Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Serious Computer Problems: Need Urgent Help!


  • This topic is locked This topic is locked
14 replies to this topic

#1 Beastolizer

Beastolizer

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:24 AM

Posted 29 January 2009 - 11:12 PM

Hello all, I have been having a real tough time lately with my computer. It has been starting up fine but after either getting to the user select screen, or after I have selected a user, the computer will just freeze. I'm not sure what was doing this but it occured for about a week or so before I was able to actually successfully log into my user account. Upon logging in, I was hit with a slow connection along with pop-ups, and a bundle of other things I can't explain because of my low computer knowledge. Anyhow, I have discovered traces of virtumonde (or w/e thats called), some trojans, and altnet to be on my computer after running malwarebytes malware removal and SpyBot search and Destroy. Neither option has been able to successfully remove my problem(s), so thats when I came here. Now, I have prepared a HiJackThis log and pasted it below. I would GREATLY appreciate any help that anyone could give me. I understand whoever helps me is doing this for free, and I want to personnally thank you for taking time out of your day to help someone you don't even know. So once again, I say Thank You SO much!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:11:42 PM, on 1/29/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\Photo Server\appsrv\PhotoAppSrv.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Documents and Settings\peter engquist\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft Hardware\Mouse\point32.exe"
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Dkisoju] rundll32.exe "C:\WINDOWS\ojebehavaqegayux.dll",e
O4 - HKLM\..\Run: [Oluli] rundll32.exe "C:\WINDOWS\Mvuyogomus.dll",e
O4 - HKLM\..\Run: [vihisagadi] Rundll32.exe "C:\WINDOWS\system32\pewekasi.dll",s
O4 - HKLM\..\Run: [CPMf3075b31] Rundll32.exe "c:\windows\system32\yupabeda.dll",a
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [f03468ad] rundll32.exe "C:\WINDOWS\system32\tnqbhhae.dll",b
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\peter engquist\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [vihisagadi] Rundll32.exe "C:\WINDOWS\system32\pewekasi.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [vihisagadi] Rundll32.exe "C:\WINDOWS\system32\pewekasi.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] D:\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] D:\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\DOWNLO~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\DOWNLO~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\DOWNLO~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\DOWNLO~1\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\peter engquist\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...76/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay103.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} - http://www.snapfish.com/SnapfishUpload.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,19/mcgdmgr.cab
O16 - DPF: {C946EF6D-296D-4907-A6E1-ED0E8E5AF024} (LycosMail Upload Control) - http://mail.lycos.com/hanmail-ax/AttachMail.cab
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_03) -
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.6.0_06) -
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Plug-in 1.6.0_07) -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\zitosaba.dll c:\windows\system32\yupabeda.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\yupabeda.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\yupabeda.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\Photo Server\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\Giga Pocket\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

--
End of file - 11371 bytes

BC AdBot (Login to Remove)

 


#2 Beastolizer

Beastolizer
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:24 AM

Posted 29 January 2009 - 11:54 PM

bump.

#3 Beastolizer

Beastolizer
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:24 AM

Posted 30 January 2009 - 05:55 PM

still need help :thumbup2:

#4 Beastolizer

Beastolizer
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:24 AM

Posted 31 January 2009 - 03:26 PM

not sure why I haven't been helped when people that just make a post are being helped?

#5 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:05:24 PM

Posted 02 February 2009 - 05:58 AM

Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.



NEXT


Please download GMER and unzip it to your Desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.


Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GMER result..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#6 Beastolizer

Beastolizer
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:24 AM

Posted 05 February 2009 - 08:51 PM

Here is my Malwarebytes Anti-Malware File:

Malwarebytes' Anti-Malware 1.33
Database version: 1654
Windows 5.1.2600 Service Pack 3

2/5/2009 5:40:22 PM
mbam-log-2009-02-05 (17-40-22).txt

Scan type: Full Scan (A:\|C:\|D:\|E:\|F:\|G:\|I:\|)
Objects scanned: 133771
Time elapsed: 1 hour(s), 2 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 27
Registry Values Infected: 5
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 53

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4fa1cc63-ecbc-4666-9adc-80fbdd9355b9} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0149c3a2-7da3-4b41-80ea-749df46ca8bd} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ulhbvoso (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ulhbvoso (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ulhbvoso (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ulhbvoso (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\svvngzbf (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\svvngzbf (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\svvngzbf (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\svvngzbf (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\seneka (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\seneka (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\seneka (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seneka (Trojan.Agent) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spcron (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f06e3498-7266-292f-3508-96c845e3a78f} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f06e3498-7266-292f-3508-96c845e3a78f} (Adware.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vihisagadi (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\f03468ad (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpmf3075b31 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dkisoju (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\oluli (Trojan.Agent) -> Delete on reboot.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\VirusRemover2008 (Rogue.VirusRemove) -> Quarantined and deleted successfully.
C:\Documents and Settings\peter engquist\Application Data\VirusRemover2008 (Rogue.VirusRemover) -> Quarantined and deleted successfully.
C:\Documents and Settings\peter engquist\Application Data\VirusRemover2008\Logs (Rogue.VirusRemover) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\peter engquist\Local Settings\Temp\seneka9077.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\rcfoffek.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\konkdsuy.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\peter engquist\Application Data\VirusRemover2008\Logs\scns.log (Rogue.VirusRemover) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\adssite-remove.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\ojebehavaqegayux.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\Mvuyogomus.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\svchost32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\internet.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\prunnet.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\senekagskdlsmk.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\senekalog.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\seneka.sys (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\drivers\senekavkaprkrj.sys (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\winpfz33.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\ctfmon32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\ctrlpan.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\directx32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\dnsrelay.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\editpad.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\Explorer32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\funniest.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\funny.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\gfmnaaa.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\helpcvs.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\inetinf.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\msconfd.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\msspi.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\mswsc10.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\mswsc20.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\qttasks.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\quicken.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\rundll16.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\{be24d6d6-8fdc-35f6-c21e-5fd5cbf95398}.dll-uninst.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\rundll32.vbe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\searchword.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\sistem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\svcinit.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\time.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dewukobe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kedohugu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pmnnOeDs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nunoloje.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sokogufe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\volorume.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\feyiloto.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BMf3075b31.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BMf3075b31.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nst4D.dll (Adware.BHO) -> Quarantined and deleted successfully.

#7 Beastolizer

Beastolizer
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:24 AM

Posted 05 February 2009 - 08:53 PM

Logfile of random's system information tool 1.05 (written by random/random)
Run by peter engquist at 2009-02-05 17:46:13
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 81 GB (86%) free of 94 GB
Total RAM: 1023 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:46:31 PM, on 2/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sony\Photo Server\appsrv\PhotoAppSrv.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Documents and Settings\peter engquist\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\peter engquist\Desktop\Computer Cleaner\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\peter engquist.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {0149c3a2-7da3-4b41-80ea-749df46ca8bd} - (no file)
O2 - BHO: (no name) - {4b587a3d-3dce-4942-a20d-ac4cd49f32e1} - (no file)
O2 - BHO: (no name) - {4FA1CC63-ECBC-4666-9ADC-80FBDD9355B9} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {68a21b3a-25c0-49d7-ab61-0be94a043319} - (no file)
O2 - BHO: (no name) - {6a752f32-0ea6-4b55-bc85-64f9d58b1f15} - (no file)
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file)
O2 - BHO: (no name) - {7355F214-890F-45C1-ACBA-A170E6FF014D} - (no file)
O2 - BHO: (no name) - {74934910-54F8-40E7-B264-F8535AEC53C4} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: (no name) - {B7A8538C-40D6-4401-9F5B-6F1C221D0B23} - (no file)
O2 - BHO: (no name) - {C5FED44F-B652-4B13-BBD0-7BB800798D13} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {f06e3498-7266-292f-3508-96c845e3a78f} - (no file)
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft Hardware\Mouse\point32.exe"
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [Dkisoju] rundll32.exe "C:\WINDOWS\ojebehavaqegayux.dll",e
O4 - HKLM\..\Run: [Oluli] rundll32.exe "C:\WINDOWS\Mvuyogomus.dll",e
O4 - HKLM\..\Run: [vihisagadi] Rundll32.exe "C:\WINDOWS\system32\retupodi.dll",s
O4 - HKLM\..\Run: [f03468ad] rundll32.exe "C:\WINDOWS\system32\teteripe.dll",b
O4 - HKLM\..\Run: [CPMf3075b31] Rundll32.exe "c:\windows\system32\zepepewa.dll",a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\peter engquist\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [vihisagadi] Rundll32.exe "C:\WINDOWS\system32\retupodi.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [vihisagadi] Rundll32.exe "C:\WINDOWS\system32\retupodi.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\DOWNLO~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\DOWNLO~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\DOWNLO~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\DOWNLO~1\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\peter engquist\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...76/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay103.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} - http://www.snapfish.com/SnapfishUpload.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,19/mcgdmgr.cab
O16 - DPF: {C946EF6D-296D-4907-A6E1-ED0E8E5AF024} (LycosMail Upload Control) - http://mail.lycos.com/hanmail-ax/AttachMail.cab
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_03) -
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.6.0_06) -
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Plug-in 1.6.0_07) -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: ghjefe.dll ,
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: awtQjHYp - awtQjHYp.dll (file missing)
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\Photo Server\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\Giga Pocket\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

