 - 12:37 PM

No UI comes up, no command window comes up ,but it appears that the process doesn't die. In over 45 minutes of running it hasn't used a single second of CPU Time.

Would you like to see a Hijackthis log?

#8 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:19 AM

Posted 21 January 2009 - 03:42 PM

Do below please...


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#9 marklopez

marklopez
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:19 PM

Posted 21 January 2009 - 06:06 PM

info.txt logfile of random's system information tool 1.05 2009-01-21 15:03:01

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Advertisement Service-->C:\WINDOWS\system32\prunnet.exe Uninstall
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
DB CIF Cam-->C:\Program Files\InstallShield Installation Information\{83d96ed0-98aa-4515-8ddc-816f3efdd104}\setup.exe
DB CIF Cam-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{766E4715-B801-46B3-9D91-12288AB88428}\Setup.exe" -l0x9
Disney Pix 2.0-->MsiExec.exe /X{DC8235CC-3D5A-4D32-94BE-E2F0A1749920}
Disney Pix Micro Downloader-->MsiExec.exe /X{183135A3-2CE8-43B5-BA5A-757EBAECB413}
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
HijackThis 1.99.1-->C:\Program Files\HijackThis\HijackThis.exe /uninstall
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Internet Speed Monitor-->C:\Program Files\iCheck\Uninstall.exe
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
LiveUpdate 1.80 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office XP Professional-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0050048383C9}
MobileMe Control Panel-->MsiExec.exe /I{924EB80F-C2BB-4B9F-8412-88BBA937393F}
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Toolbar-->MsiExec.exe /I{10C69612-017B-45F5-B986-7D113D5A2EA3}
Norton PC Checkup-->C:\Program Files\Norton PC Checkup\uninstall.exe
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Safari-->MsiExec.exe /I{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Symantec AntiVirus Client-->MsiExec.exe /X{0EFC6259-3AD8-4CD2-BC57-D4937AF5CC0E}
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinZip 11.1-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe

=====HijackThis Backups=====

O4 - HKLM\..\Run: [digadeyake] Rundll32.exe "C:\WINDOWS\system32\sebajuyo.dll",s
O4 - HKLM\..\Run: [digadeyake] Rundll32.exe "C:\WINDOWS\system32\sebajuyo.dll",s

System event log

Computer Name: BACKUP-FC4EF5B8
Event Code: 7001
Message: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Record Number: 14834
Source Name: Service Control Manager
Time Written: 20090114205346.000000-480
Event Type: error
User:

Computer Name: BACKUP-FC4EF5B8
Event Code: 7001
Message: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Record Number: 14833
Source Name: Service Control Manager
Time Written: 20090114205344.000000-480
Event Type: error
User:

Computer Name: BACKUP-FC4EF5B8
Event Code: 7001
Message: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Record Number: 14832
Source Name: Service Control Manager
Time Written: 20090114205344.000000-480
Event Type: error
User:

Computer Name: BACKUP-FC4EF5B8
Event Code: 7001
Message: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Record Number: 14831
Source Name: Service Control Manager
Time Written: 20090114205343.000000-480
Event Type: error
User:

Computer Name: BACKUP-FC4EF5B8
Event Code: 7001
Message: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Record Number: 14830
Source Name: Service Control Manager
Time Written: 20090114205343.000000-480
Event Type: error
User:

Application event log

Computer Name: BACKUP-FC4EF5B8
Event Code: 0
Message:
Record Number: 2702
Source Name: iPod Service
Time Written: 20080829161746.000000-420
Event Type: information
User:

Computer Name: BACKUP-FC4EF5B8
Event Code: 0
Message:
Record Number: 2701
Source Name: iPod Service
Time Written: 20080829161713.000000-420
Event Type: information
User:

Computer Name: BACKUP-FC4EF5B8
Event Code: 14
Message:


Symantec AntiVirus services startup was successful.

Record Number: 2700
Source Name: Norton AntiVirus
Time Written: 20080829161709.000000-420
Event Type: information
User:

Computer Name: BACKUP-FC4EF5B8
Event Code: 23
Message:


Symantec AntiVirus Realtime Protection Loaded.

Record Number: 2699
Source Name: Norton AntiVirus
Time Written: 20080829161709.000000-420
Event Type: information
User:

Computer Name: BACKUP-FC4EF5B8
Event Code: 2002
Message:
Record Number: 2698
Source Name: EAPOL
Time Written: 20080829161708.000000-420
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 1 Stepping 2, GenuineIntel
"PROCESSOR_REVISION"=0102
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"SAFEBOOT_OPTION"=MINIMAL

