Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antivirus-type Pop-ups + IE Multi-tab Popper


  • This topic is locked This topic is locked
18 replies to this topic

#1 DangerMom

DangerMom

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Duncanville, Texas
  • Local time:02:27 AM

Posted 31 January 2009 - 07:06 AM

I have been having one of the Antivirus checker pop-ups, but I can't tell you the name of it. I had checked it against the list on BC malware removal page but it wasn't there. I wrote it down, but it changed a few days ago. I think I had done something that blocked it to a degree. It seemed better for a few days, but it re-asserted itself - with a vengeance.

I am also having something that was opening new tabs - 50,000,000,000+ of them ad-infinitum. Best thing ever happened to a tax return... I think this didn't start up until after I tried to do something about the other problem, but that may just be coincidence.

:thumbup2:

I am not a tech genius, nor am I a newbie, just a fringe rider. I am very good at following directions, as long as I have the right directions to follow.

Please help me, I will be forever in the debt of my knight[ess]...

------------------------------------------------------

Attachments:

copy of dds.txt


DDS (Ver_09-01-19.01) - NTFSx86
Run by Jeri Bolin at 4:55:32.82 on Sat 01/31/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.92 [GMT -6:00]

AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
E:\Program Files\PowerISO\PWRISOVM.EXE
E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Jeri Bolin\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: NoExplorer - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - e:\program files\real\new realplayer\rpbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: {abbb680d-5315-42d3-ad2b-66d771fb94ef} - c:\windows\system32\rotuseni.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
BHO: EWPP - No File
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [SpybotSD TeaTimer] e:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [EPSON WorkForce 500 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatieqa.exe /fu "c:\windows\temp\E_SB4.tmp" /EF "HKCU"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [YSearchProtection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [RTReminder]
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [PWRISOVM.EXE] e:\program files\poweriso\PWRISOVM.EXE
mRun: [bovuvamutu] Rundll32.exe "c:\windows\system32\gowodohe.dll",s
mRun: [b4277789] rundll32.exe "c:\windows\system32\guserohu.dll",b
mRun: [CPMb7144415] Rundll32.exe "c:\windows\system32\zefirena.dll",a
mRunOnce: [Spybot - Search & Destroy] "e:\program files\spybot - search & destroy\SpybotSD.exe" /autocheck
mRunServices: [Microsoft Updates] svehost.exe
dRun: [bovuvamutu] Rundll32.exe "c:\windows\system32\gowodohe.dll",s
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\adober~1.lnk - d:\program files\adobe\reader 8.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\adober~2.lnk - d:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\jeri bolin\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - e:\my documents\buddy\icq6.5\ICQ.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: real.com\account
Trusted Zone: realarcade.com\www
Trusted Zone: torrentzilla.org
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} - c:\program files\yahoo!\common\yucconfig.dll
DPF: {2ADE19BB-1E79-4EC4-976E-AC74339ADD76} - hxxp://ghimireinc.serveftp.com/ActiveViewGUI.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {3E90FFF5-1347-45B9-91F6-DA47926E9697} - hxxp://www.newhomebasedccr.com/test/PlaNetSysInfo.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1210135733452
DPF: {66F7F252-3FE1-4650-B1E5-94B2A38271C5} - hxxp://ghimireinc.serveftp.com/ActiveView.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
AppInit_DLLs: zkxpoo.dll c:\windows\system32\levunana.dll ypusfr.dll mgtpqa.dll ydloes.dll oxgzrf.dll pgfqdf.dll c:\windows\system32\zefirena.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\zefirena.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\zefirena.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Notification Packages = \ d s y s t e m 3 2 \ w o r u j u s u . d l l c:\windows\system32\levunana.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-1-31 64160]
R4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 950096]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;\??\c:\windows\system32\drivers\nsdriver.sys --> c:\windows\system32\drivers\NSDriver.sys [?]
S3 Ad-Watch Real-Time Scanner;AW Real-Time Scanner;\??\c:\windows\system32\drivers\awrtpd.sys --> c:\windows\system32\drivers\AWRTPD.sys [?]
S3 Ad-Watch Registry Filter;Ad-Watch Registry Kernel Filter;\??\c:\windows\system32\drivers\awrtrd.sys --> c:\windows\system32\drivers\AWRTRD.sys [?]
S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2008-5-7 42512]

=============== Created Last 30 ================

2009-01-31 03:28 28,233 a------- c:\windows\system32\AAWService_2009_01_31_03_28_22.dmp
2009-01-31 03:26 15,688 a------- c:\windows\system32\lsdelete.exe
2009-01-31 03:04 23,003 a------- c:\windows\system32\AAWService_2009_01_31_03_04_54.dmp
2009-01-31 03:03 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-01-31 02:08 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-30 19:25 120 ---sh--- c:\windows\system32\irezerah.ini
2009-01-30 19:25 135,407 a--sh--- c:\windows\system32\pgfqdf.dll
2009-01-30 07:24 120 ---sh--- c:\windows\system32\ujazezes.ini
2009-01-30 07:24 135,261 a--sh--- c:\windows\system32\oxgzrf.dll
2009-01-29 19:24 120 ---sh--- c:\windows\system32\ijetejak.ini
2009-01-29 19:24 135,432 a--sh--- c:\windows\system32\ydloes.dll
2009-01-29 07:24 120 ---sh--- c:\windows\system32\ikawahoh.ini
2009-01-28 21:44 <DIR> --d----- c:\program files\Lavasoft
2009-01-28 19:23 120 ---sh--- c:\windows\system32\abupitod.ini
2009-01-28 07:23 120 ---sh--- c:\windows\system32\awapesas.ini
2009-01-28 07:23 135,257 a--sh--- c:\windows\system32\zkxpoo.dll
2009-01-27 19:39 135,439 a------- c:\windows\system32\ewqiap.dll
2009-01-27 19:39 120 ---sh--- c:\windows\system32\izelefav.ini
2009-01-27 07:33 135,457 a------- c:\windows\system32\tdckdl.dll
2009-01-27 07:33 120 ---sh--- c:\windows\system32\igehumal.ini
2009-01-27 07:30 2,713 ---sh--- c:\windows\system32\rorerilu.dll
2009-01-26 19:31 120 ---sh--- c:\windows\system32\eliposal.ini
2009-01-26 19:30 2,713 ---sh--- c:\windows\system32\dituguwu.dll
2009-01-26 17:53 54,156 a---h--- c:\windows\QTFont.qfn
2009-01-26 17:53 1,409 a------- c:\windows\QTFont.for
2009-01-26 17:09 <DIR> --d----- c:\program files\directx
2009-01-26 07:28 120 ---sh--- c:\windows\system32\emuromad.ini
2009-01-26 07:27 141,048 a------- c:\windows\system32\rrijeh.dll
2009-01-26 06:22 141,948 a--sh--- c:\windows\system32\ogecmw.dll
2009-01-25 18:22 120 ---sh--- c:\windows\system32\odiriwij.ini
2009-01-25 18:22 133,314 a--sh--- c:\windows\system32\jwakbz.dll
2009-01-25 06:21 120 ---sh--- c:\windows\system32\ejakisan.ini
2009-01-25 06:21 133,355 a--sh--- c:\windows\system32\bhhxio.dll
2009-01-25 03:14 45,056 a------- c:\windows\system32\WNASPI32.DLL
2009-01-25 03:14 16,512 a------- c:\windows\system32\drivers\ASPI32.SYS
2009-01-24 22:47 442,368 a----r-- c:\windows\system32\vp6vfw.dll
2009-01-24 18:21 133,409 a--sh--- c:\windows\system32\jlegat.dll
2009-01-24 18:21 120 ---sh--- c:\windows\system32\arayilin.ini
2009-01-24 10:43 1,466 a------- c:\windows\X3D.INI
2009-01-24 10:39 746 a------- c:\windows\XaraX.INI
2009-01-24 10:37 <DIR> --d----- c:\docume~1\jeribo~1\applic~1\Xara
2009-01-24 10:37 180,224 a------- c:\windows\system32\xwsindex.exe
2009-01-24 10:37 876,544 a------- c:\windows\system32\xaradocg.dll
2009-01-24 10:37 131,072 a------- c:\windows\system32\BMPImporter.dll
2009-01-24 10:37 118,784 a------- c:\windows\system32\xmupload.dll
2009-01-24 10:37 86,016 a------- c:\windows\system32\bincoder.dll
2009-01-24 10:37 23,552 a------- c:\windows\system32\xfontman.dll
2009-01-24 10:37 253,952 a------- c:\windows\system32\templop.dll
2009-01-24 10:37 126,976 a------- c:\windows\system32\templman.dll
2009-01-24 09:54 405,563 a------- c:\windows\system32\wbocx.ocx
2009-01-24 09:54 28,672 a------- c:\windows\system32\wbhelper.exe
2009-01-24 09:54 50,688 a------- c:\windows\system32\wbhelp2.dll
2009-01-24 09:54 1 a------- c:\windows\system32\mspwtbatchlinkdownloader.max
2009-01-24 09:50 <DIR> --d----- c:\docume~1\jeribo~1\applic~1\FileOpen
2009-01-24 09:50 <DIR> --d----- c:\docume~1\alluse~1\applic~1\FileOpen
2009-01-24 09:50 <DIR> --d----- c:\program files\FileOpen
2009-01-24 08:59 <DIR> --d----- c:\docume~1\jeribo~1\applic~1\Free Download Manager
2009-01-24 07:50 <DIR> --d----- c:\windows\system32\IOSUBSYS
2009-01-24 06:21 133,310 a--sh--- c:\windows\system32\zahifo.dll
2009-01-24 06:21 120 ---sh--- c:\windows\system32\ahujivum.ini
2009-01-23 18:21 133,266 a--sh--- c:\windows\system32\ozhimh.dll
2009-01-23 18:21 120 ---sh--- c:\windows\system32\amimefil.ini
2009-01-23 06:21 120 ---sh--- c:\windows\system32\evogagoy.ini
2009-01-23 06:21 134,271 a--sh--- c:\windows\system32\dekijr.dll
2009-01-22 18:21 120 ---sh--- c:\windows\system32\agiretid.ini
2009-01-22 18:20 134,453 a--sh--- c:\windows\system32\mdlwhm.dll
2009-01-22 13:42 <DIR> --d----- c:\program files\Free Offers from Freeze.com
2009-01-22 07:07 133,369 a------- c:\windows\system32\xfjcoe.dll
2009-01-22 06:20 120 ---sh--- c:\windows\system32\ahowayas.ini
2009-01-21 18:20 120 ---sh--- c:\windows\system32\ifusopuh.ini
2009-01-21 18:20 134,304 a--sh--- c:\windows\system32\tyjnnr.dll
2009-01-21 06:20 120 ---sh--- c:\windows\system32\umodijad.ini
2009-01-21 06:19 134,358 a--sh--- c:\windows\system32\dfilii.dll
2009-01-20 18:19 134,440 a--sh--- c:\windows\system32\vfqxxo.dll
2009-01-20 18:19 120 ---sh--- c:\windows\system32\amezowah.ini
2009-01-20 06:19 133,872 a--sh--- c:\windows\system32\pnissl.dll
2009-01-20 06:19 120 ---sh--- c:\windows\system32\etitekop.ini
2009-01-19 23:37 <DIR> --d----- c:\docume~1\jeribo~1\applic~1\Gogii Games
2009-01-19 23:37 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Gogii Games
2009-01-19 18:19 120 ---sh--- c:\windows\system32\ilagidap.ini
2009-01-19 18:18 133,232 a--sh--- c:\windows\system32\jxjwho.dll
2009-01-19 06:18 120 ---sh--- c:\windows\system32\edupapom.ini
2009-01-19 06:18 133,284 a--sh--- c:\windows\system32\ncxoux.dll
2009-01-18 18:18 120 ---sh--- c:\windows\system32\ibuzizuk.ini
2009-01-18 18:18 133,806 a--sh--- c:\windows\system32\kbqmbm.dll
2009-01-18 06:18 120 ---sh--- c:\windows\system32\akutihuy.ini
2009-01-18 06:18 133,240 a--sh--- c:\windows\system32\ljfrlt.dll
2009-01-17 18:18 120 ---sh--- c:\windows\system32\aheyebuh.ini
2009-01-17 18:17 133,813 a--sh--- c:\windows\system32\lqxywp.dll
2009-01-17 06:17 120 ---sh--- c:\windows\system32\ehodiveb.ini
2009-01-17 06:17 133,688 a--sh--- c:\windows\system32\qdkfpl.dll
2009-01-16 18:17 120 ---sh--- c:\windows\system32\akudawup.ini
2009-01-16 18:17 133,851 a--sh--- c:\windows\system32\eggwqg.dll
2009-01-16 06:17 120 ---sh--- c:\windows\system32\osaledok.ini
2009-01-16 06:17 131,868 a--sh--- c:\windows\system32\ifwmjs.dll
2009-01-15 18:16 120 ---sh--- c:\windows\system32\urimijoh.ini
2009-01-15 18:16 131,824 a--sh--- c:\windows\system32\fkvopo.dll
2009-01-15 06:16 131,841 a--sh--- c:\windows\system32\wepgqv.dll
2009-01-15 06:16 120 ---sh--- c:\windows\system32\ivopavam.ini
2009-01-14 18:16 120 ---sh--- c:\windows\system32\ayezehir.ini
2009-01-14 18:16 131,891 a--sh--- c:\windows\system32\ncnbbg.dll
2009-01-14 06:16 131,837 a--sh--- c:\windows\system32\kbaljg.dll
2009-01-14 06:16 120 ---sh--- c:\windows\system32\ajivepap.ini
2009-01-13 18:16 120 ---sh--- c:\windows\system32\apovirid.ini
2009-01-13 18:16 131,716 a--sh--- c:\windows\system32\hkoncd.dll
2009-01-13 06:16 120 ---sh--- c:\windows\system32\oseporim.ini
2009-01-13 06:15 131,687 a--sh--- c:\windows\system32\jjxqmc.dll
2009-01-12 18:15 131,773 a--sh--- c:\windows\system32\nzdcbz.dll
2009-01-12 18:15 120 ---sh--- c:\windows\system32\emakowak.ini
2009-01-12 06:15 120 ---sh--- c:\windows\system32\omikuzaj.ini
2009-01-11 18:15 120 ---sh--- c:\windows\system32\ihigamod.ini
2009-01-11 06:15 120 ---sh--- c:\windows\system32\uhoriveb.ini
2009-01-10 18:15 120 ---sh--- c:\windows\system32\uzotojib.ini
2009-01-10 06:14 120 ---sh--- c:\windows\system32\ejumusuv.ini
2009-01-09 18:14 120 ---sh--- c:\windows\system32\egewerif.ini
2009-01-09 06:14 120 ---sh--- c:\windows\system32\eyadoyaj.ini
2009-01-08 18:14 120 ---sh--- c:\windows\system32\emumenum.ini
2009-01-08 06:14 120 ---sh--- c:\windows\system32\olumasoz.ini
2009-01-07 18:14 120 ---sh--- c:\windows\system32\ozonadel.ini
2009-01-07 06:13 120 ---sh--- c:\windows\system32\imiwodos.ini
2009-01-06 18:13 120 ---sh--- c:\windows\system32\ebowigub.ini
2009-01-06 06:13 120 ---sh--- c:\windows\system32\urayatap.ini
2009-01-05 18:13 120 ---sh--- c:\windows\system32\umihohom.ini
2009-01-05 16:33 3,751,995 a------- c:\windows\system32\GPhotos.scr
2009-01-05 06:13 120 ---sh--- c:\windows\system32\unosawap.ini
2009-01-04 18:12 120 ---sh--- c:\windows\system32\urakamik.ini
2009-01-04 06:12 120 ---sh--- c:\windows\system32\asosohod.ini
2009-01-04 04:21 <DIR> --d----- c:\program files\Trymedia
2009-01-03 18:12 120 ---sh--- c:\windows\system32\unagumov.ini
2009-01-03 09:28 102,664 a------- c:\windows\system32\drivers\tmcomm.sys
2009-01-03 06:35 <DIR> --d----- c:\documents and settings\jeri bolin\.housecall6.6
2009-01-03 06:29 120 ---sh--- c:\windows\system32\ipigunuf.ini
2009-01-03 05:43 211 a------- c:\windows\wininit.ini
2009-01-02 18:12 1,262,075 ---sh--- c:\windows\system32\ejadisol.ini
2009-01-02 06:11 1,262,075 ---sh--- c:\windows\system32\uhoresug.ini
2009-01-01 18:11 1,262,112 ---sh--- c:\windows\system32\apopuwah.ini
2009-01-01 06:11 1,262,084 ---sh--- c:\windows\system32\otinogen.ini