--
End of file - 12637 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\bxlagzor.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2672644582-2644259186-942823671-1006.job
C:\WINDOWS\tasks\Registration reminder 2.job
C:\WINDOWS\tasks\Registration reminder 3.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0149c3a2-7da3-4b41-80ea-749df46ca8bd}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4b587a3d-3dce-4942-a20d-ac4cd49f32e1}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4FA1CC63-ECBC-4666-9ADC-80FBDD9355B9}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-01-28 1554256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68a21b3a-25c0-49d7-ab61-0be94a043319}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6a752f32-0ea6-4b55-bc85-64f9d58b1f15}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7355F214-890F-45C1-ACBA-A170E6FF014D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74934910-54F8-40E7-B264-F8535AEC53C4}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-31 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVGTOOLBAR - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2009-01-09 1968920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B7A8538C-40D6-4401-9F5B-6F1C221D0B23}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C5FED44F-B652-4B13-BBD0-7BB800798D13}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-31 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-31 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f06e3498-7266-292f-3508-96c845e3a78f}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVGTOOLBAR - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2009-01-09 1968920]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"nwiz"=nwiz.exe /installquiet []
"ATIModeChange"=C:\WINDOWS\system32\Ati2mdxx.exe [2001-09-04 28672]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2003-02-28 315392]
"IgfxTray"=C:\WINDOWS\System32\igfxtray.exe [2003-03-11 155648]
"HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe [2003-03-11 114688]
"ezShieldProtector for Px"=C:\WINDOWS\System32\ezSP_Px.exe [2002-08-20 40960]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2003-02-14 88107]
"StorageGuard"=C:\Program Files\VERITAS Software\Update Manager\sgtray.exe [2002-06-17 155648]
"VAIO Recovery"=C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe [2003-04-19 28672]
"BluetoothAuthenticationAgent"=C:\WINDOWS\system32\bthprops.cpl [2008-04-13 110592]
"IntelliPoint"=C:\Program Files\Microsoft Hardware\Mouse\point32.exe [2002-08-29 172032]
"Media Codec Update Service"=C:\Program Files\Essentials Codec Pack\update.exe [2007-04-08 303104]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [2007-03-09 63712]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-01-09 1601304]
"Zune Launcher"=C:\Program Files\Zune\ZuneLauncher.exe [2008-09-12 160160]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]
"Microsoft Works Update Detection"=C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe []
"IntelliType"=C:\Program Files\Microsoft Hardware\Keyboard\type32.exe []
"Dkisoju"=C:\WINDOWS\ojebehavaqegayux.dll []
"Oluli"=C:\WINDOWS\Mvuyogomus.dll []
"vihisagadi"=C:\WINDOWS\system32\retupodi.dll []
"f03468ad"=C:\WINDOWS\system32\teteripe.dll []
"CPMf3075b31"=c:\windows\system32\zepepewa.dll []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-01-28 2097488]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]
"Google Update"=C:\Documents and Settings\peter engquist\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-14 133104]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_8 -reboot 1 []
"Uniblue RegistryBooster 2"=C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMf3075b31]
C:\WINDOWS\system32\nvyyewdq.dll []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dxtrans]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\f03468ad]
C:\WINDOWS\system32\ihuihrei.dll []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=" ghjefe.dll , "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-01-09 10520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awtQjHYp]
awtQjHYp.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2003-03-11 315392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=schannel.dll, digest.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"D:\download\Music download\Morpheus\LimeWire\LimeWire.exe"="D:\download\Music download\Morpheus\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"D:\Downloads\Office12\ONENOTE.EXE"="D:\Downloads\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\!KillBox\tgcmd.exe"="C:\!KillBox\tgcmd.exe:*:Enabled:tgcmd Module"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"D:\download\Music download\Morpheus\Limewire\Everything Else\LimeWire\LimeWire.exe"="D:\download\Music download\Morpheus\Limewire\Everything Else\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"D:\download\Music download\Morpheus\utorrent\utorrent.exe"="D:\download\Music download\Morpheus\utorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======File associations======

.bat - edit -
.cmd - edit -
.inf - open -
.ini - open - notepad.exe %1
.js - edit -
.js - open - NOTEPAD.EXE %1
.reg - edit -
.txt - open - notepad.exe %1
.vbs - edit -
.vbs - open - NOTEPAD.EXE %1

======List of files/folders created in the last 3 months======

65535-65535-31889 379:31889:443 ----ASHC---- C:\WINDOWS\system32\zoretayo.dll
65535-65535-31889 379:31889:443 ----ASHC---- C:\WINDOWS\system32\zizatewa.dll
65535-65535-31889 379:31889:443 ----ASHC---- C:\WINDOWS\system32\yuniyuzi.dll
65535-65535-31889 379:31889:443 ----ASHC---- C:\WINDOWS\system32\wikufalu.dll
65535-65535-31889 379:31889:443 ----ASHC---- C:\WINDOWS\system32\vivodiha.dll
65535-65535-31889 379:31889:443 ----ASHC---- C:\WINDOWS\system32\sefoseyo.dll
65535-65535-31889 379:31889:443 ----ASHC---- C:\WINDOWS\system32\romabotu.dll
65535-65535-31889 379:31889:443 ----ASHC---- C:\WINDOWS\system32\rezalefe.dll
65535-65535-31889 379:31889:443 ----ASHC---- C:\WINDOWS\system32\petonuho.dll
65535-65535-31889 379:31889:443 ----ASHC---- C:\WINDOWS\system32\nisejeti.dll
65535-65535-31889 379:31889:443 ----ASHC---- C:\WINDOWS\system32\nidizowe.dll
65535-65535-31889 379:31889:443 ----ASHC---- C:\WINDOWS\system32\nebumefo.dll
65535-65535-31889 379:31889:443 ----ASHC---- C:\WINDOWS\system32\mikolobe.dll
65535-65535-31889 379:31889:443 ----ASHC---- C:\WINDOWS\system32\mebarepo.dll
65535-65535-31889 379:31889:443 ----ASHC---- C:\WINDOWS\system32\kuwalobe.dll
65535-65535-31889 379:31889:443 ----ASHC---- C:\WINDOWS\system32\kulofuvo.dll
65535-65535-31889 379:31889:443 ----ASHC---- C:\WINDOWS\system32\kagohaku.dll
65535-65535-31889 379:31889:443 ----ASHC---- C:\WINDOWS\system32\jutunaja.dll
65535-65535-31889 379:31889:443 ----ASHC---- C:\WINDOWS\system32\jogihuju.dll
65535-65535-31889 379:31889:443 ----ASHC---- C:\WINDOWS\system32\jelipeya.dll
65535-65535-31889 379:31889:443 ----ASHC---- C:\WINDOWS\system32\hevesopa.dll
65535-65535-31889 379:31889:443 ----ASHC---- C:\WINDOWS\system32\hetuyevo.dll
65535-65535-31889 379:31889:443 ----ASHC---- C:\WINDOWS\system32\hegepihu.dll
65535-65535-31889 379:31889:443 ----ASHC---- C:\WINDOWS\system32\fuhaleke.dll
65535-65535-31889 379:31889:443 ----ASHC---- C:\WINDOWS\system32\domemaha.dll
65535-65535-31889 379:31889:443 ----ASHC---- C:\WINDOWS\system32\bekoduya.dll
65535-65535-31889 379:31889:443 ----ASHC---- C:\WINDOWS\system32\bakivige.dll
2009-02-05 17:46:13 ----DC---- C:\rsit
2009-02-04 20:21:16 ----ASHC---- C:\WINDOWS\system32\yqgbst.dll
2009-02-02 20:54:33 ----ASHC---- C:\WINDOWS\system32\yewtcj.dll
2009-02-01 13:23:04 ----ASHC---- C:\WINDOWS\system32\tsoggf.dll
2009-01-31 13:50:57 ----AC---- C:\WINDOWS\system32\b2407dd5-7e09-45c4-ae6a-e6d973de72b3.exe
2009-01-31 13:31:37 ----AC---- C:\WINDOWS\ntbtlog.txt
2009-01-31 12:10:38 ----ASHC---- C:\WINDOWS\system32\iybfne.dll
2009-01-30 15:54:54 ----AC---- C:\WINDOWS\system32\bfdtaf.dll
2009-01-29 14:44:56 ----AC---- C:\WINDOWS\system32\Incinerator.dll
2009-01-29 14:44:53 ----AC---- C:\WINDOWS\system32\smrgdf.exe
2009-01-29 14:44:53 ----AC---- C:\WINDOWS\system32\iolobtdfg.exe
2009-01-29 14:44:50 ----DC---- C:\Program Files\iolo
2009-01-29 14:32:06 ----AC---- C:\WINDOWS\system32\henvgd.dll
2009-01-29 14:32:03 ----AC---- C:\WINDOWS\system32\mnrbbpiq.dll
2009-01-29 14:30:58 ----AC---- C:\WINDOWS\system32\mfc45.dll
2009-01-29 14:29:15 ----DC---- C:\Documents and Settings\peter engquist\Application Data\iolo
2009-01-29 14:29:15 ----DC---- C:\Documents and Settings\All Users\Application Data\iolo
2009-01-29 14:26:33 ----AC---- C:\WINDOWS\system32\vpomyy.dll
2009-01-29 14:21:47 ----ASHC---- C:\WINDOWS\system32\ytubqj.dll
2009-01-23 17:26:19 ----ASHC---- C:\WINDOWS\system32\hjxigp.dll
2009-01-22 16:01:04 ----AC---- C:\WINDOWS\system32\vvszxv.dll
2009-01-22 16:00:59 ----AC---- C:\WINDOWS\system32\fcevhenk.dll
2009-01-22 14:12:30 ----ASHC---- C:\WINDOWS\system32\nhtboy.dll
2009-01-21 13:41:04 ----AC---- C:\WINDOWS\system32\998.exe
2009-01-20 14:45:52 ----AC---- C:\WINDOWS\system32\marggv.dll
2009-01-20 14:45:42 ----AC---- C:\WINDOWS\system32\cidcrstb.dll
2009-01-19 20:45:51 ----AC---- C:\WINDOWS\system32\bpbihr.dll
2009-01-19 20:45:40 ----AC---- C:\WINDOWS\system32\aqonlkpn.dll
2009-01-19 16:39:27 ----AC---- C:\WINDOWS\system32\chert5-998.exe
2009-01-19 16:38:35 ----AC---- C:\WINDOWS\system32\hgGvsqoP.dll
2009-01-19 16:32:45 ----AC---- C:\WINDOWS\system32\sikirh.dll
2009-01-19 16:32:40 ----AC---- C:\WINDOWS\system32\uujanmei.dll
2009-01-19 16:32:29 ----AC---- C:\WINDOWS\system32\pmnKExVo.dll
2009-01-19 16:30:10 ----AC---- C:\WINDOWS\system32\fb17acd3-.txt
2009-01-13 22:57:23 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-01-04 18:07:25 ----DC---- C:\Documents and Settings\peter engquist\Application Data\LimeWire
2008-12-31 01:47:38 ----AC---- C:\WINDOWS\system32\javaws.exe
2008-12-31 01:47:38 ----AC---- C:\WINDOWS\system32\javaw.exe
2008-12-31 01:47:38 ----AC---- C:\WINDOWS\system32\java.exe
2008-12-31 01:11:24 ----AC---- C:\WINDOWS\system32\deploytk.dll
2008-12-10 07:54:04 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-10 07:52:48 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-10 07:52:42 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-10 07:50:43 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-08 17:32:14 ----DC---- C:\WINDOWS\pss
2008-11-14 14:12:35 ----AC---- C:\WINDOWS\system32\fuusd.dll
2008-11-14 14:12:35 ----AC---- C:\WINDOWS\system32\fnfilter.dll
2008-11-12 21:25:20 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 21:25:13 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-12 21:25:02 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$