-----------------EOF-----------------




Logfile of random's system information tool 1.05 (written by random/random)
Run by Administrator at 2009-01-21 15:02:45
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 13 GB (35%) free of 38 GB
Total RAM: 1024 MB (82% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\vszrgfqp.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-10-19 817936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2f992e85-dfe6-40bf-88de-4aec67e72d07}]
C:\WINDOWS\system32\jezosudo.dll [65535-65535-31889 61679]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4d50982f-3944-4b3f-b255-d5da07140a9f}]
C:\WINDOWS\system32\dgysim.dll [2009-01-20 129024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{693B1006-735E-4B8C-A608-74B652709343}]
C:\WINDOWS\system32\tuvTkkkk.dll [2008-12-21 302592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
C:\WINDOWS\system32\qoMeDwXN.dll [2008-12-21 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-23 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-23 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-10-19 817936]
{D280C9E4-1464-4E08-9410-106B90FC79B3} - C:\WINDOWS\system32\winma77.dll [2008-11-21 401408]
{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - MSN Toolbar - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll [2008-12-04 83800]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2008-04-13 169984]
"digadeyake"=C:\WINDOWS\system32\fonoriga.dll [65535-65535-31889 61679]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Installer"=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\1ab9ca79hpca79a.exe [2008-12-22 86027]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\58035802]
C:\WINDOWS\system32\liwinise.dll [2008-12-27 87209]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-11-07 111936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GetModule32]
C:\Program Files\GetModule\GetModule32.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
C:\Program Files\Google\Google Talk\googletalk.exe /autostart []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor]
C:\PROGRA~1\MYWEBS~1\bar\3.bin\m3SrchMn.exe /m=2 /w []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Plugin]
rundll32 C:\PROGRA~1\MYWEBS~1\bar\3.bin\M3PLUGIN.DLL []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\prunnet]
C:\WINDOWS\system32\prunnet.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-23 136600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe [2003-05-21 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
E:\Microsoft Office\Office10\OSA.EXE -b -l []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^backup^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
C:\Documents and Settings\backup\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WZCSVC"=2
"TermService"=3
"TapiSrv"=3
"lanmanserver"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=",C:\WINDOWS\system32\nezusena.dll dgysim.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2003-05-21 45056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\qoMeDwXN]
C:\WINDOWS\system32\qoMeDwXN.dll [2008-12-21 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"=C:\WINDOWS\system32\qoMeDwXN.dll [2008-12-21 34816]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\tuvTkkkk
"notification packages"=scecli
C:\WINDOWS\system32\nezusena.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox"
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\Program Files\DivX\DivX Converter\Converter.exe"="C:\Program Files\DivX\DivX Converter\Converter.exe:*:Disabled:Converter"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\WINDOWS\system32\lsass.exe"="C:\WINDOWS\system32\lsass.exe:*:Enabled:lsass"
"C:\Program Files\MyWebSearch\bar\3.bin\M3SKPLAY.EXE"="C:\Program Files\MyWebSearch\bar\3.bin\M3SKPLAY.EXE:*:Enabled:m3SkPlay"
"C:\WINDOWS\system32\winscenter.exe"="C:\WINDOWS\system32\winscenter.exe:*:Enabled:winscenter"
"C:\WINDOWS\system32\wscntfy.exe"="C:\WINDOWS\system32\wscntfy.exe:*:Enabled:wscntfy"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:rundll32"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 3 months======