==================== Find3M ====================

2009-01-30 19:25 135,407 a--sh--- c:\windows\system32\dapirima.dll
2009-01-30 19:25 86,167 a--sh--- c:\windows\system32\harezeri.dll
2009-01-30 07:24 100,633 a--sh--- c:\windows\system32\tewudeje.dll
2009-01-30 07:24 135,261 a--sh--- c:\windows\system32\likusiyi.dll
2009-01-29 19:24 86,268 -------- c:\windows\system32\kajeteji.dll
2009-01-29 19:24 135,432 a--sh--- c:\windows\system32\dijezoru.dll
2009-01-29 19:24 98,955 a--sh--- c:\windows\system32\hufopogi.dll
2009-01-29 07:24 100,474 a--sh--- c:\windows\system32\howewufu.dll
2009-01-29 07:24 133,336 a--sh--- c:\windows\system32\jatupuni.dll
2009-01-29 07:24 86,298 -------- c:\windows\system32\hohawaki.dll
2009-01-28 19:23 100,474 a--sh--- c:\windows\system32\fokubino.dll
2009-01-28 19:23 86,160 -------- c:\windows\system32\dotipuba.dll
2009-01-28 19:23 133,235 a--sh--- c:\windows\system32\bayumoso.dll
2009-01-28 07:23 135,257 a--sh--- c:\windows\system32\rosobogu.dll
2009-01-28 07:23 98,956 a--sh--- c:\windows\system32\diwupesa.dll
2009-01-28 07:23 86,583 -------- c:\windows\system32\sasepawa.dll
2009-01-27 19:39 135,439 a------- c:\windows\system32\hikikoli.dll
2009-01-27 19:39 86,668 a------- c:\windows\system32\vafelezi.dll
2009-01-27 19:39 100,582 a------- c:\windows\system32\tupuzeme.dll
2009-01-27 07:33 135,457 a------- c:\windows\system32\wupuwota.dll
2009-01-27 07:33 63,650 a------- c:\windows\system32\husovetu.dll
2009-01-27 07:33 86,244 -------- c:\windows\system32\lamuhegi.dll
2009-01-26 19:31 96,004 -------- c:\windows\system32\lasopile.dll
2009-01-26 07:27 141,048 a------- c:\windows\system32\buloyubo.dll
2009-01-26 07:27 109,305 a------- c:\windows\system32\kalepopo.dll
2009-01-26 07:27 93,311 -------- c:\windows\system32\damorume.dll
2009-01-26 06:22 141,948 a--sh--- c:\windows\system32\tepufepu.dll
2009-01-26 06:22 71,917 a--sh--- c:\windows\system32\goyinoro.dll
2009-01-25 18:22 87,310 a--sh--- c:\windows\system32\jiwirido.dll
2009-01-25 18:22 133,314 a--sh--- c:\windows\system32\kuhihihu.dll
2009-01-25 18:22 101,515 a--sh--- c:\windows\system32\vutofowi.dll
2009-01-25 06:21 99,527 a--sh--- c:\windows\system32\fapawozi.dll
2009-01-25 06:21 133,355 a--sh--- c:\windows\system32\gebuhobo.dll
2009-01-24 18:21 101,495 a--sh--- c:\windows\system32\masurumo.dll
2009-01-24 18:21 133,409 a--sh--- c:\windows\system32\bihiwuko.dll
2009-01-24 18:21 85,742 a--sh--- c:\windows\system32\niliyara.dll
2009-01-24 06:21 100,538 a--sh--- c:\windows\system32\mahozege.dll
2009-01-24 06:21 133,310 a--sh--- c:\windows\system32\viparele.dll
2009-01-23 18:21 101,579 a--sh--- c:\windows\system32\volamele.dll
2009-01-23 18:21 133,266 a--sh--- c:\windows\system32\musosami.dll
2009-01-23 18:21 85,660 -------- c:\windows\system32\lifemima.dll
2009-01-23 06:21 87,300 -------- c:\windows\system32\yogagove.dll
2009-01-23 06:21 134,271 a--sh--- c:\windows\system32\livahoka.dll
2009-01-23 06:21 99,413 a--sh--- c:\windows\system32\duhofele.dll
2009-01-22 18:20 85,683 -------- c:\windows\system32\diteriga.dll
2009-01-22 18:20 64,289 a--sh--- c:\windows\system32\pawafilo.dll
2009-01-22 18:20 134,453 a--sh--- c:\windows\system32\helokubo.dll
2009-01-22 18:20 100,642 a--sh--- c:\windows\system32\futakoze.dll
2009-01-22 07:07 133,369 a------- c:\windows\system32\lanadata.dll
2009-01-22 06:20 86,098 -------- c:\windows\system32\sayawoha.dll
2009-01-22 06:20 99,533 a--sh--- c:\windows\system32\puwaduvu.dll
2009-01-21 18:20 134,304 a--sh--- c:\windows\system32\kisojaze.dll
2009-01-21 18:20 86,121 a--sh--- c:\windows\system32\huposufi.dll
2009-01-21 06:20 86,322 -------- c:\windows\system32\dajidomu.dll
2009-01-21 06:19 134,358 a--sh--- c:\windows\system32\jetebemi.dll
2009-01-21 06:19 99,492 a--sh--- c:\windows\system32\vabekame.dll
2009-01-20 18:19 134,440 a--sh--- c:\windows\system32\mudaliso.dll
2009-01-20 18:19 101,022 a--sh--- c:\windows\system32\kifipire.dll
2009-01-20 18:19 86,325 a--sh--- c:\windows\system32\hawozema.dll
2009-01-20 06:19 133,872 a--sh--- c:\windows\system32\samodoge.dll
2009-01-20 06:19 100,590 a--sh--- c:\windows\system32\fabuyoju.dll
2009-01-20 06:19 87,348 -------- c:\windows\system32\poketite.dll
2009-01-19 18:18 133,232 a--sh--- c:\windows\system32\hesesiwo.dll
2009-01-19 18:18 64,114 a--sh--- c:\windows\system32\jehikonu.dll
2009-01-19 18:18 99,074 a--sh--- c:\windows\system32\finayoga.dll
2009-01-19 18:18 87,282 -------- c:\windows\system32\padigali.dll
2009-01-19 06:18 87,107 -------- c:\windows\system32\mopapude.dll
2009-01-19 06:18 133,284 a--sh--- c:\windows\system32\viwawede.dll
2009-01-19 06:18 99,041 a--sh--- c:\windows\system32\tusavila.dll
2009-01-18 18:18 133,806 a--sh--- c:\windows\system32\munorayo.dll
2009-01-18 18:18 98,472 a--sh--- c:\windows\system32\losidaje.dll
2009-01-18 18:18 86,133 -------- c:\windows\system32\kuzizubi.dll
2009-01-18 06:18 86,231 -------- c:\windows\system32\yuhituka.dll
2009-01-18 06:18 133,240 a--sh--- c:\windows\system32\nogorike.dll
2009-01-18 06:18 98,547 a--sh--- c:\windows\system32\pusekudu.dll
2009-01-17 18:17 97,361 a--sh--- c:\windows\system32\zoramuse.dll
2009-01-17 18:17 133,813 a--sh--- c:\windows\system32\fogakawa.dll
2009-01-17 18:17 85,187 a--sh--- c:\windows\system32\hubeyeha.dll
2009-01-17 06:17 99,539 a--sh--- c:\windows\system32\bilokoso.dll
2009-01-17 06:17 133,688 a--sh--- c:\windows\system32\vajefera.dll
2009-01-16 18:17 100,487 a--sh--- c:\windows\system32\mufohito.dll
2009-01-16 18:17 133,851 a--sh--- c:\windows\system32\kiyuvuyo.dll
2009-01-16 06:17 86,621 -------- c:\windows\system32\kodelaso.dll
2009-01-16 06:17 131,868 a--sh--- c:\windows\system32\vutukage.dll
2009-01-15 18:16 131,824 a--sh--- c:\windows\system32\tehinozo.dll
2009-01-15 18:16 86,135 -------- c:\windows\system32\hojimiru.dll
2009-01-15 06:16 131,841 a--sh--- c:\windows\system32\mobidemi.dll
2009-01-15 06:16 99,487 a--sh--- c:\windows\system32\varelofu.dll
2009-01-15 06:16 86,117 -------- c:\windows\system32\mavapovi.dll
2009-01-14 18:16 86,302 -------- c:\windows\system32\rihezeya.dll
2009-01-14 18:16 131,891 a--sh--- c:\windows\system32\dehodeye.dll
2009-01-14 18:16 100,608 a--sh--- c:\windows\system32\wuhifopu.dll
2009-01-14 06:16 131,837 a--sh--- c:\windows\system32\wujofile.dll
2009-01-14 06:16 99,952 a--sh--- c:\windows\system32\kenetoja.dll
2009-01-14 06:16 87,633 -------- c:\windows\system32\papevija.dll
2009-01-13 18:16 99,990 a--sh--- c:\windows\system32\sunofefa.dll
2009-01-13 18:16 131,716 a--sh--- c:\windows\system32\natasaza.dll
2009-01-13 18:16 87,801 -------- c:\windows\system32\dirivopa.dll
2009-01-13 06:15 99,455 a--sh--- c:\windows\system32\hesutuhe.dll
2009-01-13 06:15:47 A--SH--- 131,687 c:\windows\system32\dufisuzu.dll
0000-00-00 00:00 63,650 a--sh--- c:\windows\system32\gowodohe.dll
0000-00-00 00:00 63,650 a--sh--- c:\windows\system32\levunana.dll
0000-00-00 00:00 63,650 a--sh--- c:\windows\system32\rotuseni.dll