======List of files/folders modified in the last 3 months======

2009-02-05 17:43:16 ----ADC---- C:\WINDOWS\Temp
2009-02-05 17:42:47 ----DC---- C:\WINDOWS\system32\CatRoot2
2009-02-05 17:42:45 ----AC---- C:\WINDOWS\ModemLog_Agere Systems AC'97 Modem.txt
2009-02-05 17:41:39 ----SHDC---- C:\WINDOWS\system32
2009-02-05 17:41:39 ----DC---- C:\WINDOWS\system32\drivers
2009-02-05 17:41:39 ----DC---- C:\WINDOWS
2009-02-05 17:41:08 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-05 17:40:22 ----ADC---- C:\Program Files
2009-02-05 16:43:31 ----DC---- C:\WINDOWS\Prefetch
2009-02-05 14:28:38 ----DC---- C:\WINDOWS\system32\config
2009-02-02 21:04:53 ----DC---- C:\Program Files\Mozilla Firefox
2009-01-31 13:41:42 ----DC---- C:\WINDOWS\network diagnostic
2009-01-31 12:59:20 ----SHDC---- C:\RECYCLER
2009-01-31 12:34:19 ----DC---- C:\Documents and Settings\peter engquist\Application Data\AVGTOOLBAR
2009-01-30 16:31:22 ----SDC---- C:\WINDOWS\Downloaded Program Files
2009-01-30 15:54:53 ----AC---- C:\WINDOWS\system32\papulihe.dll
2009-01-29 17:15:48 ----ADC---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-01-29 17:00:43 ----DC---- C:\WINDOWS\Debug
2009-01-29 15:03:11 ----RDC---- C:\WINDOWS\Offline Web Pages
2009-01-29 15:02:12 ----DC---- C:\Documents and Settings\peter engquist\Application Data\uTorrent
2009-01-29 15:02:10 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-01-29 15:02:10 ----DC---- C:\WINDOWS\Help
2009-01-29 15:02:10 ----DC---- C:\WINDOWS\AppPatch
2009-01-29 15:02:10 ----DC---- C:\Program Files\WinRAR
2009-01-29 15:02:10 ----DC---- C:\Program Files\Internet Explorer
2009-01-29 15:02:09 ----SHDC---- C:\WINDOWS\Installer
2009-01-29 15:02:09 ----HDC---- C:\WINDOWS\inf
2009-01-29 15:02:07 ----DC---- C:\WINDOWS\repair
2009-01-29 15:02:07 ----DC---- C:\WINDOWS\Minidump
2009-01-29 15:02:04 ----DC---- C:\WINDOWS\system32\dllcache
2009-01-29 15:02:03 ----DC---- C:\WINDOWS\system32\NtmsData
2009-01-29 15:02:03 ----DC---- C:\WINDOWS\system32\ktutils
2009-01-29 14:26:34 ----AC---- C:\WINDOWS\system32\sowemame.dll
2009-01-29 14:26:33 ----AC---- C:\WINDOWS\system32\yupabeda.dll
2009-01-29 14:26:33 ----AC---- C:\WINDOWS\system32\fozusayo.dll
2009-01-29 14:26:33 ----AC---- C:\WINDOWS\system32\farewoka.dll
2009-01-23 23:03:57 ----DC---- C:\Documents and Settings
2009-01-20 15:19:01 ----AC---- C:\WINDOWS\wininit.ini
2009-01-19 16:24:34 ----SDC---- C:\WINDOWS\Tasks
2009-01-13 22:56:40 ----HDC---- C:\WINDOWS\$hf_mig$
2009-01-09 16:03:13 ----DC---- C:\Documents and Settings\All Users\Application Data\avg8
2009-01-09 16:02:37 ----AC---- C:\WINDOWS\system32\avgrsstx.dll
2008-12-31 17:50:33 ----DC---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-12-31 01:47:20 ----DC---- C:\Program Files\Java
2008-12-31 01:36:46 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-12-31 01:32:50 ----ADC---- C:\Program Files\Common Files
2008-12-12 22:40:02 ----AC---- C:\WINDOWS\system32\mshtml.dll
2008-12-10 07:53:43 ----DC---- C:\WINDOWS\ie7updates
2008-12-09 12:49:01 ----HDC---- C:\$AVG8.VAULT$
2008-12-09 12:38:23 ----DC---- C:\WINDOWS\system32\CatRoot
2008-12-08 19:10:47 ----HDC---- C:\Program Files\InstallShield Installation Information
2008-12-08 17:33:51 ----RASHC---- C:\boot.ini
2008-12-08 17:33:51 ----AC---- C:\WINDOWS\win.ini
2008-12-08 17:33:51 ----AC---- C:\WINDOWS\system.ini
2008-12-08 13:55:33 ----SHD---- C:\System Volume Information
2008-11-30 16:33:33 ----DC---- C:\WINDOWS\.jagex_cache_32
2008-11-12 21:24:20 ----DC---- C:\WINDOWS\WinSxS
2008-11-10 15:58:33 ----DC---- C:\Documents and Settings\peter engquist\Application Data\Apple Computer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-01-19 325128]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-01-09 27656]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-01-09 107272]
R1 DMICall;Sony DMI Call service; C:\WINDOWS\System32\DRIVERS\DMICall.sys [2000-12-05 3952]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 LUMDriver;LUMDriver; \??\C:\WINDOWS\system32\drivers\LUMDriver.sys []
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032]
R2 HPFECP20;HPFECP20; C:\WINDOWS\System32\drivers\HPFECP20.SYS [1999-03-23 52800]
R2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys [2006-03-24 8413]
R2 zumbus;Zune Bus Enumerator Driver; C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-09-12 40832]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\System32\DRIVERS\AGRSM.sys [2003-02-14 1169792]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 Avgfwdx;Avgfwdx; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-11-05 29208]
R3 E1000;Intel® PRO/1000 Adapter Driver; C:\WINDOWS\System32\DRIVERS\e1000325.sys [2003-03-11 121344]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 MxlW2k;MxlW2k; C:\WINDOWS\system32\drivers\MxlW2k.sys [2004-11-25 28352]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2003-03-03 1248794]
R3 Pcouffin;Low level access layer for CD devices; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2003-05-05 32192]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\System32\DRIVERS\point32.sys [2002-08-29 6528]
R3 smrt;Sony MPEG RealTime encoder board; C:\WINDOWS\System32\DRIVERS\smrt.sys [2003-05-19 745984]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-04-02 543360]
R3 SONYWBMS;Sony Memory Stick controller(WB); C:\WINDOWS\System32\DRIVERS\SonyWBMS.SYS [2002-12-18 36184]
R3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel® Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-03-13 112288]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel® Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-03-13 78496]
S3 ALABULK;Fujifilm USB MemoryCard ReaderWriter device driver; C:\WINDOWS\System32\Drivers\ALABULK2.sys [2002-07-09 33600]
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2002-12-04 730956]
S3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2003-02-28 576512]
S3 Avgfwfd;AVG network filter service; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-11-05 29208]
S3 BthEnum;Bluetooth Enumerator Service; C:\WINDOWS\System32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-13 272128]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2006-10-28 10345]
S3 HidBth;Microsoft Bluetooth HID Miniport; C:\WINDOWS\System32\DRIVERS\hidbth.sys [2008-04-13 25600]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2003-03-13 90395]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\System32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WinUSB;WinUSB; C:\WINDOWS\system32\DRIVERS\WinUSB.sys [2006-11-02 39368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-01-09 903960]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-01-19 298264]
R2 avgfws8;AVG8 Firewall; C:\PROGRA~1\AVG\AVG8\avgfws8.exe [2009-01-19 1339600]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2005-09-30 96341]
R2 ioloFileInfoList;iolo FileInfoList Service; C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2009-01-14 712048]
R2 ioloSystemService;iolo System Service; C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2009-01-14 712048]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-31 152984]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\System32\nvsvc32.exe [2003-03-03 65536]
R2 VAIOMediaPlatform-PhotoServer-AppServer;VAIO Media Photo Server; C:\Program Files\Sony\Photo Server\appsrv\PhotoAppSrv.exe [2003-03-25 262144]
R2 VAIOMediaPlatform-PhotoServer-HTTP;VAIO Media Photo Server (HTTP); C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe [2003-02-10 57344]
R2 VAIOMediaPlatform-PhotoServer-UPnP;VAIO Media Photo Server (UPnP); C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe [2003-03-19 675840]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 ZuneBusEnum;Zune Bus Enumerator; C:\WINDOWS\system32\ZuneBusEnum.exe [2008-09-12 61856]
R2 ZuneNetworkSvc;Zune Network Sharing Service; C:\Program Files\Zune\ZuneNss.exe [2008-09-12 5119392]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 VAIOMediaPlatform-MusicServer-AppServer;VAIO Media Music Server; C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName=VAIO Media Music Server []
S2 VAIOMediaPlatform-MusicServer-HTTP;VAIO Media Music Server (HTTP); C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe [2003-02-10 57344]
S2 VAIOMediaPlatform-MusicServer-UPnP;VAIO Media Music Server (UPnP); C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe [2003-03-19 675840]
S2 VAIOMediaPlatform-VideoServer-AppServer;VAIO Media Video Server; C:\Program Files\Sony\Giga Pocket\GPVSvr.exe [2003-05-12 942080]
S2 VAIOMediaPlatform-VideoServer-HTTP;VAIO Media Video Server (HTTP); C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe [2003-02-10 57344]
S2 VAIOMediaPlatform-VideoServer-UPnP;VAIO Media Video Server (UPnP); C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe [2003-03-19 675840]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-09-08 536872]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service; C:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-09-12 245664]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.05 2009-02-05 17:46:35