65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\zaworido.dll.tmp
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\sevikuji.dll.tmp
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\pivetupa.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\nomajuzu.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\nezusena.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\jezosudo.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\hozirave.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\fonoriga.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\duvotihe.dll
2009-01-21 15:02:50 ----D---- C:\Program Files\trend micro
2009-01-21 15:02:45 ----D---- C:\rsit
2009-01-21 14:45:58 ----SH---- C:\WINDOWS\system32\popiwoba.exe
2009-01-20 19:00:57 ----SH---- C:\WINDOWS\system32\abnttnuy.ini
2009-01-20 19:00:55 ----A---- C:\WINDOWS\system32\yunttnba.dll
2009-01-20 18:59:28 ----A---- C:\WINDOWS\system32\dgysim.dll
2009-01-20 18:59:27 ----A---- C:\WINDOWS\system32\stlehcvf.dll
2009-01-16 10:07:53 ----A---- C:\WINDOWS\system32\etmwsa.dll
2009-01-16 10:07:52 ----A---- C:\WINDOWS\system32\xdusfoig.dll
2009-01-16 10:06:28 ----SH---- C:\WINDOWS\system32\awxvikdv.ini
2009-01-15 21:04:54 ----A---- C:\WINDOWS\system32\zzbzsh.dll
2009-01-15 21:04:53 ----A---- C:\WINDOWS\system32\hflbdwhf.dll
2009-01-15 21:04:52 ----SH---- C:\WINDOWS\system32\jkmftxyv.ini
2009-01-15 21:04:47 ----A---- C:\WINDOWS\system32\vyxtfmkj.dll
2009-01-14 21:03:39 ----SH---- C:\WINDOWS\system32\aanxqynl.ini
2009-01-14 21:03:33 ----A---- C:\WINDOWS\system32\lnyqxnaa.dll
2009-01-14 21:02:09 ----A---- C:\WINDOWS\system32\gkyfwt.dll
2009-01-14 21:02:08 ----A---- C:\WINDOWS\system32\csyrvetw.dll
2009-01-14 18:23:43 ----D---- C:\Program Files\HijackThis
2009-01-14 15:30:03 ----D---- C:\Documents and Settings\Administrator\Application Data\DivX
2008-12-27 13:49:19 ----SH---- C:\WINDOWS\system32\esiniwil.ini
2008-12-23 18:38:19 ----A---- C:\WINDOWS\system32\nylxse.dll
2008-12-23 18:38:17 ----A---- C:\WINDOWS\system32\uuttdxlj.dll
2008-12-23 18:35:25 ----SH---- C:\WINDOWS\system32\mfdskdfc.ini
2008-12-23 18:35:15 ----A---- C:\WINDOWS\system32\cfdksdfm.dll
2008-12-23 18:34:49 ----A---- C:\WINDOWS\system32\winscenter.exe
2008-12-23 18:34:41 ----A---- C:\WINDOWS\vmreg.dll
2008-12-23 18:34:41 ----A---- C:\WINDOWS\reged.exe
2008-12-23 18:34:40 ----A---- C:\WINDOWS\sysexplorer.exe
2008-12-23 18:34:40 ----A---- C:\WINDOWS\syscert.exe
2008-12-23 18:34:40 ----A---- C:\WINDOWS\sys.com
2008-12-23 18:34:40 ----A---- C:\WINDOWS\spoolsystem.exe
2008-12-23 18:34:03 ----A---- C:\Documents and Settings\All Users\Application Data\svhost.exe
2008-12-23 00:05:15 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-23 00:05:15 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-23 00:05:15 ----A---- C:\WINDOWS\system32\java.exe
2008-12-23 00:05:15 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-22 19:11:51 ----A---- C:\WINDOWS\system32\rpuisn.dll
2008-12-22 19:11:50 ----A---- C:\WINDOWS\system32\whiklcxl.dll
2008-12-22 19:08:56 ----SH---- C:\WINDOWS\system32\nkyfnran.ini
2008-12-22 19:08:50 ----A---- C:\WINDOWS\system32\narnfykn.dll
2008-12-22 15:28:08 ----D---- C:\ProgramData
2008-12-22 15:28:08 ----D---- C:\Program Files\Angle Interactive
2008-12-22 13:56:31 ----D---- C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd
2008-12-22 13:52:04 ----D---- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-12-22 13:50:39 ----D---- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-12-22 11:41:35 ----D---- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-12-22 11:05:20 ----SH---- C:\WINDOWS\system32\itugozav.ini
2008-12-21 19:08:06 ----SH---- C:\WINDOWS\system32\mnhaivyh.ini
2008-12-21 19:08:00 ----A---- C:\WINDOWS\system32\hyviahnm.dll
2008-12-21 19:03:23 ----A---- C:\WINDOWS\system32\53209c7c-.txt
2008-12-21 19:01:58 ----ASH---- C:\WINDOWS\system32\kkkkTvut.ini2
2008-12-21 19:01:58 ----ASH---- C:\WINDOWS\system32\kkkkTvut.ini
2008-12-21 19:01:55 ----A---- C:\WINDOWS\system32\tuvTkkkk.dll
2008-12-21 18:51:53 ----A---- C:\WINDOWS\system32\qoMeDwXN.dll
2008-12-21 18:51:44 ----D---- C:\Program Files\GetModule
2008-12-21 18:51:39 ----D---- C:\Program Files\iCheck
2008-12-21 18:51:05 ----A---- C:\WINDOWS\system32\~.exe
2008-12-12 14:17:04 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-12 14:16:57 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-12 14:16:39 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-09 21:26:56 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-08 22:13:26 ----ASH---- C:\Documents and Settings\Administrator\Application Data\desktop.ini
2008-12-08 22:13:25 ----SD---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-12-08 22:12:52 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-06 22:04:23 ----A---- C:\WINDOWS\system32\winma77.dll
2008-12-02 09:48:07 ----D---- C:\Program Files\Microsoft Office
2008-11-23 21:53:37 ----D---- C:\Program Files\iPod
2008-11-23 21:53:05 ----D---- C:\Program Files\iTunes
2008-11-23 21:53:05 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-18 15:27:02 ----A---- C:\WINDOWS\system32\kbdkor.dll
2008-11-18 15:27:02 ----A---- C:\WINDOWS\system32\kbdjpn.dll
2008-11-18 15:27:01 ----A---- C:\WINDOWS\system32\kbd103.dll
2008-11-18 15:27:01 ----A---- C:\WINDOWS\system32\kbd101c.dll
2008-11-18 15:26:51 ----A---- C:\WINDOWS\system32\kbd101b.dll
2008-11-18 15:26:46 ----A---- C:\WINDOWS\system32\kbd106.dll
2008-11-12 21:30:27 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 21:30:17 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-12 21:29:53 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-10-26 16:07:28 ----D---- C:\WINDOWS\Sun
2008-10-23 16:02:32 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-22 17:05:10 ----D---- C:\Program Files\Norton PC Checkup