============= FINISH: 4:56:50.15 ===============



copy of attach.txt

Attached Files



BC AdBot (Login to Remove)

 


#2 DangerMom

DangerMom
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Duncanville, Texas
  • Local time:02:27 AM

Posted 31 January 2009 - 07:22 AM

I should also say that I have a paid version of Ad-Aware that I just upgrade to their "Anniversary Edition" for whatever that might be worth to me - sorry, I'm getting old and jaded about anything, and REALLY feeling abused right now. Anyway, I updated Ad-Aware and scanned, it removed 100+ items, and also ran a new Spybot scan earlier but somehow missed anything it may have done.

I have been on BC for a little while now tonight, and have not had any pop-up problems of any kind. In fact, I tried to run the DDS report the other day, but it wouldn't finish AT ALL. It wasn't until after I ran the scans that I could even get the .txt files to complete tonight [this morning? - time warp].

Thanks again for any help you can provide...

Edited by DangerMom, 31 January 2009 - 07:23 AM.


#3 DangerMom

DangerMom
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Duncanville, Texas
  • Local time:02:27 AM

Posted 31 January 2009 - 08:38 AM

Well, I thought I was done. As soon as I left BC and went back to MyYahoo, the Virus checker pop-up started again. I guess I'm not surprised, I was just hopeful.

Thanks again for your help, I'll quit adding posts now. I'll just be sitting here on my hands until I hear back from you!

:thumbup2:

#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:04:27 PM

Posted 01 February 2009 - 10:05 AM

Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.



NEXT


Please download GMER and unzip it to your Desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.


Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GMER result..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 DangerMom

DangerMom
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Duncanville, Texas
  • Local time:02:27 AM

Posted 02 February 2009 - 06:08 PM

Here is the Malwarebytes log...


Malwarebytes' Anti-Malware 1.33
Database version: 1716
Windows 5.1.2600 Service Pack 3

2/2/2009 4:18:07 PM
mbam-log-2009-02-02 (16-18-07).txt

Scan type: Full Scan (C:\|E:\|)
Objects scanned: 367324
Time elapsed: 4 hour(s), 0 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 26
Registry Values Infected: 5
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 167

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\sufagika.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\hivikivo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\obfcys.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9f4efc44-813e-43c6-bd7e-d0dabe914710} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9f4efc44-813e-43c6-bd7e-d0dabe914710} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{abbb680d-5315-42d3-ad2b-66d771fb94ef} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{abbb680d-5315-42d3-ad2b-66d771fb94ef} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9f4efc44-813e-43c6-bd7e-d0dabe914710} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7bd3c6d2-50f9-4f94-872e-5afe2ea52eac} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4ebc4853-bb93-41fc-ae4d-fc045ea7edf7} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5fa733e6-5a8e-4f62-91b6-f2c859923b5b} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9f28651c-d44f-4694-8a83-2fdd61520fe5} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{30721715-0a3f-4bd7-9011-fb28987e7882} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{dc58d1ba-b628-4a0f-bbec-d71b3faa5d15} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a54bc416-7a97-4271-8b69-29ac22e97c8d} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a54bc416-7a97-4271-8b69-29ac22e97c8d} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{01b3034f-2442-410d-982e-be4d3d74e0ae} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8add8cdb-e4da-45b9-b482-4a325b0aa3dc} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c15a0942-3936-4498-a464-cc41c136debf} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e05c073e-0beb-470a-94a0-15e50c829d7f} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{abbb680d-5315-42d3-ad2b-66d771fb94ef} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{fc7b4561-5751-46a3-8fb8-db8df0b8d66e} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{323400e6-f8eb-4dd8-8d84-6da00ec3f759} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpmb7144415 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bovuvamutu (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\b4277789 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\sufagika.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\sufagika.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\sufagika.dll -> Delete on reboot.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\obfcys.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\dajidomu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\umodijad.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\damorume.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\emuromad.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dirivopa.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\apovirid.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dirobudi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iduborid.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ditehahe.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ehahetid.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\diteriga.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\agiretid.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dotipuba.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\abupitod.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dowileyi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iyeliwod.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\goyetude.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eduteyog.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\harezeri.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\irezerah.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hawozema.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\amezowah.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hawupopa.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\apopuwah.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\heniloza.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\azolineh.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hohawaki.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ikawahoh.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hojimiru.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\urimijoh.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hubeyeha.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\aheyebuh.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\huposufi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ifusopuh.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jayodaye.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eyadoyaj.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jazukimo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\omikuzaj.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jiwirido.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\odiriwij.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kajeteji.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ijetejak.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kawokame.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\emakowak.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kodelaso.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\osaledok.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kuzizubi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ibuzizuk.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lamuhegi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\igehumal.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lasopile.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eliposal.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lifemima.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\amimefil.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\losidaje.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ejadisol.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mavapovi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ivopavam.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\miropeso.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oseporim.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mopapude.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\edupapom.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\negonito.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\otinogen.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\niliyara.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\arayilin.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nofayasu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\usayafon.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\padigali.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ilagidap.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\papevija.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ajivepap.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\poketite.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\etitekop.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rejuyibo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\obiyujer.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rihezeya.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ayezehir.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rujeyuhe.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ehuyejur.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sasepawa.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awapesas.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sayawoha.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ahowayas.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vafelezi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\izelefav.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vusumuje.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ejumusuv.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wukanipo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opinakuw.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yogagove.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\evogagoy.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yuhituka.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\akutihuy.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zosamulo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\olumasoz.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hivikivo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\hehoniwu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\sufagika.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\System Volume Information\_restore{2244C3C5-3139-427B-8690-99D4580B8AC6}\RP275\A0046693.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2244C3C5-3139-427B-8690-99D4580B8AC6}\RP275\A0046694.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2244C3C5-3139-427B-8690-99D4580B8AC6}\RP275\A0046723.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2244C3C5-3139-427B-8690-99D4580B8AC6}\RP275\A0046727.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2244C3C5-3139-427B-8690-99D4580B8AC6}\RP275\A0046728.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2244C3C5-3139-427B-8690-99D4580B8AC6}\RP275\A0046729.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2244C3C5-3139-427B-8690-99D4580B8AC6}\RP275\A0046730.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2244C3C5-3139-427B-8690-99D4580B8AC6}\RP275\A0046732.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2244C3C5-3139-427B-8690-99D4580B8AC6}\RP275\A0046733.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2244C3C5-3139-427B-8690-99D4580B8AC6}\RP275\A0046734.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2244C3C5-3139-427B-8690-99D4580B8AC6}\RP275\A0046735.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2244C3C5-3139-427B-8690-99D4580B8AC6}\RP275\A0046738.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2244C3C5-3139-427B-8690-99D4580B8AC6}\RP275\A0046740.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2244C3C5-3139-427B-8690-99D4580B8AC6}\RP275\A0046741.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2244C3C5-3139-427B-8690-99D4580B8AC6}\RP275\A0046724.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2244C3C5-3139-427B-8690-99D4580B8AC6}\RP275\A0046742.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2244C3C5-3139-427B-8690-99D4580B8AC6}\RP276\A0046831.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2244C3C5-3139-427B-8690-99D4580B8AC6}\RP276\A0046832.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pabugiri.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nifolije.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dehodeye.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dufisuzu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fogakawa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hozifofe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jasanopu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kbqmbm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lqxywp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mufohito.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\munorayo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\natasaza.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ncnbbg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nzdcbz.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pnissl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qdkfpl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\samodoge.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sunofefa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tehinozo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vutukage.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vuwizeki.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wepgqv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\worujusu.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kenetoja.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kiyuvuyo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\komiwozu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wuhifopu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wujofile.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fkvopo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vajefera.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\varelofu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rigebuja.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jjxqmc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\juheyuve.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kbaljg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nehokaki.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mobidemi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yonugese.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ifwmjs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hekomuno.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hesutuhe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hijoropo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hkoncd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eggwqg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\My Games\Ranch Rush\ijl15.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fupilito.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kalepopo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hohokaza.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tepufepu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

#6 DangerMom

DangerMom
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Duncanville, Texas
  • Local time:02:27 AM

Posted 02 February 2009 - 06:09 PM

Here is the RSIT log file...