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\System32\\MSIEXEC.EXE /x {09DA4F91-2A09-4232-AB8C-6BC740096DE3}
-->C:\WINDOWS\System32\\MSIEXEC.EXE /x {8214CC02-6271-4DC8-B8DD-779933450264}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe® Photoshop® Album Starter Edition 3.2-->MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
Agere Systems AC'97 Modem-->agrsmdel
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Ashampoo Burning Studio 7.21-->"C:\Program Files\Ashampoo\Ashampoo Burning Studio 7\unins000.exe"
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
AVS DVDMenu Editor 1.0.0.5-->"C:\Program Files\Common Files\AVSMedia\AVS DVDMenu Editor\unins000.exe"
Backyard Baseball 2003-->C:\WINDOWS\IsUninst.exe -f"C:\HEGames\Baseball 2003\Uninst.isu" -c"C:\HEGames\Baseball 2003\Uninst.dll
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Canon Camera Access Library-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon G.726 WMP-Decoder-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"
Canon RAW Image Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon RemoteCapture Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities EOS Utility-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Contextual Tool Adssite-->C:\WINDOWS\system32\b2407dd5-7e09-45c4-ae6a-e6d973de72b3.exe
DVD Creation-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF005ABC-1422-4BEC-91C4-DD5935E56AAA}\setup.exe"
EPSON CardMonitor-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{109D28C7-FB38-483A-9C91-001CB59E2699}\Setup.exe" -l0x9 uninst
EPSON PhotoStarter3.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5983C895-DDA4-45D9-A8D1-877D5DE7693E}\Setup.exe" uninst
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON SPR300 Reference Guide-->C:\Program Files\epson\guide\spr300_e\uninstall.exe
FinePixViewer Ver.4.3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{24ED4D80-8294-11D5-96CD-0040266301AD}\SETUP.EXE"
Fujifilm USB MemoryCard ReaderWriter-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{F87F471C-66C0-4F70-B493-6E59E4D402E6} /l1033
Giga Pocket Hardware Library 5.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D4B06CBB-8CEF-41A9-8245-ECE384523A85}\Setup.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Home Office Page for Experience VAIO-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{374E48BA-CBC1-4134-86B9-7A97B0E76B2E}\setup.exe"
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB932716-v2)-->"C:\WINDOWS\$NtUninstallKB932716-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HyperLoad-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Nabisco\HyperLoad\Uninst.isu"
Imagistik Image Viewer-->MsiExec.exe /I{1FE3E7D7-7D32-4883-991C-5FEB9BF3DCB2}
Intel® Extreme Graphics Driver-->RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Intel® PRO Network Adapters and Drivers-->Prounstl.exe
iolo technologies' System Mechanic-->"C:\Program Files\iolo\System Mechanic\unins000.exe"
iTunes-->MsiExec.exe /I{EA418519-2160-43A0-AABD-6608DDD8D87F}
Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Kazaa Media Desktop 2.5.1-->RunDll32 C:\WINDOWS\System32\cd_clint.dll,ServiceRunDll u_329 "{4C560D9B-BEA0-4098-ADE2-28576DF8CA8B}"
ktutils21-->MsiExec.exe /X{98D40EC7-E940-11D4-9958-AD2301A2B778}
LimeWire 4.18.8-->"D:\download\Music download\Morpheus\Limewire\Everything Else\LimeWire\uninstall.exe"
Lyra System File Update Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58EBC737-9828-4204-8512-E0E71BD7E792}\setup.exe" -l0x9
Macromedia Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
Malwarebytes' Anti-Malware-->"C:\Documents and Settings\peter engquist\Desktop\Malwarebytes' Anti-Malware\unins000.exe"
Memory Stick Formatter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{27337663-2619-11D4-99DC-0000F49094C7}\setup.exe" -l0x9 /UNINSTALL
MGC v.2.0.2-->MsiExec.exe /X{D64C2A1C-907E-4F96-A5A1-91A61EA7CB90}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2003-->MsiExec.exe /X{90AF0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Upgrade Offer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EDEAF307-51B7-41FF-8B08-AE646117172E}\setup.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWudf01007$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft WinUsb 1.0-->"C:\WINDOWS\$NtUninstallwinusb0100$\spuninst\spuninst.exe"
MobileMe Control Panel-->MsiExec.exe /I{6DA9102E-199F-43A0-A36B-6EF48081A658}
Mozilla Firefox (2.0.0.20)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Music Assistant-->rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Music Visualizer Library 1.4.00-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3B24B725-D81F-442D-8CE5-2AF05A4A4CC9}\setup.exe" -l0x9
Netscape (7.02)-->C:\WINDOWS\NSUninst.exe /ua "7.02 (en)"
Nikon View 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AAB84E83-C8DF-4752-9DFC-2E2A48EE5E9F}\setup.exe" UNINSTALL
NVIDIA Windows 2000/XP Display Drivers-->rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvsy.inf
OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Rave-MP-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{972C1B83-34ED-4A9A-AE27-10B39B096201}\setup.exe" -l0x9 -removeonly
Rhapsody Player Engine-->MsiExec.exe /I{30C2FCD0-FF7B-4FFA-8DDE-43A22E01A1E7}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Visio 2007 (KB947590)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Shockwave-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
SonicStage 1.5.50-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A}\setup.exe" -l0x9 UNINSTALL
Sony Certificate PCH-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0448678-1203-4158-A58F-B3D0B616BF9E}\setup.exe"
Sony Video Shared Library-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6990A2BF-D1D2-11D3-81BC-00609789C908}\setup.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster 4.0-->"C:\Program Files\SpywareBlaster\unins000.exe"
Update for Office 2007 (KB946691)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
VAIO DeepSea Wallpaper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3147661C-2807-49EC-B971-3B0F23D95018}\setup.exe"
VAIO Edit Components-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{761C9026-14F0-4352-8658-934558272404}\setup.exe"
VAIO Help and Support-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{E68B38DE-D7DD-4FB3-A453-3F03A947EA8E}
VAIO Media 2.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1EB317D8-8945-4FD6-B37F-DF470317C6AB}\setup.exe" -l0x9 UNINSTALL
VAIO Media Music Server 2.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DF733005-0F40-11D6-9254-0000F460E7A9}\setup.exe" -l0x9 UNINSTALL
VAIO Media Photo Server 2.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E30D77F-CE1B-4674-8AFB-0DE22E5AC3A8}\setup.exe" -l0x9
VAIO Media Platform 2.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DF0DD6E9-F673-4466-8353-70B50A506FD9}\setup.exe"
VAIO Media Redistribution 2.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7128C69B-8F7E-4336-8698-3FD3CDD955EC}\setup.exe" -l0x9 UNINSTALL
VAIO Media Setup 2.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CCAC48E4-4B4D-43CB-ABB5-E817E39873B3}\setup.exe" -l0x9
VAIO Media Video Server 2.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63C6BABD-0BF7-488B-9AB5-B989E23CC581}\Setup.exe"
VAIO Pictures Page-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{74E964BF-88B5-49A5-97A4-E30E942D5990}\setup.exe"
VAIO Registration-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{315BA29D-2644-4760-B5FD-5AC04A52B8C5}
VAIO Remote Commander Utility 5.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4570E5E0-62A2-48BD-87F3-EB7232EC4558}\Setup.exe"
VAIO Support-->"c:\program files\support.com\client\bin\tgfix.exe" /rm /nq
VAIO Survey Standalone-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{FA11D5B5-7D0A-43E8-88C4-960F97B194DE}
VAIO System Information-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CD7D5804-C157-48A6-AEE0-4A40A4B5C054}\setup.exe"
VAIO TV Page-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CC763DAB-9DC6-4992-B952-ACF563D6F7E1}\setup.exe"
VERITAS RecordNow Update Manager-->MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
VERITAS RecordNow-->MsiExec.exe /I{8214CC02-6271-4DC8-B8DD-779933450264}
Videora iPod Converter 3.07-->D:\download\Video Converter 3\uninstaller.exe
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Windows Essentials Media Codec Pack 1.0-->C:\Program Files\Essentials Codec Pack\uninst.exe
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Zune Language Pack (ES)-->MsiExec.exe /X{EE4ACABF-531E-419A-9225-B8E0FA4955AF}
Zune Language Pack (FR)-->MsiExec.exe /X{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}
Zune-->C:\Program Files\Zune\ZuneSetup.exe /x
Zune-->MsiExec.exe /X{FF70513F-E3A7-402F-84FB-B7810A064BE2}