======List of files/folders modified in the last 3 months======

2009-01-21 15:02:50 ----RD---- C:\Program Files
2009-01-21 14:45:58 ----D---- C:\WINDOWS\system32
2009-01-20 23:31:03 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-20 21:11:41 ----D---- C:\WINDOWS\Prefetch
2009-01-20 19:00:35 ----D---- C:\WINDOWS\Temp
2009-01-16 10:05:18 ----D---- C:\WINDOWS\system32\drivers
2009-01-16 09:25:49 ----D---- C:\Program Files\Google
2009-01-16 09:25:14 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2009-01-16 09:24:51 ----SHD---- C:\WINDOWS\Installer
2009-01-15 18:27:44 ----AD---- C:\Program Files\FunWebProducts
2009-01-15 18:27:28 ----D---- C:\Program Files\Internet Explorer
2009-01-15 16:54:15 ----D---- C:\Program Files\Mozilla Firefox
2009-01-14 20:18:37 ----SH---- C:\boot.ini
2009-01-14 20:18:37 ----A---- C:\WINDOWS\win.ini
2009-01-14 20:18:37 ----A---- C:\WINDOWS\system.ini
2009-01-13 20:41:48 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-13 20:41:33 ----HD---- C:\WINDOWS\inf
2009-01-13 20:33:39 ----D---- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor
2009-01-13 20:30:29 ----D---- C:\WINDOWS\Registration
2009-01-13 19:22:49 ----D---- C:\WINDOWS\pss
2008-12-27 13:47:46 ----ASH---- C:\WINDOWS\system32\liwinise.dll
2008-12-27 13:47:44 ----ASH---- C:\WINDOWS\system32\meyagabu.dll
2008-12-24 14:23:26 ----ASH---- C:\WINDOWS\system32\sikizela.dll
2008-12-23 18:34:41 ----D---- C:\WINDOWS
2008-12-23 18:34:32 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-23 16:50:34 ----A---- C:\WINDOWS\system32\dewukobe.dll
2008-12-23 00:06:19 ----D---- C:\Program Files\MSN
2008-12-23 00:03:39 ----D---- C:\Program Files\Java
2008-12-22 11:01:47 ----SHD---- C:\RECYCLER
2008-12-21 19:08:54 ----ASH---- C:\WINDOWS\system32\yehifuni.dll
2008-12-21 18:52:41 ----SD---- C:\WINDOWS\Tasks
2008-12-17 22:17:24 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-17 22:16:39 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-12 22:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-12 14:20:18 ----A---- C:\WINDOWS\imsins.BAK
2008-12-08 22:13:24 ----D---- C:\Documents and Settings
2008-12-03 17:19:09 ----D---- C:\WINDOWS\Help
2008-11-18 15:29:54 ----RSD---- C:\WINDOWS\Fonts
2008-11-07 16:45:32 ----A---- C:\WINDOWS\system32\WMVCore.dll
2008-11-03 11:05:38 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-02 09:47:12 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-23 17:58:04 ----D---- C:\WINDOWS\network diagnostic
2008-10-23 04:36:14 ----A---- C:\WINDOWS\system32\gdi32.dll
2008-10-23 02:06:59 ----N---- C:\WINDOWS\system32\tzchange.exe
2008-10-22 18:06:26 ----D---- C:\WINDOWS\system32\Adobe
2008-10-22 17:50:41 ----D---- C:\WINDOWS\system32\Macromed
2008-10-22 17:05:20 ----D---- C:\Program Files\Common Files\Symantec Shared

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S2 NAVAPEL;NAVAPEL; \??\C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPEL.SYS []
S3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
S3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-08-03 701440]
S3 atinrvxx;ATI WDM Rage Theater Video (Microsoft Corporation); C:\WINDOWS\system32\DRIVERS\atinrvxx.sys [2004-08-03 104960]
S3 ATITUNEP;ATI WDM TV Tuner (Microsoft Corporation); C:\WINDOWS\system32\DRIVERS\atintuxx.sys [2004-08-03 73216]
S3 ativraxx;ATI WDM Rage Theater Audio (Microsoft Corporation); C:\WINDOWS\system32\DRIVERS\atinraxx.sys [2004-08-03 52224]
S3 ATIXSAudio;ATI WDM TV Audio (Microsoft Corporation) Crossbar (Microsoft Corporation); C:\WINDOWS\system32\DRIVERS\atinxsxx.sys [2004-08-03 63488]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 GTNDIS5;GTNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\GTNDIS5.SYS []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 MVDCODEC;ATI WDM Specialized MVD Codec (Microsoft Corporation); C:\WINDOWS\system32\DRIVERS\atinmdxx.sys [2004-08-03 13824]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NAVAP;NAVAP; \??\C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAP.sys []
S3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081222.005\NAVENG.sys []
S3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081222.005\NAVEX15.sys []
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 PCDCODEC;ATI WDM Specialized PCD Codec (Microsoft Corporation); C:\WINDOWS\system32\DRIVERS\atinpdxx.sys [2004-08-03 14336]
S3 RT61;Linksys Wireless-G PCI Adapter Driver(RT61); C:\WINDOWS\system32\DRIVERS\RT61.sys [2005-10-26 356096]
S3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2004-08-03 32768]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-08-29 578304]
S3 SQTECH905C;DB CIF Cam; C:\WINDOWS\System32\Drivers\Capt905c.sys [2006-01-26 34686]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-13 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-23 152984]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S3 Norton AntiVirus Server;Symantec AntiVirus Client; C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe [2003-05-21 610304]
S4 DefWatch;DefWatch; C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe [2003-05-21 32768]

-----------------EOF-----------------

#10 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:19 AM

Posted 22 January 2009 - 03:44 AM

IMPORTANT!! Uninstall these programs first (if present..) so that they won't interfere with our fixes..

1. Ask Toolbar
2. Lavasoft Ad-Aware
3. Spybot - Search & Destroy
4. Viewpoint (all of them..)



Please download the OTMoveIt3 by OldTimer
  • Save it to your Desktop.
  • Please double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Let the Unregister Dll's and Ocx's remain ticked and Zip Files After Moves remain unticked..
  • Copy the codebox contents and paste it to the "Paste List of Files/Folders to Move" window (under the light Yellow bar)