Logfile of random's system information tool 1.05 (written by random/random)
Run by Jeri Bolin at 2009-02-02 16:36:54
Microsoft Windows XP Professional Service Pack 3
System drive C: has 1 GB (10%) free of 14 GB
Total RAM: 511 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:37:33 PM, on 2/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
E:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Documents and Settings\Jeri Bolin\Desktop\RSIT.exe
C:\Program Files\trend micro\Jeri Bolin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - E:\Program Files\Real\New RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {9f4efc44-813e-43c6-bd7e-d0dabe914710} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {abbb680d-5315-42d3-ad2b-66d771fb94ef} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] E:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [CPMb7144415] Rundll32.exe "c:\windows\system32\zefirena.dll",a
O4 - HKLM\..\Run: [bovuvamutu] Rundll32.exe "C:\WINDOWS\system32\gowodohe.dll",s
O4 - HKLM\..\Run: [b4277789] rundll32.exe "C:\WINDOWS\system32\guserohu.dll",b
O4 - HKLM\..\RunServices: [Microsoft Updates] svehost.exe
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "E:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [EPSON WorkForce 500 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEQA.EXE /FU "C:\WINDOWS\TEMP\E_SB4.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKUS\S-1-5-19\..\Run: [bovuvamutu] Rundll32.exe "C:\WINDOWS\system32\hivikivo.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [bovuvamutu] Rundll32.exe "C:\WINDOWS\system32\hivikivo.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [bovuvamutu] Rundll32.exe "C:\WINDOWS\system32\gowodohe.dll",s (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [bovuvamutu] Rundll32.exe "C:\WINDOWS\system32\gowodohe.dll",s (User 'Default user')
O4 - Global Startup: AutorunsDisabled
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Jeri Bolin\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\My Documents\Buddy\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\My Documents\Buddy\ICQ6.5\ICQ.exe
O15 - Trusted Zone: http://www.realarcade.com
O15 - Trusted Zone: http://*.torrentzilla.org
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {2ADE19BB-1E79-4EC4-976E-AC74339ADD76} (ActiveViewGUI Control) - http://ghimireinc.serveftp.com/ActiveViewGUI.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3E90FFF5-1347-45B9-91F6-DA47926E9697} (PlaNet SysInfo Agent) - http://www.newhomebasedccr.com/test/PlaNetSysInfo.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1210135733452
O16 - DPF: {66F7F252-3FE1-4650-B1E5-94B2A38271C5} (ActiveView Control) - http://ghimireinc.serveftp.com/ActiveView.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: zkxpoo.dll ypusfr.dll mgtpqa.dll ydloes.dll oxgzrf.dll pgfqdf.dll c:\windows\system32\zefirena.dll c:\windows\system32\tofakavi.dll, obfcys.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - (no file)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NBService - Nero AG - E:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 9305 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Daily).job
C:\WINDOWS\tasks\User_Feed_Synchronization-{AFB2FC53-83E0-4254-8E46-CC23A0D30B78}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - E:\Program Files\Real\New RealPlayer\rpbrowserrecordplugin.dll [2008-05-09 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-06 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9f4efc44-813e-43c6-bd7e-d0dabe914710}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-05-06 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{abbb680d-5315-42d3-ad2b-66d771fb94ef}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-10-01 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-06 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-06 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-05-06 2403392]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"=C:\WINDOWS\system32\Ati2mdxx.exe [2001-09-04 28672]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-07-22 88361]
"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2007-02-05 849280]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-01-31 509784]
"PWRISOVM.EXE"=E:\Program Files\PowerISO\PWRISOVM.EXE [2007-08-06 200704]
"CPMb7144415"=c:\windows\system32\zefirena.dll []
"bovuvamutu"=C:\WINDOWS\system32\gowodohe.dll []
"b4277789"=C:\WINDOWS\system32\guserohu.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Spybot - Search & Destroy"=E:\Program Files\Spybot - Search & Destroy\SpybotSD.exe [2008-07-07 4891472]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]
"EPSON WorkForce 500 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEQA.EXE [2008-02-21 188928]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Search Protection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2008-10-07 111856]
"YSearchProtection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2008-10-07 111856]
"RTReminder"= []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\b4277789]
C:\WINDOWS\system32\guserohu.dll []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bovuvamutu]
C:\WINDOWS\system32\vedihome.dll []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPMb7144415]
c:\windows\system32\masurumo.dll [2009-01-24 101495]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-03-28 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-05-09 185896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
C:\PROGRA~1\WI459E~1\WINDOW~1.EXE [2008-05-26 123904]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
AutorunsDisabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="zkxpoo.dll ypusfr.dll mgtpqa.dll ydloes.dll oxgzrf.dll pgfqdf.dll c:\windows\system32\zefirena.dll c:\windows\system32\tofakavi.dll, obfcys.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-04-10 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=\
d
s
y
s
t
e
m
3
2
\
w
o
r
u
j
u
s
u
.
d
l
l

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"E:\Program Files\iTunes\iTunes.exe"="E:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"E:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe"="E:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"E:\Program Files\uTorrent\uTorrent.exe"="E:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\WINDOWS\system32\spoolsv.exe"="C:\WINDOWS\system32\spoolsv.exe:*:Enabled:spoolsv"
"C:\Program Files\Java\jre6\bin\jqs.exe"="C:\Program Files\Java\jre6\bin\jqs.exe:*:Enabled:jqs"
"C:\WINDOWS\system32\searchindexer.exe"="C:\WINDOWS\system32\searchindexer.exe:*:Enabled:SearchIndexer"
"E:\My Documents\Buddy\Messenger\YahooMessenger.exe"="E:\My Documents\Buddy\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"E:\My Documents\Buddy\ICQ6.5\ICQ.exe"="E:\My Documents\Buddy\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:rundll32"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\WINDOWS\system32\lsass.exe"="C:\WINDOWS\system32\lsass.exe:*:Enabled:lsass"
"C:\WINDOWS\system32\wbem\wmiprvse.exe"="C:\WINDOWS\system32\wbem\wmiprvse.exe:*:Enabled:wmiprvse"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5615ea34-cf3a-11dd-87ae-806d6172696f}]
shell\AutoRun\command - F:\MTInstall.exe
shell\directx\command - F:\Redist\directx8a\dxsetup.exe
shell\Gamespy\command - F:\Redist\GameSpy\ArcadeInstallMTYCOON108c.exe
shell\setup\command - F:\MTInstall.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd280d92-d2f6-11dd-beb1-806d6172696f}]
shell\AutoRun\command - F:\Autorun.exe


======File associations======

.js - open - "E:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"