=====HijackThis Backups=====

O4 - Startup: IMVU.lnk = C:\Documents and Settings\peter engquist\My Documents\download\Music download\Morpheus\IMVU\IMVUClient.exe
O4 - Startup: Morpheus.lnk = C:\Documents and Settings\peter engquist\My Documents\download\Music download\Morpheus\Morpheus.exe
O2 - BHO: (no name) - {665F7F3E-DA85-495A-BE2F-A4C1E11F5260} - C:\WINDOWS\system32\awvvu.dll (file missing)
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\bin\tgcmd.exe /server
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O24 - Desktop Component 0: (no name) - C:\Program Files\Windows Media Player\progycawuy.html
O2 - BHO: (no name) - {c093f42f-c35a-4c0a-b8f5-3718164f0fd0} - C:\WINDOWS\system32\rmvoylg.dll
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {8E3FBDE2-7DBD-4040-85D9-29BBC559C129} - C:\WINDOWS\system32\efcyyaw.dll (file missing)
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup141.cab
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://3dlifeplayer.dl.3dvia.com/player/in...l/installer.exe
O3 - Toolbar: Adssite Toolbar - {41C29B07-6F91-4966-91BE-2E2841643C83} - C:\Program Files\Adssite Advanced Toolbar\toolbar.dll (file missing)
O20 - Winlogon Notify: efcyyaw - efcyyaw.dll (file missing)
O4 - Startup: Rabio - Auto Update.lnk = C:\Program Files\Rabio\se.exe
O4 - HKLM\..\Run: [Qeret2.1] C:\WINDOWS\System32\ktutils\qeret2.exe
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - Startup: DW_Start.lnk = C:\QooBox\Quarantine\C\WINDOWS\system32\rwwnw64d.exe.vir

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: AVG Internet Security
FW: AVG Firewall

System event log

Computer Name: FORTHEBEST
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 7993
Source Name: Service Control Manager
Time Written: 20081231013431.000000-480
Event Type: error
User:

Computer Name: FORTHEBEST
Event Code: 7036
Message: The Application Management service entered the stopped state.

Record Number: 7992
Source Name: Service Control Manager
Time Written: 20081231013431.000000-480
Event Type: information
User:

Computer Name: FORTHEBEST
Event Code: 7035
Message: The Application Management service was successfully sent a start control.

Record Number: 7991
Source Name: Service Control Manager
Time Written: 20081231013431.000000-480
Event Type: information
User: FORTHEBEST\peter engquist

Computer Name: FORTHEBEST
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 7990
Source Name: Service Control Manager
Time Written: 20081231013431.000000-480
Event Type: error
User:

Computer Name: FORTHEBEST
Event Code: 7036
Message: The Application Management service entered the stopped state.

Record Number: 7989
Source Name: Service Control Manager
Time Written: 20081231013431.000000-480
Event Type: information
User:

Application event log

Computer Name: FORTHEBEST
Event Code: 1
Message:
Record Number: 5
Source Name: avg8emc
Time Written: 20080713131622.000000-420
Event Type: information
User:

Computer Name: FORTHEBEST
Event Code: 100
Message: Service has started normally on port 51712

Record Number: 4
Source Name: Photo Server
Time Written: 20080713131601.000000-420
Event Type: information
User:

Computer Name: FORTHEBEST
Event Code: 1800
Message: The Windows Security Center Service has started.

Record Number: 3
Source Name: SecurityCenter
Time Written: 20080713131601.000000-420
Event Type: information
User:

Computer Name: FORTHEBEST
Event Code: 1000
Message: Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

Record Number: 2
Source Name: Application Error
Time Written: 20080713131556.000000-420
Event Type: error
User:

Computer Name: FORTHEBEST
Event Code: 1
Message:
Record Number: 1
Source Name: Bonjour Service
Time Written: 20080713131551.000000-420
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem;C:\Program Files\QuickTime\QTSystem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_06\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_06\lib\ext\QTJava.zip

-----------------EOF-----------------

#8 Beastolizer

Beastolizer
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:24 AM

Posted 05 February 2009 - 10:49 PM

The GMER file is attached. That is everything you have asked for.

By the way, I GREATLY appreciate all this help! :thumbup2:

Attached Files

  • Attached File  Log.log   8KB   21 downloads

Edited by Beastolizer, 05 February 2009 - 10:50 PM.


#9 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:05:24 PM

Posted 06 February 2009 - 03:37 AM

Please show hidden files and folders


Please visit this site and upload below file.. At the comment section, just say "fenzodahl512 asked to upload the file"

C:\WINDOWS\system32\drivers\lmsrzzen.sys




Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from HERE or HERE or HERE and save it to your Desktop.

During the download, rename Combofix to Combo-Fix as follows:

Posted Image

Posted Image


It is important you rename Combofix during the download, but not after.

**NOTE: If you are using Firefox, make sure that your download settings are as follows:
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".