    :processes
    explorer.exe
    
    :services
    
    :files
    C:\WINDOWS\tasks\vszrgfqp.job
    C:\WINDOWS\system32\jezosudo.dll
    C:\WINDOWS\system32\dgysim.dll
    C:\WINDOWS\system32\tuvTkkkk.dll
    C:\WINDOWS\system32\qoMeDwXN.dll 
    C:\WINDOWS\system32\winma77.dll
    C:\WINDOWS\system32\fonoriga.dll
    C:\Documents and Settings\Administrator\Local Settings\temp\1ab9ca79hpca79a.exe
    C:\WINDOWS\system32\liwinise.dll
    C:\Program Files\GetModule
    C:\WINDOWS\system32\prunnet.exe
    C:\Documents and Settings\backup\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
    C:\WINDOWS\system32\nezusena.dll
    C:\WINDOWS\system32\winscenter.exe
    C:\Program Files\MyWebSearch
    C:\WINDOWS\system32\zaworido.dll.tmp
    C:\WINDOWS\system32\sevikuji.dll.tmp
    C:\WINDOWS\system32\pivetupa.dll
    C:\WINDOWS\system32\nomajuzu.dll
    C:\WINDOWS\system32\nezusena.dll
    C:\WINDOWS\system32\jezosudo.dll
    C:\WINDOWS\system32\hozirave.dll
    C:\WINDOWS\system32\fonoriga.dll
    C:\WINDOWS\system32\duvotihe.dll
    C:\WINDOWS\system32\popiwoba.exe
    C:\WINDOWS\system32\abnttnuy.ini
    C:\WINDOWS\system32\yunttnba.dll
    C:\WINDOWS\system32\dgysim.dll
    C:\WINDOWS\system32\stlehcvf.dll
    C:\WINDOWS\system32\etmwsa.dll
    C:\WINDOWS\system32\xdusfoig.dll
    C:\WINDOWS\system32\awxvikdv.ini
    C:\WINDOWS\system32\zzbzsh.dll
    C:\WINDOWS\system32\hflbdwhf.dll
    C:\WINDOWS\system32\jkmftxyv.ini
    C:\WINDOWS\system32\vyxtfmkj.dll
    C:\WINDOWS\system32\aanxqynl.ini
    C:\WINDOWS\system32\lnyqxnaa.dll
    C:\WINDOWS\system32\gkyfwt.dll
    C:\WINDOWS\system32\csyrvetw.dll
    C:\WINDOWS\system32\esiniwil.ini
    C:\WINDOWS\system32\nylxse.dll
    C:\WINDOWS\system32\uuttdxlj.dll
    C:\WINDOWS\system32\mfdskdfc.ini
    C:\WINDOWS\system32\cfdksdfm.dll
    C:\WINDOWS\system32\winscenter.exe
    C:\WINDOWS\vmreg.dll
    C:\WINDOWS\reged.exe
    C:\WINDOWS\sysexplorer.exe
    C:\WINDOWS\syscert.exe
    C:\WINDOWS\sys.com
    C:\WINDOWS\spoolsystem.exe
    C:\Documents and Settings\All Users\Application Data\svhost.exe
    C:\WINDOWS\system32\rpuisn.dll
    C:\WINDOWS\system32\whiklcxl.dll
    C:\WINDOWS\system32\nkyfnran.ini
    C:\WINDOWS\system32\narnfykn.dll
    C:\WINDOWS\system32\itugozav.ini
    C:\WINDOWS\system32\mnhaivyh.ini
    C:\WINDOWS\system32\hyviahnm.dll
    C:\WINDOWS\system32\53209c7c-.txt
    C:\WINDOWS\system32\kkkkTvut.ini2
    C:\WINDOWS\system32\kkkkTvut.ini
    C:\WINDOWS\system32\tuvTkkkk.dll
    C:\WINDOWS\system32\qoMeDwXN.dll
    C:\Program Files\GetModule
    C:\Program Files\iCheck
    C:\WINDOWS\system32\~.exe
    C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    C:\WINDOWS\system32\liwinise.dll
    C:\WINDOWS\system32\meyagabu.dll
    C:\WINDOWS\system32\sikizela.dll
    C:\WINDOWS\system32\dewukobe.dll
    C:\WINDOWS\system32\yehifuni.dll
    
    :reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2f992e85-dfe6-40bf-88de-4aec67e72d07}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4d50982f-3944-4b3f-b255-d5da07140a9f}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{693B1006-735E-4B8C-A608-74B652709343}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{D280C9E4-1464-4E08-9410-106B90FC79B3}"=-
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "digadeyake"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "Installer"=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\58035802]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GetModule32]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Plugin]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\prunnet]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^backup^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS"=""
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\qoMeDwXN]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
    "Notification Packages"=hex(7):73,63,65,63,6c,69,00,00
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\Program Files\MyWebSearch\bar\3.bin\M3SKPLAY.EXE"=-
    "C:\WINDOWS\system32\winscenter.exe"=-
    
    :commands
    [purity]
    [emptytemp]
    [start explorer]
    [reboot]
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Run RSIT again... Post these logs in your next reply..