======List of files/folders created in the last 3 months======

65535-65535-31889 379:31889:443 ----N---- C:\WINDOWS\system32\monetehe.dll_old
65535-65535-31889 379:31889:443 ----N---- C:\WINDOWS\system32\hetisote.dll_old
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\zoramuse.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\zizukiju.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\wobebupi.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\vutofowi.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\vukefese.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\vonineye.dll.tmp
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\volamele.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\viwawede.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\viparele.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\vedihome.dll.tmp
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\vabekame.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\tusavila.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\tosokevo.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\tewudeje.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\rulutati.dll.tmp
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\rotuseni.dll.tmp
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\rosobogu.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\rakowiti.dll.tmp
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\puwaduvu.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\pusekudu.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\pawafilo.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\pagifobe.dll.tmp
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\nuvupino.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\nogorike.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\musosami.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\mudaliso.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\masurumo.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\mahozege.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\luhulupo.dll.tmp
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\lotugene.dll.tmp
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\livahoka.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\likusiyi.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\levunana.dll.tmp
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\kuhihihu.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\kisojaze.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\kifipire.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\jugoreha.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\jetebemi.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\jehikonu.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\jatupuni.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\hufopogi.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\howewufu.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\hesesiwo.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\helokubo.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\goyinoro.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\gowodohe.dll.tmp
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\godidusa.dll.tmp
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\gebuhobo.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\futakoze.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\fokubino.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\finayoga.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\fapawozi.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\fabuyoju.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\duhofele.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\diwupesa.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\dijezoru.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\delagowu.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\dapirima.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\bilokoso.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\bihiwuko.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\bayumoso.dll
2009-02-02 16:36:54 ----D---- C:\rsit
2009-02-02 16:36:54 ----D---- C:\Program Files\trend micro
2009-02-02 12:02:47 ----D---- C:\Documents and Settings\Jeri Bolin\Application Data\Malwarebytes
2009-02-02 12:02:40 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-02-02 07:26:39 ----SH---- C:\WINDOWS\system32\isenojaz.ini
2009-02-01 19:26:21 ----SH---- C:\WINDOWS\system32\usotodib.ini
2009-01-31 19:25:41 ----ASH---- C:\WINDOWS\system32\tjxgte.dll
2009-01-31 03:26:36 ----A---- C:\WINDOWS\system32\lsdelete.exe
2009-01-31 02:08:59 ----HDC---- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-30 07:24:52 ----SH---- C:\WINDOWS\system32\ujazezes.ini
2009-01-28 21:44:39 ----D---- C:\Program Files\Lavasoft
2009-01-27 19:39:36 ----A---- C:\WINDOWS\system32\ewqiap.dll
2009-01-27 07:33:08 ----A---- C:\WINDOWS\system32\tdckdl.dll
2009-01-27 07:30:04 ----SH---- C:\WINDOWS\system32\rorerilu.dll
2009-01-26 19:30:00 ----SH---- C:\WINDOWS\system32\dituguwu.dll
2009-01-26 17:09:04 ----D---- C:\Program Files\directx
2009-01-26 07:27:59 ----A---- C:\WINDOWS\system32\rrijeh.dll
2009-01-26 06:22:21 ----ASH---- C:\WINDOWS\system32\ogecmw.dll
2009-01-25 18:22:03 ----ASH---- C:\WINDOWS\system32\jwakbz.dll
2009-01-25 06:21:48 ----SH---- C:\WINDOWS\system32\ejakisan.ini
2009-01-25 06:21:45 ----ASH---- C:\WINDOWS\system32\bhhxio.dll
2009-01-25 03:14:31 ----A---- C:\WINDOWS\system32\WNASPI32.DLL
2009-01-24 22:47:09 ----RA---- C:\WINDOWS\system32\vp6vfw.dll
2009-01-24 18:21:45 ----ASH---- C:\WINDOWS\system32\jlegat.dll
2009-01-24 10:43:14 ----A---- C:\WINDOWS\X3D.INI
2009-01-24 10:39:26 ----A---- C:\WINDOWS\XaraX.INI
2009-01-24 10:37:59 ----D---- C:\Documents and Settings\Jeri Bolin\Application Data\Xara
2009-01-24 10:37:56 ----A---- C:\WINDOWS\system32\xwsindex.exe
2009-01-24 10:37:55 ----A---- C:\WINDOWS\system32\xmupload.dll
2009-01-24 10:37:55 ----A---- C:\WINDOWS\system32\xfontman.dll
2009-01-24 10:37:55 ----A---- C:\WINDOWS\system32\xaradocg.dll
2009-01-24 10:37:55 ----A---- C:\WINDOWS\system32\BMPImporter.dll
2009-01-24 10:37:55 ----A---- C:\WINDOWS\system32\bincoder.dll
2009-01-24 10:37:53 ----A---- C:\WINDOWS\system32\templop.dll
2009-01-24 10:37:53 ----A---- C:\WINDOWS\system32\templman.dll
2009-01-24 09:54:51 ----A---- C:\WINDOWS\system32\wbhelper.exe
2009-01-24 09:54:50 ----A---- C:\WINDOWS\system32\wbhelp2.dll
2009-01-24 09:50:31 ----D---- C:\Documents and Settings\Jeri Bolin\Application Data\FileOpen
2009-01-24 09:50:31 ----D---- C:\Documents and Settings\All Users\Application Data\FileOpen
2009-01-24 09:50:18 ----D---- C:\Program Files\FileOpen
2009-01-24 09:07:08 ----D---- C:\Documents and Settings\Jeri Bolin\Application Data\InterVideo
2009-01-24 08:59:31 ----D---- C:\Documents and Settings\Jeri Bolin\Application Data\Free Download Manager
2009-01-24 08:37:56 ----D---- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2009-01-24 07:50:47 ----D---- C:\WINDOWS\system32\IOSUBSYS
2009-01-24 06:21:42 ----ASH---- C:\WINDOWS\system32\zahifo.dll
2009-01-24 06:21:40 ----SH---- C:\WINDOWS\system32\ahujivum.ini
2009-01-23 18:21:27 ----ASH---- C:\WINDOWS\system32\ozhimh.dll
2009-01-23 06:21:10 ----ASH---- C:\WINDOWS\system32\dekijr.dll
2009-01-22 18:20:47 ----ASH---- C:\WINDOWS\system32\mdlwhm.dll
2009-01-22 13:42:54 ----D---- C:\Program Files\Free Offers from Freeze.com
2009-01-22 07:07:04 ----A---- C:\WINDOWS\system32\xfjcoe.dll
2009-01-21 18:20:16 ----ASH---- C:\WINDOWS\system32\tyjnnr.dll
2009-01-21 06:19:58 ----ASH---- C:\WINDOWS\system32\dfilii.dll
2009-01-20 18:19:33 ----ASH---- C:\WINDOWS\system32\vfqxxo.dll
2009-01-19 23:37:43 ----D---- C:\Documents and Settings\Jeri Bolin\Application Data\Gogii Games
2009-01-19 23:37:43 ----D---- C:\Documents and Settings\All Users\Application Data\Gogii Games
2009-01-19 18:18:59 ----ASH---- C:\WINDOWS\system32\jxjwho.dll
2009-01-19 06:18:40 ----ASH---- C:\WINDOWS\system32\ncxoux.dll
2009-01-18 06:18:09 ----ASH---- C:\WINDOWS\system32\ljfrlt.dll
2009-01-17 06:17:41 ----SH---- C:\WINDOWS\system32\ehodiveb.ini
2009-01-16 18:17:34 ----SH---- C:\WINDOWS\system32\akudawup.ini
2009-01-15 04:25:50 ----D---- C:\Documents and Settings\Jeri Bolin\Application Data\ICQ
2009-01-15 04:11:47 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2009-01-11 18:15:32 ----SH---- C:\WINDOWS\system32\ihigamod.ini
2009-01-11 06:15:14 ----SH---- C:\WINDOWS\system32\uhoriveb.ini
2009-01-10 18:15:01 ----SH---- C:\WINDOWS\system32\uzotojib.ini
2009-01-09 18:14:44 ----SH---- C:\WINDOWS\system32\egewerif.ini
2009-01-08 18:14:22 ----SH---- C:\WINDOWS\system32\emumenum.ini
2009-01-07 18:14:00 ----SH---- C:\WINDOWS\system32\ozonadel.ini
2009-01-07 06:13:42 ----SH---- C:\WINDOWS\system32\imiwodos.ini
2009-01-06 18:13:21 ----SH---- C:\WINDOWS\system32\ebowigub.ini
2009-01-06 06:13:13 ----SH---- C:\WINDOWS\system32\urayatap.ini
2009-01-05 18:13:04 ----SH---- C:\WINDOWS\system32\umihohom.ini
2009-01-05 06:13:03 ----SH---- C:\WINDOWS\system32\unosawap.ini
2009-01-04 18:12:52 ----SH---- C:\WINDOWS\system32\urakamik.ini
2009-01-04 06:12:39 ----SH---- C:\WINDOWS\system32\asosohod.ini
2009-01-04 04:21:49 ----D---- C:\Program Files\Trymedia
2009-01-03 18:12:30 ----SH---- C:\WINDOWS\system32\unagumov.ini
2009-01-03 06:29:42 ----SH---- C:\WINDOWS\system32\ipigunuf.ini
2009-01-03 05:43:57 ----A---- C:\WINDOWS\wininit.ini
2009-01-02 06:11:47 ----SH---- C:\WINDOWS\system32\uhoresug.ini
2008-12-29 06:10:07 ----SH---- C:\WINDOWS\system32\iremogaz.ini
2008-12-28 18:10:02 ----SH---- C:\WINDOWS\system32\avivebed.ini
2008-12-28 06:09:57 ----SH---- C:\WINDOWS\system32\akusorov.ini
2008-12-27 18:09:31 ----SH---- C:\WINDOWS\system32\ademidul.ini
2008-12-27 06:09:11 ----SH---- C:\WINDOWS\system32\uyekidis.ini
2008-12-22 22:07:33 ----D---- C:\WINDOWS\system32\appmgmt
2008-12-22 17:25:38 ----D---- C:\Documents and Settings\Jeri Bolin\Application Data\FLV Extract
2008-12-14 18:57:01 ----A---- C:\WINDOWS\DASShp.dll
2008-12-14 16:12:34 ----D---- C:\Documents and Settings\Jeri Bolin\Application Data\Sierra Entertainment
2008-12-14 16:10:26 ----RHD---- C:\Documents and Settings\Jeri Bolin\Application Data\SecuROM
2008-12-14 16:09:14 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2008-12-14 16:09:13 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2008-12-14 16:09:04 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2008-12-14 16:09:04 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2008-12-14 16:09:03 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2008-12-14 16:09:02 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2008-12-14 16:09:01 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2008-12-14 16:09:01 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2008-12-14 16:09:00 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2008-12-14 16:08:59 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2008-12-10 09:52:32 ----A---- C:\WINDOWS\PhotoSnapViewer.INI
2008-12-06 19:48:48 ----HD---- C:\Program Files\Zero G Registry
2008-12-06 19:32:25 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-06 19:32:25 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-06 19:32:25 ----A---- C:\WINDOWS\system32\java.exe
2008-12-06 19:32:25 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-06 19:32:09 ----D---- C:\Program Files\Java
2008-12-06 18:25:23 ----D---- C:\WINDOWS\Minidump
2008-12-06 18:18:37 ----A---- C:\WINDOWS\system32\CmdLineExt.dll
2008-12-06 10:08:04 ----A---- C:\WINDOWS\system32\wmpns.dll
2008-12-06 03:17:30 ----A---- C:\WINDOWS\dvdSanta.INI
2008-12-06 02:22:02 ----D---- C:\TempDVD
2008-12-06 02:22:02 ----D---- C:\dvdsanta
2008-11-14 12:23:26 ----HD---- C:\WINDOWS\PIF
2008-11-13 23:22:52 ----D---- C:\Documents and Settings\Jeri Bolin\Application Data\Windows Search
2008-11-13 05:07:59 ----D---- C:\Documents and Settings\Jeri Bolin\Application Data\FileZilla
2008-11-13 01:04:14 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-11-13 00:09:43 ----D---- C:\Program Files\Common Files\Macrovision Shared
2008-11-09 13:36:09 ----D---- C:\Documents and Settings\Jeri Bolin\Application Data\Windows Desktop Search
2008-11-09 13:34:13 ----D---- C:\Program Files\Windows Desktop Search
2008-11-09 13:34:12 ----D---- C:\WINDOWS\system32\GroupPolicy
2008-11-09 13:33:45 ----HDC---- C:\WINDOWS\$NtUninstallKB940157$
2008-11-09 13:33:23 ----HDC---- C:\WINDOWS\$NtUninstallKB915800-v4$
2008-11-05 11:58:10 ----D---- C:\Documents and Settings\Jeri Bolin\Application Data\Yahoo!
2008-11-05 11:58:10 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-11-03 12:07:52 ----D---- C:\Documents and Settings\Jeri Bolin\Application Data\funkitron
2008-11-03 07:15:49 ----D---- C:\Documents and Settings\Jeri Bolin\Application Data\RhinoSoft.com