After that, double-click and run Combo-Fix. Let it finish its job and post the log here

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#10 Beastolizer

Beastolizer
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:24 AM

Posted 07 February 2009 - 02:55 AM

Ok, the file was uploaded, and Combo-Fix was run, here is the log:

ComboFix 09-02-06.02 - peter engquist 2009-02-06 23:41:23.7 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.576 [GMT -8:00]
Running from: c:\documents and settings\peter engquist\Desktop\Computer Cleaner\Combo-Fix.exe
AV: AVG Internet Security *On-access scanning disabled* (Updated)
FW: AVG Firewall *enabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\Readme.txt
c:\windows\system32\998.exe
c:\windows\system32\aqonlkpn.dll
c:\windows\system32\bakivige.dll
c:\windows\system32\bekoduya.dll
c:\windows\system32\bpbihr.dll
c:\windows\system32\chert5-998.exe
c:\windows\system32\cidcrstb.dll
c:\windows\system32\domemaha.dll
c:\windows\system32\drivers\senekabiwgrqrs.sys
c:\windows\system32\etaolatw.ini
c:\windows\system32\farewoka.dll
c:\windows\system32\fcevhenk.dll
c:\windows\system32\fozusayo.dll
c:\windows\system32\fuhaleke.dll
c:\windows\system32\hegepihu.dll
c:\windows\system32\henvgd.dll
c:\windows\system32\hetuyevo.dll
c:\windows\system32\hevesopa.dll
c:\windows\system32\hgGvsqoP.dll
c:\windows\system32\hjxigp.dll
c:\windows\system32\ierhiuhi.ini
c:\windows\system32\IOUtCcdd.ini
c:\windows\system32\IOUtCcdd.ini2
c:\windows\system32\iybfne.dll
c:\windows\system32\jelipeya.dll
c:\windows\system32\jogihuju.dll
c:\windows\system32\jutunaja.dll
c:\windows\system32\kagohaku.dll
c:\windows\system32\kulofuvo.dll
c:\windows\system32\kuwalobe.dll
c:\windows\system32\marggv.dll
c:\windows\system32\mebarepo.dll
c:\windows\system32\mfc45.dll
c:\windows\system32\mikolobe.dll
c:\windows\system32\mnrbbpiq.dll
c:\windows\system32\nebumefo.dll
c:\windows\system32\nhtboy.dll
c:\windows\system32\nidizowe.dll
c:\windows\system32\nisejeti.dll
c:\windows\system32\papulihe.dll
c:\windows\system32\petonuho.dll
c:\windows\system32\pmnKExVo.dll
c:\windows\system32\ppdjfuvw.ini
c:\windows\system32\rezalefe.dll
c:\windows\system32\romabotu.dll
c:\windows\system32\sefoseyo.dll
c:\windows\system32\senekagosbfrkh.dat
c:\windows\system32\sikirh.dll
c:\windows\system32\sowemame.dll
c:\windows\system32\tsoggf.dll
c:\windows\system32\uujanmei.dll
c:\windows\system32\vivodiha.dll
c:\windows\system32\vpomyy.dll
c:\windows\system32\vvszxv.dll
c:\windows\system32\wikufalu.dll
c:\windows\system32\xnsnqmde.ini
c:\windows\system32\yewtcj.dll
c:\windows\system32\yqgbst.dll
c:\windows\system32\ytubqj.dll
c:\windows\system32\yuniyuzi.dll
c:\windows\system32\yupabeda.dll
c:\windows\system32\zizatewa.dll
c:\windows\system32\zoretayo.dll
c:\windows\Tasks\bxlagzor.job

----- BITS: Possible infected sites -----

hxxp://childhe.com
hxxp://77.74.48.105
.
((((((((((((((((((((((((( Files Created from 2009-01-07 to 2009-02-07 )))))))))))))))))))))))))))))))
.

2009-02-05 17:47 . 2009-02-05 18:26 250 --a--c--- c:\windows\gmer.ini
2009-02-05 17:46 . 2009-02-05 17:46 <DIR> d----c--- C:\rsit
2009-02-05 14:47 . 2009-01-14 16:11 38,496 --a--c--- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-31 13:50 . 2009-02-02 20:55 85,668 --a--c--- c:\windows\system32\b2407dd5-7e09-45c4-ae6a-e6d973de72b3.exe
2009-01-29 14:45 . 2009-01-31 13:00 <DIR> d----c--- c:\documents and settings\LocalService\Application Data\iolo
2009-01-29 14:45 . 2009-01-29 14:45 406 --a--c--- c:\windows\system32\ioloBootDefrag.cfg
2009-01-29 14:44 . 2009-01-29 14:44 <DIR> d----c--- c:\program files\iolo
2009-01-29 14:44 . 2009-01-16 17:34 936,288 --a--c--- c:\windows\system32\Incinerator.dll
2009-01-29 14:44 . 2008-09-24 09:32 28,672 --a--c--- c:\windows\system32\iolobtdfg.exe
2009-01-29 14:44 . 2008-11-18 11:51 8,192 --a--c--- c:\windows\system32\smrgdf.exe
2009-01-29 14:29 . 2009-01-29 15:04 <DIR> d----c--- c:\documents and settings\peter engquist\Application Data\iolo
2009-01-29 14:29 . 2009-01-29 14:45 <DIR> d----c--- c:\documents and settings\All Users\Application Data\iolo
2009-01-23 23:03 . 2003-06-19 21:21 <DIR> d----c--- c:\documents and settings\Administrator\Application Data\VERITAS
2009-01-23 23:03 . 2003-04-11 02:14 <DIR> d----c--- c:\documents and settings\Administrator\Application Data\MSN6
2009-01-23 23:03 . 2003-04-11 01:52 <DIR> d----c--- c:\documents and settings\Administrator\Application Data\InterTrust
2009-01-23 23:03 . 2009-01-23 23:03 <DIR> d----c--- c:\documents and settings\Administrator
2009-01-21 14:00 . 2009-01-26 16:32 <DIR> d----c--- c:\windows\system32\config\systemprofile\Application Data\AVGTOOLBAR
2009-01-20 14:44 . 2009-02-06 23:44 4 --a--c--- c:\windows\xkzljxid
2009-01-19 16:29 . 2009-01-19 21:29 2,412 --a--c--- c:\windows\ulhbvoso

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-31 20:34 --------- dc----w c:\documents and settings\peter engquist\Application Data\AVGTOOLBAR
2009-01-30 01:15 --------- dc--a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-29 23:02 --------- dc----w c:\documents and settings\wendy engquist\Application Data\LimeWire
2009-01-29 23:02 --------- dc----w c:\documents and settings\peter engquist\Application Data\uTorrent
2009-01-29 23:02 --------- dc----w c:\documents and settings\peter engquist\Application Data\LimeWire
2009-01-20 04:55 325,128 -c--a-w c:\windows\system32\drivers\avgldx86.sys
2009-01-15 00:11 15,504 -c--a-w c:\windows\system32\drivers\mbam.sys
2009-01-10 22:59 31 -c--a-w c:\documents and settings\peter engquist\jagex_runescape_preferences.dat
2009-01-10 00:03 --------- dc----w c:\documents and settings\All Users\Application Data\avg8
2009-01-10 00:02 12,552 -c--a-w c:\windows\system32\drivers\avgrkx86.sys
2009-01-10 00:02 107,272 -c--a-w c:\windows\system32\drivers\avgtdix.sys
2009-01-01 01:50 --------- dc----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-31 09:47 --------- dc----w c:\program files\Java
2008-12-11 10:57 333,952 -c--a-w c:\windows\system32\drivers\srv.sys
2008-12-09 03:10 --------- dc-h--w c:\program files\InstallShield Installation Information
2009-01-29 12:49 678,400 -c--a-w c:\program files\mozilla firefox\components\a062c1f8-36c1-e825-e6ad-4960feb79a9b.dll
2009-01-02 22:24 67,688 -c--a-w c:\program files\mozilla firefox\components\jar50.dll
2009-01-02 22:24 54,368 -c--a-w c:\program files\mozilla firefox\components\jsd3250.dll
2009-01-02 22:24 34,944 -c--a-w c:\program files\mozilla firefox\components\myspell.dll
2008-09-04 11:19 343,552 -c--a-w c:\program files\mozilla firefox\components\nsbads.dll
2009-01-02 22:24 46,712 -c--a-w c:\program files\mozilla firefox\components\spellchk.dll
2009-01-02 22:24 172,136 -c--a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 2097488]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"Google Update"="c:\documents and settings\peter engquist\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-14 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-02-28 315392]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-03-11 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-03-11 114688]
"ezShieldProtector for Px"="c:\windows\System32\ezSP_Px.exe" [2002-08-20 40960]
"StorageGuard"="c:\program files\VERITAS Software\Update Manager\sgtray.exe" [2002-06-17 155648]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 28672]
"IntelliPoint"="c:\program files\Microsoft Hardware\Mouse\point32.exe" [2002-08-29 172032]
"Media Codec Update Service"="c:\program files\Essentials Codec Pack\update.exe" [2007-04-08 303104]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-09 1601304]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-09-12 160160]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"nwiz"="nwiz.exe" [2003-03-03 c:\windows\system32\nwiz.exe]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 c:\windows\system32\Ati2mdxx.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2003-02-14 c:\windows\AGRSMMSG.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-13 c:\windows\system32\bthprops.cpl]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-01-09 16:02 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= ghjefe.dll ,