1. OTMoveIt3
2. RSIT log.txt

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#11 marklopez

marklopez
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:19 PM

Posted 22 January 2009 - 10:20 PM

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== FILES ==========
File/Folder C:\WINDOWS\tasks\vszrgfqp.job not found.
File/Folder C:\WINDOWS\system32\jezosudo.dll not found.
File/Folder C:\WINDOWS\system32\dgysim.dll not found.
File/Folder C:\WINDOWS\system32\tuvTkkkk.dll not found.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\qoMeDwXN.dll
C:\WINDOWS\system32\qoMeDwXN.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\qoMeDwXN.dll scheduled to be moved on reboot.
File/Folder C:\WINDOWS\system32\winma77.dll not found.
File/Folder C:\WINDOWS\system32\fonoriga.dll not found.
File/Folder C:\Documents and Settings\Administrator\Local Settings\temp\1ab9ca79hpca79a.exe not found.
File/Folder C:\WINDOWS\system32\liwinise.dll not found.
File/Folder C:\Program Files\GetModule not found.
File/Folder C:\WINDOWS\system32\prunnet.exe not found.
File/Folder C:\Documents and Settings\backup\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe not found.
File/Folder C:\WINDOWS\system32\nezusena.dll not found.
File/Folder C:\WINDOWS\system32\winscenter.exe not found.
File/Folder C:\Program Files\MyWebSearch not found.
File/Folder C:\WINDOWS\system32\zaworido.dll.tmp not found.
File/Folder C:\WINDOWS\system32\sevikuji.dll.tmp not found.
File/Folder C:\WINDOWS\system32\pivetupa.dll not found.
File/Folder C:\WINDOWS\system32\nomajuzu.dll not found.
File/Folder C:\WINDOWS\system32\nezusena.dll not found.
File/Folder C:\WINDOWS\system32\jezosudo.dll not found.
File/Folder C:\WINDOWS\system32\hozirave.dll not found.
File/Folder C:\WINDOWS\system32\fonoriga.dll not found.
File/Folder C:\WINDOWS\system32\duvotihe.dll not found.
File/Folder C:\WINDOWS\system32\popiwoba.exe not found.
File/Folder C:\WINDOWS\system32\abnttnuy.ini not found.
File/Folder C:\WINDOWS\system32\yunttnba.dll not found.
File/Folder C:\WINDOWS\system32\dgysim.dll not found.
File/Folder C:\WINDOWS\system32\stlehcvf.dll not found.
File/Folder C:\WINDOWS\system32\etmwsa.dll not found.
File/Folder C:\WINDOWS\system32\xdusfoig.dll not found.
File/Folder C:\WINDOWS\system32\awxvikdv.ini not found.
File/Folder C:\WINDOWS\system32\zzbzsh.dll not found.
File/Folder C:\WINDOWS\system32\hflbdwhf.dll not found.
File/Folder C:\WINDOWS\system32\jkmftxyv.ini not found.
File/Folder C:\WINDOWS\system32\vyxtfmkj.dll not found.
File/Folder C:\WINDOWS\system32\aanxqynl.ini not found.
File/Folder C:\WINDOWS\system32\lnyqxnaa.dll not found.
File/Folder C:\WINDOWS\system32\gkyfwt.dll not found.
File/Folder C:\WINDOWS\system32\csyrvetw.dll not found.
File/Folder C:\WINDOWS\system32\esiniwil.ini not found.
File/Folder C:\WINDOWS\system32\nylxse.dll not found.
File/Folder C:\WINDOWS\system32\uuttdxlj.dll not found.
File/Folder C:\WINDOWS\system32\mfdskdfc.ini not found.
File/Folder C:\WINDOWS\system32\cfdksdfm.dll not found.
File/Folder C:\WINDOWS\system32\winscenter.exe not found.
File/Folder C:\WINDOWS\vmreg.dll not found.
File/Folder C:\WINDOWS\reged.exe not found.
File/Folder C:\WINDOWS\sysexplorer.exe not found.
File/Folder C:\WINDOWS\syscert.exe not found.
File/Folder C:\WINDOWS\sys.com not found.
File/Folder C:\WINDOWS\spoolsystem.exe not found.
File/Folder C:\Documents and Settings\All Users\Application Data\svhost.exe not found.
File/Folder C:\WINDOWS\system32\rpuisn.dll not found.
File/Folder C:\WINDOWS\system32\whiklcxl.dll not found.
File/Folder C:\WINDOWS\system32\nkyfnran.ini not found.
File/Folder C:\WINDOWS\system32\narnfykn.dll not found.
File/Folder C:\WINDOWS\system32\itugozav.ini not found.
File/Folder C:\WINDOWS\system32\mnhaivyh.ini not found.
File/Folder C:\WINDOWS\system32\hyviahnm.dll not found.
File/Folder C:\WINDOWS\system32\53209c7c-.txt not found.
File/Folder C:\WINDOWS\system32\kkkkTvut.ini2 not found.
File/Folder C:\WINDOWS\system32\kkkkTvut.ini not found.
File/Folder C:\WINDOWS\system32\tuvTkkkk.dll not found.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\qoMeDwXN.dll
C:\WINDOWS\system32\qoMeDwXN.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\qoMeDwXN.dll scheduled to be moved on reboot.
File/Folder C:\Program Files\GetModule not found.
File/Folder C:\Program Files\iCheck not found.
File/Folder C:\WINDOWS\system32\~.exe not found.
File/Folder C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} not found.
File/Folder C:\WINDOWS\system32\liwinise.dll not found.
File/Folder C:\WINDOWS\system32\meyagabu.dll not found.
File/Folder C:\WINDOWS\system32\sikizela.dll not found.
File/Folder C:\WINDOWS\system32\dewukobe.dll not found.
File/Folder C:\WINDOWS\system32\yehifuni.dll not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2f992e85-dfe6-40bf-88de-4aec67e72d07}\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4d50982f-3944-4b3f-b255-d5da07140a9f}\\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{693B1006-735E-4B8C-A608-74B652709343}\\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{D280C9E4-1464-4E08-9410-106B90FC79B3} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D280C9E4-1464-4E08-9410-106B90FC79B3}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\digadeyake deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Installer not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\58035802\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GetModule32\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Plugin\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\prunnet\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^backup^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe\\ deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_DLLS"|"" /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\qoMeDwXN\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\"Authentication Packages"|hex(7):6d,73,76,31,5f,30,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\"Notification Packages"|hex(7):73,63,65,63,6c,69,00,00 /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\MyWebSearch\bar\3.bin\M3SKPLAY.EXE deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\system32\winscenter.exe deleted successfully.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_790.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01222009_165618