======List of files/folders modified in the last 3 months======

2009-02-02 16:36:54 ----RD---- C:\Program Files
2009-02-02 16:23:49 ----D---- C:\WINDOWS\Temp
2009-02-02 16:21:04 ----D---- C:\WINDOWS\system32\drivers
2009-02-02 16:21:04 ----D---- C:\WINDOWS\system32
2009-02-02 16:20:20 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-02 16:19:30 ----D---- C:\WINDOWS\Prefetch
2009-02-02 11:55:05 ----HD---- C:\WINDOWS\inf
2009-02-02 11:55:03 ----D---- C:\WINDOWS\system32\CatRoot2
2009-02-02 11:54:57 ----D---- C:\WINDOWS
2009-02-02 01:58:37 ----A---- C:\WINDOWS\NeroDigital.ini
2009-01-31 03:03:54 ----SD---- C:\WINDOWS\Tasks
2009-01-31 03:03:38 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-01-31 02:08:59 ----SHD---- C:\WINDOWS\Installer
2009-01-31 02:08:37 ----D---- C:\WINDOWS\WinSxS
2009-01-31 02:08:29 ----D---- C:\Program Files\Common Files
2009-01-30 15:25:55 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-01-27 20:42:38 ----D---- C:\Documents and Settings\Jeri Bolin\Application Data\Vso
2009-01-27 20:11:42 ----RASH---- C:\boot.ini
2009-01-27 20:11:42 ----D---- C:\WINDOWS\pss
2009-01-27 20:11:42 ----A---- C:\WINDOWS\win.ini
2009-01-27 20:11:42 ----A---- C:\WINDOWS\system.ini
2009-01-27 19:39:36 ----A---- C:\WINDOWS\system32\hikikoli.dll
2009-01-27 19:39:35 ----A---- C:\WINDOWS\system32\tupuzeme.dll
2009-01-27 16:15:13 ----D---- C:\WINDOWS\Help
2009-01-27 07:33:05 ----A---- C:\WINDOWS\system32\wupuwota.dll
2009-01-27 07:33:05 ----A---- C:\WINDOWS\system32\husovetu.dll
2009-01-27 00:59:59 ----D---- C:\Documents and Settings\Jeri Bolin\Application Data\uTorrent
2009-01-26 17:52:35 ----HD---- C:\Program Files\InstallShield Installation Information
2009-01-26 07:27:58 ----A---- C:\WINDOWS\system32\buloyubo.dll
2009-01-24 07:50:34 ----D---- C:\Program Files\Google
2009-01-22 07:07:04 ----A---- C:\WINDOWS\system32\lanadata.dll
2009-01-19 23:19:53 ----D---- C:\Program Files\RealArcade
2009-01-15 04:21:18 ----D---- C:\Program Files\Yahoo!
2009-01-11 07:35:06 ----D---- C:\Documents and Settings\All Users\Application Data\pdf995
2009-01-06 02:40:40 ----D---- C:\WINDOWS\repair
2009-01-06 02:40:14 ----D---- C:\WINDOWS\Registration
2009-01-03 16:06:25 ----SD---- C:\Documents and Settings\Jeri Bolin\Application Data\Microsoft
2009-01-03 09:37:05 ----D---- C:\Program Files\Internet Explorer
2008-12-29 18:10:21 ----ASH---- C:\WINDOWS\system32\wumugaka.dll
2008-12-28 00:30:26 ----A---- C:\WINDOWS\AviSplitter.INI
2008-12-23 09:48:12 ----D---- C:\Program Files\Bonjour
2008-12-22 22:03:57 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-20 23:21:25 ----D---- C:\WINDOWS\system
2008-12-18 20:26:07 ----D---- C:\WINDOWS\system32\DirectX
2008-12-18 20:26:06 ----RSD---- C:\WINDOWS\assembly
2008-12-14 18:57:03 ----RSD---- C:\WINDOWS\Fonts
2008-12-14 16:09:07 ----D---- C:\WINDOWS\Microsoft.NET
2008-12-14 16:05:42 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-12 02:30:18 ----D---- C:\Documents and Settings\All Users\Application Data\ArcSoft
2008-12-12 02:30:15 ----D---- C:\Documents and Settings\Jeri Bolin\Application Data\Arcsoft
2008-12-06 10:23:58 ----SHD---- C:\RECYCLER
2008-12-06 10:07:44 ----D---- C:\Documents and Settings
2008-11-13 01:34:42 ----D---- C:\Documents and Settings\Jeri Bolin\Application Data\Adobe
2008-11-13 00:58:00 ----D---- C:\Program Files\Common Files\Adobe
2008-11-13 00:57:24 ----D---- C:\Program Files\Adobe
2008-11-12 15:22:06 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-11-09 13:34:33 ----A---- C:\WINDOWS\imsins.BAK
2008-11-09 13:34:20 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-09 13:34:15 ----D---- C:\WINDOWS\system32\en-us
2008-11-09 13:34:12 ----D---- C:\WINDOWS\system32\wbem
2008-11-09 13:33:34 ----RSHDC---- C:\WINDOWS\system32\dllcache

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2007-08-07 25160]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2007-08-06 33052]
R1 VClone;VClone; C:\WINDOWS\system32\DRIVERS\VClone.sys [2007-06-16 31616]
R2 ASPI32;ASPI32; C:\WINDOWS\System32\drivers\aspi32.sys [2005-11-20 16512]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\System32\DRIVERS\AGRSM.sys [2004-07-22 1268234]
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2008-01-23 97216]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2004-03-22 701440]
R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2003-03-04 145408]
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2007-02-15 34760]
R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2007-02-15 11984]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-05-17 47360]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2006-11-08 21760]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-07-17 578752]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter; \??\C:\WINDOWS\system32\drivers\NSDriver.sys []
S3 Ad-Watch Real-Time Scanner;AW Real-Time Scanner; \??\C:\WINDOWS\system32\drivers\AWRTPD.sys []
S3 Ad-Watch Registry Filter;Ad-Watch Registry Kernel Filter; \??\C:\WINDOWS\system32\drivers\AWRTRD.sys []
S3 Maplom;Maplom; C:\WINDOWS\system32\drivers\Maplom.sys [2007-11-13 34304]
S3 nm;Network Monitor Driver; C:\WINDOWS\System32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 NPF;Netgroup Packet Filter; C:\WINDOWS\system32\drivers\npf.sys [2008-05-07 42512]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-06 152984]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-31 950096]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-11-13 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-06 138168]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-03-30 504104]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824]
S3 NBService;NBService; E:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2008-07-03 109056]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-02-18 110592]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

#7 DangerMom

DangerMom
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Duncanville, Texas
  • Local time:02:27 AM

Posted 02 February 2009 - 06:12 PM

And finally, here is the GMER log file...

Thank you very much for your help. I look forward to your reply.

Attached Files



#8 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:04:27 PM

Posted 02 February 2009 - 10:54 PM

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#9 DangerMom

DangerMom
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Duncanville, Texas
  • Local time:02:27 AM

Posted 03 February 2009 - 01:14 AM

ComboFix Log...


ComboFix 09-02-02.04 - Jeri Bolin 2009-02-02 23:53:53.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.279 [GMT -6:00]
Running from: c:\documents and settings\Jeri Bolin\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Jeri Bolin\Application Data\inst.exe
c:\windows\system32\ademidul.ini
c:\windows\system32\ahujivum.ini
c:\windows\system32\akudawup.ini
c:\windows\system32\akusorov.ini
c:\windows\system32\asosohod.ini
c:\windows\system32\avivebed.ini
c:\windows\system32\bayumoso.dll
c:\windows\system32\bhhxio.dll
c:\windows\system32\bihiwuko.dll
c:\windows\system32\bilokoso.dll
c:\windows\system32\buloyubo.dll
c:\windows\system32\dapirima.dll
c:\windows\system32\dekijr.dll
c:\windows\system32\delagowu.dll
c:\windows\system32\dfilii.dll
c:\windows\system32\dijezoru.dll
c:\windows\system32\diwupesa.dll
c:\windows\system32\drivers\npf.sys
c:\windows\system32\duhofele.dll
c:\windows\system32\ebowigub.ini
c:\windows\system32\egewerif.ini
c:\windows\system32\ehodiveb.ini
c:\windows\system32\ejakisan.ini
c:\windows\system32\emumenum.ini
c:\windows\system32\ewqiap.dll
c:\windows\system32\fabuyoju.dll
c:\windows\system32\fapawozi.dll
c:\windows\system32\finayoga.dll
c:\windows\system32\fokubino.dll
c:\windows\system32\futakoze.dll
c:\windows\system32\gebuhobo.dll
c:\windows\system32\godidusa.dll.tmp
c:\windows\system32\gowodohe.dll.tmp
c:\windows\system32\goyinoro.dll
c:\windows\system32\helokubo.dll
c:\windows\system32\hesesiwo.dll
c:\windows\system32\hikikoli.dll
c:\windows\system32\howewufu.dll
c:\windows\system32\hufopogi.dll
c:\windows\system32\husovetu.dll
c:\windows\system32\ihigamod.ini
c:\windows\system32\imiwodos.ini
c:\windows\system32\ipigunuf.ini
c:\windows\system32\iremogaz.ini
c:\windows\system32\isenojaz.ini
c:\windows\system32\jatupuni.dll
c:\windows\system32\jehikonu.dll
c:\windows\system32\jetebemi.dll
c:\windows\system32\jlegat.dll
c:\windows\system32\jugoreha.dll
c:\windows\system32\jwakbz.dll
c:\windows\system32\jxjwho.dll
c:\windows\system32\kifipire.dll
c:\windows\system32\kisojaze.dll
c:\windows\system32\kuhihihu.dll
c:\windows\system32\lanadata.dll
c:\windows\system32\levunana.dll.tmp
c:\windows\system32\likusiyi.dll
c:\windows\system32\livahoka.dll
c:\windows\system32\ljfrlt.dll
c:\windows\system32\lotugene.dll.tmp
c:\windows\system32\luhulupo.dll.tmp
c:\windows\system32\mahozege.dll
c:\windows\system32\masurumo.dll
c:\windows\system32\mdlwhm.dll
c:\windows\system32\monetehe.dll_old
c:\windows\system32\mudaliso.dll
c:\windows\system32\musosami.dll
c:\windows\system32\ncxoux.dll
c:\windows\system32\nogorike.dll
c:\windows\system32\nuvupino.dll
c:\windows\system32\ogecmw.dll
c:\windows\system32\ozhimh.dll
c:\windows\system32\ozonadel.ini
c:\windows\system32\packet.dll
c:\windows\system32\pagifobe.dll.tmp
c:\windows\system32\pawafilo.dll
c:\windows\system32\pusekudu.dll
c:\windows\system32\puwaduvu.dll
c:\windows\system32\rakowiti.dll.tmp
c:\windows\system32\rosobogu.dll
c:\windows\system32\rotuseni.dll.tmp
c:\windows\system32\rrijeh.dll
c:\windows\system32\rulutati.dll.tmp
c:\windows\system32\tdckdl.dll
c:\windows\system32\tewudeje.dll
c:\windows\system32\tjxgte.dll
c:\windows\system32\tosokevo.dll
c:\windows\system32\tupuzeme.dll
c:\windows\system32\tusavila.dll
c:\windows\system32\tyjnnr.dll
c:\windows\system32\uhoresug.ini
c:\windows\system32\uhoriveb.ini
c:\windows\system32\ujazezes.ini
c:\windows\system32\umihohom.ini
c:\windows\system32\unagumov.ini
c:\windows\system32\unosawap.ini
c:\windows\system32\urakamik.ini
c:\windows\system32\urayatap.ini
c:\windows\system32\usotodib.ini
c:\windows\system32\uyekidis.ini
c:\windows\system32\uzotojib.ini
c:\windows\system32\vabekame.dll
c:\windows\system32\vedihome.dll.tmp
c:\windows\system32\vfqxxo.dll
c:\windows\system32\viparele.dll
c:\windows\system32\viwawede.dll
c:\windows\system32\volamele.dll
c:\windows\system32\vonineye.dll.tmp
c:\windows\system32\vukefese.dll
c:\windows\system32\vutofowi.dll
c:\windows\system32\wobebupi.dll
c:\windows\system32\wpcap.dll
c:\windows\system32\wumugaka.dll
c:\windows\system32\wupuwota.dll
c:\windows\system32\xfjcoe.dll
c:\windows\system32\zahifo.dll
c:\windows\system32\zizukiju.dll
c:\windows\system32\zoramuse.dll

----- BITS: Possible infected sites -----

hxxp://77.74.48.105
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2009-01-03 to 2009-02-03 )))))))))))))))))))))))))))))))
.