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv31"= c:\windows\System32\ir32_32.dll
"vidc.iv32"= c:\windows\System32\ir32_32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders schannel.dll, digest.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dxtrans

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"d:\\Downloads\\Office12\\ONENOTE.EXE"=
"c:\\!KillBox\\tgcmd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"d:\\download\\Music download\\Morpheus\\Limewire\\Everything Else\\LimeWire\\LimeWire.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2008-06-03 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-06-03 325128]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-06-03 107272]
R1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [2005-04-23 14912]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-09 903960]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-09 298264]
R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [2009-01-09 1339600]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2009-01-29 712048]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2009-01-29 712048]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2008-06-03 29208]
S0 xkzljxid;xkzljxid;c:\windows\system32\drivers\lmsrzzen.sys []
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2008-06-03 29208]
.
Contents of the 'Scheduled Tasks' folder

2009-01-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-02-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2672644582-2644259186-942823671-1006.job
- c:\documents and settings\peter engquist\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-14 12:57]

2003-07-16 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\System32\OOBE\oobebaln.exe [2008-04-13 16:12]

2003-07-16 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\System32\OOBE\oobebaln.exe [2008-04-13 16:12]
.
- - - - ORPHANS REMOVED - - - -

BHO-{0149c3a2-7da3-4b41-80ea-749df46ca8bd} - (no file)
BHO-{4b587a3d-3dce-4942-a20d-ac4cd49f32e1} - (no file)
BHO-{4FA1CC63-ECBC-4666-9ADC-80FBDD9355B9} - (no file)
BHO-{68a21b3a-25c0-49d7-ab61-0be94a043319} - (no file)
BHO-{6a752f32-0ea6-4b55-bc85-64f9d58b1f15} - (no file)
BHO-{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file)
BHO-{7355F214-890F-45C1-ACBA-A170E6FF014D} - (no file)
BHO-{74934910-54F8-40E7-B264-F8535AEC53C4} - (no file)
BHO-{B7A8538C-40D6-4401-9F5B-6F1C221D0B23} - (no file)
BHO-{C5FED44F-B652-4B13-BBD0-7BB800798D13} - (no file)
BHO-{f06e3498-7266-292f-3508-96c845e3a78f} - (no file)
WebBrowser-{5CBE2611-C31B-401F-89BC-4CBB25E853D7} - (no file)
HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKCU-Run-Uniblue RegistryBooster 2 - c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe
HKLM-Run-Microsoft Works Update Detection - c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
HKLM-Run-IntelliType - c:\program files\Microsoft Hardware\Keyboard\type32.exe
HKLM-Run-Dkisoju - c:\windows\ojebehavaqegayux.dll
HKLM-Run-Oluli - c:\windows\Mvuyogomus.dll
HKLM-Run-vihisagadi - c:\windows\system32\retupodi.dll
HKLM-Run-f03468ad - c:\windows\system32\teteripe.dll
HKLM-Run-CPMf3075b31 - c:\windows\system32\zepepewa.dll
HKU-Default-Run-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
Notify-awtQjHYp - awtQjHYp.dll
MSConfigStartUp-BMf3075b31 - c:\windows\system32\nvyyewdq.dll
MSConfigStartUp-f03468ad - c:\windows\system32\ihuihrei.dll
MSConfigStartUp-REGSHAVE - c:\program files\REGSHAVE\REGSHAVE.EXE


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - d:\downlo~1\Office12\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\peter engquist\Start Menu\Programs\IMVU\Run IMVU.lnk
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\peter engquist\Application Data\Mozilla\Firefox\Profiles\default.45a\
FF - prefs.js: browser.search.defaulturl - hxxp://www1.yoog.com/search.php?q=
FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: keyword.URL - hxxp://www1.yoog.com/search.php?q=

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: google.toolbar.linkdoctor.enabled - false
FF - user.js: browser.search.defaultenginename - Yoog Search
FF - user.js: browser.search.defaulturl - hxxp://www1.yoog.com/search.php?q=
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www1.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-06 23:45:32
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\system32\drivers\lmsrzzen.sys 25088 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\XP*]
"DisplayName"="?\13?\13"
"DeviceDesc"="?\13?\13"
"ProviderName"=""
"MFG"="???\\"
"ReinstallString"="c:\\WINDOWS\\System32\\ReinstallBackups\\?\13\\DriverFiles\\.INF"
"DeviceInstanceIds"=multi:"er\\xp_inf\\cx_08174.inf\00"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Bonjour\mDNSResponder.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Sony\Photo Server\appsrv\PhotoAppSrv.exe
c:\windows\system32\ZuneBusEnum.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\Zune\ZuneNss.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
c:\program files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2009-02-06 23:52:01 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-07 07:51:58
ComboFix2.txt 2008-06-03 04:13:39

Pre-Run: 84,736,720,896 bytes free
Post-Run: 84,749,885,440 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

Current=2 Default=2 Failed=4 LastKnownGood=1 Sets=1,2,3,4
318 --- E O F --- 2009-01-14 06:57:27

#11 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:05:24 PM

Posted 07 February 2009 - 04:08 AM

1. Please open Notepad
  • Click Start, then Run
  • Type notepad.exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

Driver::
xkzljxid

Rootkit::
c:\windows\xkzljxid
c:\windows\ulhbvoso
c:\windows\system32\drivers\lmsrzzen.sys

File::
c:\windows\xkzljxid
c:\windows\ulhbvoso
c:\windows\system32\drivers\lmsrzzen.sys

RegNull::
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\XP*]

RegLock::
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\XP*]

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#12 Beastolizer

Beastolizer
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:24 AM

Posted 07 February 2009 - 11:04 PM

ComboFix 09-02-06.04 - peter engquist 2009-02-07 19:52:21.8 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.571 [GMT -8:00]
Running from: c:\documents and settings\peter engquist\Desktop\Computer Cleaner\Combo-Fix.exe
Command switches used :: c:\documents and settings\peter engquist\Desktop\Computer Cleaner\CFScript.txt
AV: AVG Internet Security *On-access scanning enabled* (Updated)
FW: AVG Firewall *enabled*
* Created a new restore point

FILE ::
c:\windows\system32\drivers\lmsrzzen.sys
c:\windows\ulhbvoso
c:\windows\xkzljxid
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\lmsrzzen.sys
c:\windows\ulhbvoso
c:\windows\xkzljxid

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_XKZLJXID
-------\Service_xkzljxid


((((((((((((((((((((((((( Files Created from 2009-01-08 to 2009-02-08 )))))))))))))))))))))))))))))))
.

2009-02-05 17:47 . 2009-02-05 18:26 250 --a--c--- c:\windows\gmer.ini
2009-02-05 17:46 . 2009-02-05 17:46 <DIR> d----c--- C:\rsit
2009-02-05 14:47 . 2009-01-14 16:11 38,496 --a--c--- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-31 13:50 . 2009-02-02 20:55 85,668 --a--c--- c:\windows\system32\b2407dd5-7e09-45c4-ae6a-e6d973de72b3.exe
2009-01-29 14:45 . 2009-01-31 13:00 <DIR> d----c--- c:\documents and settings\LocalService\Application Data\iolo
2009-01-29 14:45 . 2009-01-29 14:45 406 --a--c--- c:\windows\system32\ioloBootDefrag.cfg
2009-01-29 14:44 . 2009-01-29 14:44 <DIR> d----c--- c:\program files\iolo
2009-01-29 14:44 . 2009-01-16 17:34 936,288 --a--c--- c:\windows\system32\Incinerator.dll
2009-01-29 14:44 . 2008-09-24 09:32 28,672 --a--c--- c:\windows\system32\iolobtdfg.exe
2009-01-29 14:44 . 2008-11-18 11:51 8,192 --a--c--- c:\windows\system32\smrgdf.exe
2009-01-29 14:29 . 2009-01-29 15:04 <DIR> d----c--- c:\documents and settings\peter engquist\Application Data\iolo
2009-01-29 14:29 . 2009-01-29 14:45 <DIR> d----c--- c:\documents and settings\All Users\Application Data\iolo
2009-01-23 23:03 . 2003-06-19 21:21 <DIR> d----c--- c:\documents and settings\Administrator\Application Data\VERITAS
2009-01-23 23:03 . 2003-04-11 02:14 <DIR> d----c--- c:\documents and settings\Administrator\Application Data\MSN6
2009-01-23 23:03 . 2003-04-11 01:52 <DIR> d----c--- c:\documents and settings\Administrator\Application Data\InterTrust
2009-01-23 23:03 . 2009-01-23 23:03 <DIR> d----c--- c:\documents and settings\Administrator
2009-01-21 14:00 . 2009-01-26 16:32 <DIR> d----c--- c:\windows\system32\config\systemprofile\Application Data\AVGTOOLBAR