==================================================================================


Logfile of random's system information tool 1.05 (written by random/random)
Run by backup at 2009-01-22 17:05:52
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 13 GB (35%) free of 38 GB
Total RAM: 1024 MB (77% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3892d097-b098-438a-8b7e-b07a3a8c278e}]
C:\WINDOWS\system32\ipxcff.dll [2009-01-22 129024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
C:\WINDOWS\system32\qoMeDwXN.dll [2008-12-21 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-23 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A989F6FC-31A6-4508-88EA-57541ABAC93E}]
C:\WINDOWS\system32\tuvTkkkk.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-23 34816]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2008-04-13 169984]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
C:\Program Files\Google\Google Talk\googletalk.exe /autostart []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-23 136600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe [2003-05-21 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
E:\Microsoft Office\Office10\OSA.EXE -b -l []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WZCSVC"=2
"TermService"=3
"TapiSrv"=3
"lanmanserver"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2003-05-21 45056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\qoMeDwXN]
C:\WINDOWS\system32\qoMeDwXN.dll [2008-12-21 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"=C:\WINDOWS\system32\qoMeDwXN.dll [2008-12-21 34816]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox"
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\Program Files\DivX\DivX Converter\Converter.exe"="C:\Program Files\DivX\DivX Converter\Converter.exe:*:Disabled:Converter"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\WINDOWS\system32\lsass.exe"="C:\WINDOWS\system32\lsass.exe:*:Enabled:lsass"
"C:\WINDOWS\system32\wscntfy.exe"="C:\WINDOWS\system32\wscntfy.exe:*:Enabled:wscntfy"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:rundll32"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 3 months======

2009-01-22 16:42:10 ----D---- C:\_OTMoveIt
2009-01-22 15:08:36 ----ASH---- C:\WINDOWS\system32\ggdptvnh.ini
2009-01-22 15:08:30 ----A---- C:\WINDOWS\system32\hnvtpdgg.dll
2009-01-22 15:08:28 ----A---- C:\WINDOWS\system32\ipxcff.dll
2009-01-22 15:08:27 ----A---- C:\WINDOWS\system32\yhhnrxcf.dll
2009-01-22 14:34:29 ----ASH---- C:\WINDOWS\system32\feyajute.exe
2009-01-21 15:02:50 ----D---- C:\Program Files\trend micro
2009-01-21 15:02:45 ----D---- C:\rsit
2009-01-14 18:23:43 ----D---- C:\Program Files\HijackThis
2008-12-23 00:05:15 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-23 00:05:15 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-23 00:05:15 ----A---- C:\WINDOWS\system32\java.exe
2008-12-23 00:05:15 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-22 15:28:08 ----D---- C:\ProgramData
2008-12-22 15:28:08 ----D---- C:\Program Files\Angle Interactive
2008-12-22 13:56:31 ----D---- C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd
2008-12-21 18:51:53 ----A---- C:\WINDOWS\system32\qoMeDwXN.dll
2008-12-12 14:17:04 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-12 14:16:57 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-12 14:16:39 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-09 21:26:56 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-08 22:12:52 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-02 09:48:07 ----D---- C:\Program Files\Microsoft Office
2008-11-23 21:53:37 ----D---- C:\Program Files\iPod
2008-11-23 21:53:05 ----D---- C:\Program Files\iTunes
2008-11-18 15:27:02 ----A---- C:\WINDOWS\system32\kbdkor.dll
2008-11-18 15:27:02 ----A---- C:\WINDOWS\system32\kbdjpn.dll
2008-11-18 15:27:01 ----A---- C:\WINDOWS\system32\kbd103.dll
2008-11-18 15:27:01 ----A---- C:\WINDOWS\system32\kbd101c.dll
2008-11-18 15:26:51 ----A---- C:\WINDOWS\system32\kbd101b.dll
2008-11-18 15:26:46 ----A---- C:\WINDOWS\system32\kbd106.dll
2008-11-12 21:30:27 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 21:30:17 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-12 21:29:53 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-10-26 16:07:28 ----D---- C:\WINDOWS\Sun
2008-10-26 16:07:28 ----D---- C:\Documents and Settings\backup\Application Data\Sun
2008-10-23 16:02:32 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$