2009-02-02 16:41 . 2009-02-02 16:41 250 --a------ c:\windows\gmer.ini
2009-02-02 16:36 . 2009-02-02 16:37 <DIR> d-------- C:\rsit
2009-02-02 16:36 . 2009-02-02 16:37 <DIR> d-------- c:\program files\trend micro
2009-02-02 12:02 . 2009-02-02 12:02 <DIR> d-------- c:\documents and settings\Jeri Bolin\Application Data\Malwarebytes
2009-02-02 12:02 . 2009-02-02 12:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-02 12:02 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-02 12:02 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-31 03:28 . 2009-01-31 03:28 28,233 --a------ c:\windows\system32\AAWService_2009_01_31_03_28_22.dmp
2009-01-31 03:26 . 2009-01-31 03:03 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-01-31 03:04 . 2009-01-31 03:04 23,003 --a------ c:\windows\system32\AAWService_2009_01_31_03_04_54.dmp
2009-01-31 03:03 . 2009-01-31 03:03 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-01-31 02:08 . 2009-01-31 02:09 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-28 21:44 . 2009-01-31 02:08 <DIR> d-------- c:\program files\Lavasoft
2009-01-27 07:30 . 2009-01-27 07:30 2,713 ---hs---- c:\windows\system32\rorerilu.dll
2009-01-26 19:30 . 2009-01-26 19:30 2,713 ---hs---- c:\windows\system32\dituguwu.dll
2009-01-26 17:09 . 2009-01-26 17:09 <DIR> d-------- c:\program files\directx
2009-01-25 03:14 . 2005-11-20 23:48 45,056 --a------ c:\windows\system32\WNASPI32.DLL
2009-01-25 03:14 . 2005-11-20 23:48 16,512 --a------ c:\windows\system32\drivers\ASPI32.SYS
2009-01-24 22:47 . 2004-08-18 06:34 442,368 -ra------ c:\windows\system32\vp6vfw.dll
2009-01-24 10:43 . 2009-01-24 10:43 1,466 --a------ c:\windows\X3D.INI
2009-01-24 10:39 . 2009-01-24 10:39 746 --a------ c:\windows\XaraX.INI
2009-01-24 10:37 . 2009-01-24 10:37 <DIR> d-------- c:\documents and settings\Jeri Bolin\Application Data\Xara
2009-01-24 10:37 . 2003-10-17 13:03 876,544 --a------ c:\windows\system32\xaradocg.dll
2009-01-24 10:37 . 2003-10-14 14:49 253,952 --a------ c:\windows\system32\templop.dll
2009-01-24 10:37 . 2003-10-02 15:09 180,224 --a------ c:\windows\system32\xwsindex.exe
2009-01-24 10:37 . 2003-10-01 13:49 131,072 --a------ c:\windows\system32\BMPImporter.dll
2009-01-24 10:37 . 2003-10-17 13:03 126,976 --a------ c:\windows\system32\templman.dll
2009-01-24 10:37 . 2003-11-13 11:13 118,784 --a------ c:\windows\system32\xmupload.dll
2009-01-24 10:37 . 2003-05-19 15:18 86,016 --a------ c:\windows\system32\bincoder.dll
2009-01-24 10:37 . 2003-10-06 13:45 23,552 --a------ c:\windows\system32\xfontman.dll
2009-01-24 09:54 . 2001-07-26 22:04 405,563 --a------ c:\windows\system32\wbocx.ocx
2009-01-24 09:54 . 2000-05-26 09:17 50,688 --a------ c:\windows\system32\wbhelp2.dll
2009-01-24 09:54 . 2000-05-26 09:17 28,672 --a------ c:\windows\system32\wbhelper.exe
2009-01-24 09:54 . 2009-01-24 09:54 1 --a------ c:\windows\system32\mspwtbatchlinkdownloader.max
2009-01-24 09:50 . 2009-01-24 09:50 <DIR> d-------- c:\program files\FileOpen
2009-01-24 09:50 . 2009-01-24 09:50 <DIR> d-------- c:\documents and settings\Jeri Bolin\Application Data\FileOpen
2009-01-24 09:50 . 2009-01-24 09:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\FileOpen
2009-01-24 09:07 . 2009-01-24 09:07 <DIR> d-------- c:\documents and settings\Jeri Bolin\Application Data\InterVideo
2009-01-24 08:59 . 2009-01-24 09:02 <DIR> d-------- c:\documents and settings\Jeri Bolin\Application Data\Free Download Manager
2009-01-24 08:37 . 2009-01-24 08:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-01-24 07:50 . 2009-01-24 07:50 <DIR> d-------- c:\windows\system32\IOSUBSYS
2009-01-22 13:42 . 2009-01-22 13:42 <DIR> d-------- c:\program files\Free Offers from Freeze.com
2009-01-19 23:37 . 2009-01-19 23:37 <DIR> d-------- c:\documents and settings\Jeri Bolin\Application Data\Gogii Games
2009-01-19 23:37 . 2009-01-19 23:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\Gogii Games
2009-01-15 04:25 . 2009-01-15 04:28 <DIR> d-------- c:\documents and settings\Jeri Bolin\Application Data\ICQ
2009-01-15 04:11 . 2009-01-15 04:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo!
2009-01-05 16:33 . 2009-01-05 16:33 3,751,995 --a------ c:\windows\system32\GPhotos.scr
2009-01-04 04:21 . 2009-01-04 04:21 <DIR> d-------- c:\program files\Trymedia
2009-01-03 09:28 . 2007-08-01 22:47 102,664 --a------ c:\windows\system32\drivers\tmcomm.sys
2009-01-03 06:35 . 2009-01-03 09:37 <DIR> d-------- c:\documents and settings\Jeri Bolin\.housecall6.6
2009-01-03 05:43 . 2009-01-22 04:57 211 --a------ c:\windows\wininit.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-02 23:51 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-01-28 02:42 --------- d-----w c:\documents and settings\Jeri Bolin\Application Data\Vso
2009-01-27 06:59 --------- d-----w c:\documents and settings\Jeri Bolin\Application Data\uTorrent
2009-01-26 23:52 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-24 13:50 --------- d-----w c:\program files\Google
2009-01-20 05:19 --------- d-----w c:\program files\RealArcade
2009-01-15 10:21 --------- d-----w c:\program files\Yahoo!
2009-01-11 13:35 --------- d-----w c:\documents and settings\All Users\Application Data\pdf995
2008-12-23 15:48 --------- d-----w c:\program files\Bonjour
2008-12-22 23:28 --------- d-----w c:\documents and settings\Jeri Bolin\Application Data\FLV Extract
2008-12-14 22:12 --------- d-----w c:\documents and settings\Jeri Bolin\Application Data\Sierra Entertainment
2008-12-12 08:30 --------- d-----w c:\documents and settings\Jeri Bolin\Application Data\Arcsoft
2008-12-12 08:30 --------- d-----w c:\documents and settings\All Users\Application Data\ArcSoft
2008-12-08 23:47 --------- d-----w c:\documents and settings\Buddy\Application Data\funkitron
2008-12-08 23:28 --------- d-----w c:\documents and settings\Buddy\Application Data\Windows Search
2008-12-07 01:56 --------- d--h--w c:\program files\Zero G Registry
2008-12-07 01:32 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-12-07 01:32 --------- d-----w c:\program files\Java
2008-12-06 16:41 --------- d--h--r c:\documents and settings\Buddy\Application Data\yahoo!
2008-12-06 16:08 --------- d-----w c:\documents and settings\Buddy\Application Data\Windows Desktop Search
2008-05-17 11:07 47,360 -c--a-w c:\documents and settings\Jeri Bolin\Application Data\pcouffin.sys
2008-05-07 21:30 774,144 ----a-w c:\program files\RngInterstitial.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="e:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"EPSON WorkForce 500 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEQA.EXE" [2008-02-21 188928]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-01-31 509784]
"PWRISOVM.EXE"="e:\program files\PowerISO\PWRISOVM.EXE" [2007-08-06 200704]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 c:\windows\system32\Ati2mdxx.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2004-07-22 c:\windows\AGRSMMSG.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Spybot - Search & Destroy"="e:\program files\Spybot - Search & Destroy\SpybotSD.exe" [2008-07-07 4891472]

c:\documents and settings\Buddy\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i263_32.drv
"vidc.ffds"= ffdshow.ax
"msacm.ac3filter"= ac3filter.acm
"msacm.g723"= g723.acm
"vidc.I263"= I263_32.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ \ d s y t e m 3 2 w o r u j . l

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-06-27 18:03 152872 c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 2007-03-01 14:57 153136 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 22:37 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-05-09 22:12 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\Program Files\\iTunes\\iTunes.exe"=
"e:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"e:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\jqs.exe"=
"c:\\WINDOWS\\system32\\searchindexer.exe"=
"e:\\My Documents\\Buddy\\ICQ6.5\\ICQ.exe"=
"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-01-31 64160]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 950096]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5615ea34-cf3a-11dd-87ae-806d6172696f}]
\Shell\AutoRun\command - F:\MTInstall.exe
\Shell\directx\command - f:\redist\directx8a\dxsetup.exe
\Shell\Gamespy\command - f:\redist\GameSpy\ArcadeInstallMTYCOON108c.exe
\Shell\setup\command - F:\MTInstall.exe
.
Contents of the 'Scheduled Tasks' folder

2009-02-02 c:\windows\Tasks\Ad-Aware Update (Daily).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-31 03:03]

2009-01-18 c:\windows\Tasks\User_Feed_Synchronization-{AFB2FC53-83E0-4254-8E46-CC23A0D30B78}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 17:36]
.
- - - - ORPHANS REMOVED - - - -

BHO-{9f4efc44-813e-43c6-bd7e-d0dabe914710} - (no file)
BHO-{abbb680d-5315-42d3-ad2b-66d771fb94ef} - (no file)
HKCU-Run-RTReminder - (no file)
HKLM-Run-CPMb7144415 - c:\windows\system32\zefirena.dll
HKLM-Run-bovuvamutu - c:\windows\system32\gowodohe.dll
HKLM-Run-b4277789 - c:\windows\system32\guserohu.dll
HKU-Default-Run-bovuvamutu - c:\windows\system32\gowodohe.dll
SSODL-SSODL-{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - (no file)
MSConfigStartUp-b4277789 - c:\windows\system32\guserohu.dll
MSConfigStartUp-bovuvamutu - c:\windows\system32\vedihome.dll
MSConfigStartUp-CPMb7144415 - c:\windows\system32\masurumo.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Jeri Bolin\Start Menu\Programs\IMVU\Run IMVU.lnk
Trusted Zone: real.com\account
Trusted Zone: realarcade.com\www
Trusted Zone: torrentzilla.org
DPF: {2ADE19BB-1E79-4EC4-976E-AC74339ADD76} - hxxp://ghimireinc.serveftp.com/ActiveViewGUI.cab
DPF: {3E90FFF5-1347-45B9-91F6-DA47926E9697} - hxxp://www.newhomebasedccr.com/test/PlaNetSysInfo.cab
DPF: {66F7F252-3FE1-4650-B1E5-94B2A38271C5} - hxxp://ghimireinc.serveftp.com/ActiveView.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-02 23:59:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Windows\AutorunsDisabled]
"Appinit_Dlls"="c:\\windows\\system32\\sajijade.dll,c:\\WINDOWS\\system32\\worujusu.dll"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\searchindexer.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\searchprotocolhost.exe
c:\windows\system32\searchfilterhost.exe
.
**************************************************************************
.
Completion time: 2009-02-03 0:05:44 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-03 06:05:37

Pre-Run: 876,449,792 bytes free
Post-Run: 2,006,454,272 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

364

#10 DangerMom

DangerMom
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Duncanville, Texas
  • Local time:02:27 AM

Posted 03 February 2009 - 01:16 AM

NEW RSIT Log - based on your last post, I guess this is the only other thing you need, but let me know.

Thanks Much!!