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-31 20:34 --------- dc----w c:\documents and settings\peter engquist\Application Data\AVGTOOLBAR
2009-01-30 01:15 --------- dc--a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-29 23:02 --------- dc----w c:\documents and settings\wendy engquist\Application Data\LimeWire
2009-01-29 23:02 --------- dc----w c:\documents and settings\peter engquist\Application Data\uTorrent
2009-01-29 23:02 --------- dc----w c:\documents and settings\peter engquist\Application Data\LimeWire
2009-01-20 04:55 325,128 -c--a-w c:\windows\system32\drivers\avgldx86.sys
2009-01-15 00:11 15,504 -c--a-w c:\windows\system32\drivers\mbam.sys
2009-01-10 22:59 31 -c--a-w c:\documents and settings\peter engquist\jagex_runescape_preferences.dat
2009-01-10 00:03 --------- dc----w c:\documents and settings\All Users\Application Data\avg8
2009-01-10 00:02 12,552 -c--a-w c:\windows\system32\drivers\avgrkx86.sys
2009-01-10 00:02 107,272 -c--a-w c:\windows\system32\drivers\avgtdix.sys
2009-01-01 01:50 --------- dc----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-31 09:47 --------- dc----w c:\program files\Java
2008-12-11 10:57 333,952 -c--a-w c:\windows\system32\drivers\srv.sys
2008-12-09 03:10 --------- dc-h--w c:\program files\InstallShield Installation Information
2009-01-29 12:49 678,400 -c--a-w c:\program files\mozilla firefox\components\a062c1f8-36c1-e825-e6ad-4960feb79a9b.dll
2009-01-02 22:24 67,688 -c--a-w c:\program files\mozilla firefox\components\jar50.dll
2009-01-02 22:24 54,368 -c--a-w c:\program files\mozilla firefox\components\jsd3250.dll
2009-01-02 22:24 34,944 -c--a-w c:\program files\mozilla firefox\components\myspell.dll
2008-09-04 11:19 343,552 -c--a-w c:\program files\mozilla firefox\components\nsbads.dll
2009-01-02 22:24 46,712 -c--a-w c:\program files\mozilla firefox\components\spellchk.dll
2009-01-02 22:24 172,136 -c--a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-02-06_23.50.32.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-08 03:56:09 16,384 -c--atw c:\windows\temp\Perflib_Perfdata_634.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 2097488]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"Google Update"="c:\documents and settings\peter engquist\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-14 133104]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [BU]
"Uniblue RegistryBooster 2"="c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KernelFaultCheck"="c:\windows\system32\dumprep 0 -k" [X]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-02-28 315392]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-03-11 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-03-11 114688]
"ezShieldProtector for Px"="c:\windows\System32\ezSP_Px.exe" [2002-08-20 40960]
"StorageGuard"="c:\program files\VERITAS Software\Update Manager\sgtray.exe" [2002-06-17 155648]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 28672]
"IntelliPoint"="c:\program files\Microsoft Hardware\Mouse\point32.exe" [2002-08-29 172032]
"Media Codec Update Service"="c:\program files\Essentials Codec Pack\update.exe" [2007-04-08 303104]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-09 1601304]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-09-12 160160]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"nwiz"="nwiz.exe" [2003-03-03 c:\windows\system32\nwiz.exe]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 c:\windows\system32\Ati2mdxx.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2003-02-14 c:\windows\AGRSMMSG.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-13 c:\windows\system32\bthprops.cpl]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-01-09 16:02 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtQjHYp]
[BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv31"= c:\windows\System32\ir32_32.dll
"vidc.iv32"= c:\windows\System32\ir32_32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders schannel.dll, digest.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"d:\\Downloads\\Office12\\ONENOTE.EXE"=
"c:\\!KillBox\\tgcmd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"d:\\download\\Music download\\Morpheus\\Limewire\\Everything Else\\LimeWire\\LimeWire.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2008-06-03 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-06-03 325128]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-06-03 107272]
R1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [2005-04-23 14912]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-09 903960]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-09 298264]
R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [2009-01-09 1339600]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2009-01-29 712048]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2009-01-29 712048]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2008-06-03 29208]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2008-06-03 29208]
.
Contents of the 'Scheduled Tasks' folder

2009-01-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-02-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2672644582-2644259186-942823671-1006.job
- c:\documents and settings\peter engquist\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-14 12:57]

2003-07-16 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\System32\OOBE\oobebaln.exe [2008-04-13 16:12]

2003-07-16 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\System32\OOBE\oobebaln.exe [2008-04-13 16:12]
.
- - - - ORPHANS REMOVED - - - -

BHO-{0149c3a2-7da3-4b41-80ea-749df46ca8bd} - (no file)
BHO-{4b587a3d-3dce-4942-a20d-ac4cd49f32e1} - (no file)
BHO-{4FA1CC63-ECBC-4666-9ADC-80FBDD9355B9} - (no file)
BHO-{68a21b3a-25c0-49d7-ab61-0be94a043319} - (no file)
BHO-{6a752f32-0ea6-4b55-bc85-64f9d58b1f15} - (no file)
BHO-{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file)
BHO-{7355F214-890F-45C1-ACBA-A170E6FF014D} - (no file)
BHO-{74934910-54F8-40E7-B264-F8535AEC53C4} - (no file)
BHO-{B7A8538C-40D6-4401-9F5B-6F1C221D0B23} - (no file)
BHO-{C5FED44F-B652-4B13-BBD0-7BB800798D13} - (no file)
BHO-{f06e3498-7266-292f-3508-96c845e3a78f} - (no file)


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - d:\downlo~1\Office12\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\peter engquist\Start Menu\Programs\IMVU\Run IMVU.lnk
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\peter engquist\Application Data\Mozilla\Firefox\Profiles\default.45a\
FF - prefs.js: browser.search.defaulturl - hxxp://www1.yoog.com/search.php?q=
FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: keyword.URL - hxxp://www1.yoog.com/search.php?q=

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: google.toolbar.linkdoctor.enabled - false
FF - user.js: browser.search.defaultenginename - Yoog Search
FF - user.js: browser.search.defaulturl - hxxp://www1.yoog.com/search.php?q=
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www1.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-07 19:56:28
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\XP*]
"DisplayName"="?\13?\13"
"DeviceDesc"="?\13?\13"
"ProviderName"=""
"MFG"="???\\"
"ReinstallString"="c:\\WINDOWS\\System32\\ReinstallBackups\\?\13\\DriverFiles\\.INF"
"DeviceInstanceIds"=multi:"er\\xp_inf\\cx_08174.inf\00"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Sony\Photo Server\appsrv\PhotoAppSrv.exe
c:\windows\system32\ZuneBusEnum.exe
c:\program files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
c:\program files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Zune\ZuneNss.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2009-02-07 20:02:01 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-08 04:01:59
ComboFix2.txt 2009-02-07 07:52:02
ComboFix3.txt 2008-06-03 04:13:39

Pre-Run: 84,638,760,960 bytes free
Post-Run: 84,642,467,840 bytes free

Current=2 Default=2 Failed=4 LastKnownGood=1 Sets=1,2,3,4
236 --- E O F --- 2009-01-14 06:57:27

Edited by Beastolizer, 07 February 2009 - 11:08 PM.


#13 Beastolizer

Beastolizer
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:24 AM

Posted 07 February 2009 - 11:09 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:03:41 PM, on 2/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\Photo Server\appsrv\PhotoAppSrv.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Documents and Settings\peter engquist\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft Hardware\Mouse\point32.exe"
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\peter engquist\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\DOWNLO~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\DOWNLO~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\DOWNLO~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\DOWNLO~1\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\peter engquist\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...76/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay103.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} - http://www.snapfish.com/SnapfishUpload.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,19/mcgdmgr.cab
O16 - DPF: {C946EF6D-296D-4907-A6E1-ED0E8E5AF024} (LycosMail Upload Control) - http://mail.lycos.com/hanmail-ax/AttachMail.cab
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_03) -
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.6.0_06) -
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Plug-in 1.6.0_07) -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: awtQjHYp - C:\WINDOWS\
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\Photo Server\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\Giga Pocket\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

--
End of file - 10568 bytes

#14 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:05:24 PM

Posted 08 February 2009 - 09:27 PM

Please download the OTMoveIt3 by OldTimer
  • Save it to your Desktop.
  • Please double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Let the Unregister Dll's and Ocx's remain ticked and Zip Files After Moves remain unticked..
  • Copy the codebox contents and paste it to the "Paste List of Files/Folders to Move" window (under the light Yellow bar)

    :processes
    explorer.exe
    
    :services
    
    :files
    c:\windows\system32\b2407dd5-7e09-45c4-ae6a-e6d973de72b3.exe
    
    :reg
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtQjHYp]
    
    :commands
    [purity]
    [emptytemp]
    [start explorer]
    [reboot]
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.





Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Post me these logs in your next reply...

1. OTMoveIt3
2. ESET Online Scanner
3. Tell me, how's the computer now? :thumbup2:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#15 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:05:24 PM

Posted 18 February 2009 - 05:58 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users