======List of files/folders modified in the last 3 months======

2009-01-22 17:01:46 ----SH---- C:\boot.ini
2009-01-22 17:01:46 ----A---- C:\WINDOWS\win.ini
2009-01-22 17:01:46 ----A---- C:\WINDOWS\system.ini
2009-01-22 17:01:28 ----D---- C:\WINDOWS\Temp
2009-01-22 17:00:03 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-22 16:43:00 ----D---- C:\WINDOWS\system32
2009-01-22 16:42:51 ----RD---- C:\Program Files
2009-01-22 16:42:42 ----D---- C:\WINDOWS
2009-01-22 16:42:11 ----SD---- C:\WINDOWS\Tasks
2009-01-22 15:16:17 ----SHD---- C:\WINDOWS\Installer
2009-01-22 15:08:41 ----D---- C:\WINDOWS\Prefetch
2009-01-22 15:02:46 ----D---- C:\Program Files\Yahoo!
2009-01-16 10:05:18 ----D---- C:\WINDOWS\system32\drivers
2009-01-16 09:25:49 ----D---- C:\Program Files\Google
2009-01-16 09:25:14 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2009-01-15 18:27:44 ----AD---- C:\Program Files\FunWebProducts
2009-01-15 18:27:28 ----D---- C:\Program Files\Internet Explorer
2009-01-15 16:54:15 ----D---- C:\Program Files\Mozilla Firefox
2009-01-13 20:41:48 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-13 20:41:33 ----HD---- C:\WINDOWS\inf
2009-01-13 20:33:39 ----D---- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor
2009-01-13 20:30:29 ----D---- C:\WINDOWS\Registration
2009-01-13 19:22:49 ----D---- C:\WINDOWS\pss
2008-12-23 18:34:32 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-23 00:06:19 ----D---- C:\Program Files\MSN
2008-12-23 00:03:39 ----D---- C:\Program Files\Java
2008-12-22 11:01:47 ----SHD---- C:\RECYCLER
2008-12-17 22:17:24 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-17 22:16:39 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-12 22:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-12 14:20:18 ----A---- C:\WINDOWS\imsins.BAK
2008-12-09 16:41:05 ----D---- C:\Documents and Settings\backup\Application Data\Mozilla
2008-12-08 22:13:24 ----D---- C:\Documents and Settings
2008-12-03 17:19:09 ----D---- C:\WINDOWS\Help
2008-11-23 21:59:36 ----D---- C:\Documents and Settings\backup\Application Data\LimeWire
2008-11-18 15:29:54 ----RSD---- C:\WINDOWS\Fonts
2008-11-07 16:45:32 ----A---- C:\WINDOWS\system32\WMVCore.dll
2008-11-03 11:05:38 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-02 09:47:12 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-23 17:58:04 ----D---- C:\WINDOWS\network diagnostic
2008-10-23 04:36:14 ----A---- C:\WINDOWS\system32\gdi32.dll
2008-10-23 02:06:59 ----A---- C:\WINDOWS\system32\tzchange.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 NAVAPEL;NAVAPEL; \??\C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPEL.SYS []
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-08-03 701440]
R3 atinrvxx;ATI WDM Rage Theater Video (Microsoft Corporation); C:\WINDOWS\system32\DRIVERS\atinrvxx.sys [2004-08-03 104960]
R3 ATITUNEP;ATI WDM TV Tuner (Microsoft Corporation); C:\WINDOWS\system32\DRIVERS\atintuxx.sys [2004-08-03 73216]
R3 ativraxx;ATI WDM Rage Theater Audio (Microsoft Corporation); C:\WINDOWS\system32\DRIVERS\atinraxx.sys [2004-08-03 52224]
R3 ATIXSAudio;ATI WDM TV Audio (Microsoft Corporation) Crossbar (Microsoft Corporation); C:\WINDOWS\system32\DRIVERS\atinxsxx.sys [2004-08-03 63488]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 MVDCODEC;ATI WDM Specialized MVD Codec (Microsoft Corporation); C:\WINDOWS\system32\DRIVERS\atinmdxx.sys [2004-08-03 13824]
R3 PCDCODEC;ATI WDM Specialized PCD Codec (Microsoft Corporation); C:\WINDOWS\system32\DRIVERS\atinpdxx.sys [2004-08-03 14336]
R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2004-08-03 32768]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-08-29 578304]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 GTNDIS5;GTNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\GTNDIS5.SYS []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NAVAP;NAVAP; \??\C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAP.sys []
S3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081222.005\NAVENG.sys []
S3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081222.005\NAVEX15.sys []
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 RT61;Linksys Wireless-G PCI Adapter Driver(RT61); C:\WINDOWS\system32\DRIVERS\RT61.sys [2005-10-26 356096]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SQTECH905C;DB CIF Cam; C:\WINDOWS\System32\Drivers\Capt905c.sys [2006-01-26 34686]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-13 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-23 152984]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S3 Norton AntiVirus Server;Symantec AntiVirus Client; C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe [2003-05-21 610304]
S4 DefWatch;DefWatch; C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe [2003-05-21 32768]

-----------------EOF-----------------

#12 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:19 AM

Posted 23 January 2009 - 07:08 AM

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#13 marklopez

marklopez
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:19 PM

Posted 23 January 2009 - 12:41 PM

Unfortunately combo fix still doesn't run.

#14 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:19 AM

Posted 23 January 2009 - 06:38 PM

Repeat the OTMoveIt3 step but this time with below script.. Post the log here after that..

:processes
explorer.exe

:services

:files
C:\WINDOWS\system32\ipxcff.dll
C:\WINDOWS\system32\qoMeDwXN.dll
C:\WINDOWS\system32\tuvTkkkk.dll
C:\WINDOWS\system32\qoMeDwXN.dll
C:\WINDOWS\system32\ggdptvnh.ini
C:\WINDOWS\system32\hnvtpdgg.dll
C:\WINDOWS\system32\ipxcff.dll
C:\WINDOWS\system32\yhhnrxcf.dll
C:\WINDOWS\system32\feyajute.exe

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3892d097-b098-438a-8b7e-b07a3a8c278e}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A989F6FC-31A6-4508-88EA-57541ABAC93E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\qoMeDwXN]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"=-

:commands
[purity]
[emptytemp]
[start explorer]
[reboot]


Run RSIT again and post both OTMoveIT3 and RSIT log.txt here :thumbup2:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#15 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:19 AM

Posted 05 February 2009 - 03:40 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users