Logfile of random's system information tool 1.05 (written by random/random)
Run by Jeri Bolin at 2009-02-03 00:09:54
Microsoft Windows XP Professional Service Pack 3
System drive C: has 2 GB (14%) free of 14 GB
Total RAM: 511 MB (32% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:10:03 AM, on 2/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
E:\Program Files\PowerISO\PWRISOVM.EXE
E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Jeri Bolin\Desktop\RSIT.exe
C:\Program Files\trend micro\Jeri Bolin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - E:\Program Files\Real\New RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] E:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "E:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [EPSON WorkForce 500 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEQA.EXE /FU "C:\WINDOWS\TEMP\E_SB4.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - Global Startup: AutorunsDisabled
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Jeri Bolin\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\My Documents\Buddy\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\My Documents\Buddy\ICQ6.5\ICQ.exe
O15 - Trusted Zone: http://www.realarcade.com
O15 - Trusted Zone: http://*.torrentzilla.org
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {2ADE19BB-1E79-4EC4-976E-AC74339ADD76} (ActiveViewGUI Control) - http://ghimireinc.serveftp.com/ActiveViewGUI.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3E90FFF5-1347-45B9-91F6-DA47926E9697} (PlaNet SysInfo Agent) - http://www.newhomebasedccr.com/test/PlaNetSysInfo.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1210135733452
O16 - DPF: {66F7F252-3FE1-4650-B1E5-94B2A38271C5} (ActiveView Control) - http://ghimireinc.serveftp.com/ActiveView.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NBService - Nero AG - E:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 8247 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Daily).job
C:\WINDOWS\tasks\User_Feed_Synchronization-{AFB2FC53-83E0-4254-8E46-CC23A0D30B78}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - E:\Program Files\Real\New RealPlayer\rpbrowserrecordplugin.dll [2008-05-09 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-06 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-05-06 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-10-01 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-06 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-06 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-05-06 2403392]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"=C:\WINDOWS\system32\Ati2mdxx.exe [2001-09-04 28672]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-07-22 88361]
"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2007-02-05 849280]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-01-31 509784]
"PWRISOVM.EXE"=E:\Program Files\PowerISO\PWRISOVM.EXE [2007-08-06 200704]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Spybot - Search & Destroy"=E:\Program Files\Spybot - Search & Destroy\SpybotSD.exe [2008-07-07 4891472]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]
"EPSON WorkForce 500 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEQA.EXE [2008-02-21 188928]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Search Protection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2008-10-07 111856]
"YSearchProtection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2008-10-07 111856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-03-28 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-05-09 185896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
C:\PROGRA~1\WI459E~1\WINDOW~1.EXE [2008-05-26 123904]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
AutorunsDisabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-04-10 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=\
d
s
y
t
e
m
3
2
w
o
r
u
j
.
l

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"E:\Program Files\iTunes\iTunes.exe"="E:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"E:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe"="E:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"E:\Program Files\uTorrent\uTorrent.exe"="E:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\WINDOWS\system32\spoolsv.exe"="C:\WINDOWS\system32\spoolsv.exe:*:Enabled:spoolsv"
"C:\Program Files\Java\jre6\bin\jqs.exe"="C:\Program Files\Java\jre6\bin\jqs.exe:*:Enabled:jqs"
"C:\WINDOWS\system32\searchindexer.exe"="C:\WINDOWS\system32\searchindexer.exe:*:Enabled:SearchIndexer"
"E:\My Documents\Buddy\ICQ6.5\ICQ.exe"="E:\My Documents\Buddy\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\WINDOWS\system32\wbem\wmiprvse.exe"="C:\WINDOWS\system32\wbem\wmiprvse.exe:*:Enabled:wmiprvse"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5615ea34-cf3a-11dd-87ae-806d6172696f}]
shell\AutoRun\command - F:\MTInstall.exe
shell\directx\command - F:\Redist\directx8a\dxsetup.exe
shell\Gamespy\command - F:\Redist\GameSpy\ArcadeInstallMTYCOON108c.exe
shell\setup\command - F:\MTInstall.exe


======File associations======

.js - open - "E:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"

======List of files/folders created in the last 3 months======

65535-65535-31889 379:31889:443 ----N---- C:\WINDOWS\system32\hetisote.dll_old
2009-02-03 00:09:02 ----SHD---- C:\RECYCLER
2009-02-03 00:05:46 ----A---- C:\ComboFix.txt
2009-02-02 23:52:26 ----A---- C:\Boot.bak
2009-02-02 23:52:17 ----RASHD---- C:\cmdcons
2009-02-02 23:50:07 ----A---- C:\WINDOWS\zip.exe
2009-02-02 23:50:07 ----A---- C:\WINDOWS\VFIND.exe
2009-02-02 23:50:07 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-02-02 23:50:07 ----A---- C:\WINDOWS\SWSC.exe
2009-02-02 23:50:07 ----A---- C:\WINDOWS\SWREG.exe
2009-02-02 23:50:07 ----A---- C:\WINDOWS\sed.exe
2009-02-02 23:50:07 ----A---- C:\WINDOWS\NIRCMD.exe
2009-02-02 23:50:07 ----A---- C:\WINDOWS\grep.exe
2009-02-02 23:50:07 ----A---- C:\WINDOWS\fdsv.exe
2009-02-02 23:49:58 ----D---- C:\WINDOWS\ERDNT
2009-02-02 23:49:58 ----D---- C:\Qoobox
2009-02-02 16:41:46 ----A---- C:\WINDOWS\gmer.ini
2009-02-02 16:41:45 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2009-02-02 16:41:45 ----A---- C:\WINDOWS\gmer.dll
2009-02-02 16:41:44 ----A---- C:\WINDOWS\gmer.exe
2009-02-02 16:36:54 ----D---- C:\rsit
2009-02-02 16:36:54 ----D---- C:\Program Files\trend micro
2009-02-02 12:02:47 ----D---- C:\Documents and Settings\Jeri Bolin\Application Data\Malwarebytes
2009-02-02 12:02:40 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-01-31 03:26:36 ----A---- C:\WINDOWS\system32\lsdelete.exe
2009-01-31 02:08:59 ----HDC---- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-28 21:44:39 ----D---- C:\Program Files\Lavasoft
2009-01-27 07:30:04 ----SH---- C:\WINDOWS\system32\rorerilu.dll
2009-01-26 19:30:00 ----SH---- C:\WINDOWS\system32\dituguwu.dll
2009-01-26 17:09:04 ----D---- C:\Program Files\directx
2009-01-25 03:14:31 ----A---- C:\WINDOWS\system32\WNASPI32.DLL
2009-01-24 22:47:09 ----RA---- C:\WINDOWS\system32\vp6vfw.dll
2009-01-24 10:43:14 ----A---- C:\WINDOWS\X3D.INI
2009-01-24 10:39:26 ----A---- C:\WINDOWS\XaraX.INI
2009-01-24 10:37:59 ----D---- C:\Documents and Settings\Jeri Bolin\Application Data\Xara
2009-01-24 10:37:56 ----A---- C:\WINDOWS\system32\xwsindex.exe
2009-01-24 10:37:55 ----A---- C:\WINDOWS\system32\xmupload.dll
2009-01-24 10:37:55 ----A---- C:\WINDOWS\system32\xfontman.dll
2009-01-24 10:37:55 ----A---- C:\WINDOWS\system32\xaradocg.dll
2009-01-24 10:37:55 ----A---- C:\WINDOWS\system32\BMPImporter.dll
2009-01-24 10:37:55 ----A---- C:\WINDOWS\system32\bincoder.dll
2009-01-24 10:37:53 ----A---- C:\WINDOWS\system32\templop.dll
2009-01-24 10:37:53 ----A---- C:\WINDOWS\system32\templman.dll
2009-01-24 09:54:51 ----A---- C:\WINDOWS\system32\wbhelper.exe
2009-01-24 09:54:50 ----A---- C:\WINDOWS\system32\wbhelp2.dll
2009-01-24 09:50:31 ----D---- C:\Documents and Settings\Jeri Bolin\Application Data\FileOpen
2009-01-24 09:50:31 ----D---- C:\Documents and Settings\All Users\Application Data\FileOpen
2009-01-24 09:50:18 ----D---- C:\Program Files\FileOpen
2009-01-24 09:07:08 ----D---- C:\Documents and Settings\Jeri Bolin\Application Data\InterVideo
2009-01-24 08:59:31 ----D---- C:\Documents and Settings\Jeri Bolin\Application Data\Free Download Manager
2009-01-24 08:37:56 ----D---- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2009-01-24 07:50:47 ----D---- C:\WINDOWS\system32\IOSUBSYS
2009-01-22 13:42:54 ----D---- C:\Program Files\Free Offers from Freeze.com
2009-01-19 23:37:43 ----D---- C:\Documents and Settings\Jeri Bolin\Application Data\Gogii Games
2009-01-19 23:37:43 ----D---- C:\Documents and Settings\All Users\Application Data\Gogii Games
2009-01-15 04:25:50 ----D---- C:\Documents and Settings\Jeri Bolin\Application Data\ICQ
2009-01-15 04:11:47 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2009-01-04 04:21:49 ----D---- C:\Program Files\Trymedia
2009-01-03 05:43:57 ----A---- C:\WINDOWS\wininit.ini
2008-12-22 22:07:33 ----D---- C:\WINDOWS\system32\appmgmt
2008-12-22 17:25:38 ----D---- C:\Documents and Settings\Jeri Bolin\Application Data\FLV Extract
2008-12-14 18:57:01 ----A---- C:\WINDOWS\DASShp.dll
2008-12-14 16:12:34 ----D---- C:\Documents and Settings\Jeri Bolin\Application Data\Sierra Entertainment
2008-12-14 16:09:14 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2008-12-14 16:09:13 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2008-12-14 16:09:04 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2008-12-14 16:09:04 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2008-12-14 16:09:03 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2008-12-14 16:09:02 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2008-12-14 16:09:01 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2008-12-14 16:09:01 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2008-12-14 16:09:00 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2008-12-14 16:08:59 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2008-12-10 09:52:32 ----A---- C:\WINDOWS\PhotoSnapViewer.INI
2008-12-06 19:48:48 ----HD---- C:\Program Files\Zero G Registry
2008-12-06 19:32:25 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-06 19:32:25 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-06 19:32:25 ----A---- C:\WINDOWS\system32\java.exe
2008-12-06 19:32:25 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-06 19:32:09 ----D---- C:\Program Files\Java
2008-12-06 18:25:23 ----D---- C:\WINDOWS\Minidump
2008-12-06 18:18:37 ----A---- C:\WINDOWS\system32\CmdLineExt.dll
2008-12-06 10:08:04 ----A---- C:\WINDOWS\system32\wmpns.dll
2008-12-06 03:17:30 ----A---- C:\WINDOWS\dvdSanta.INI
2008-12-06 02:22:02 ----D---- C:\TempDVD
2008-12-06 02:22:02 ----D---- C:\dvdsanta
2008-11-14 12:23:26 ----HD---- C:\WINDOWS\PIF
2008-11-13 23:22:52 ----D---- C:\Documents and Settings\Jeri Bolin\Application Data\Windows Search
2008-11-13 05:07:59 ----D---- C:\Documents and Settings\Jeri Bolin\Application Data\FileZilla
2008-11-13 01:04:14 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-11-13 00:09:43 ----D---- C:\Program Files\Common Files\Macrovision Shared
2008-11-09 13:36:09 ----D---- C:\Documents and Settings\Jeri Bolin\Application Data\Windows Desktop Search
2008-11-09 13:34:13 ----D---- C:\Program Files\Windows Desktop Search
2008-11-09 13:34:12 ----D---- C:\WINDOWS\system32\GroupPolicy
2008-11-09 13:33:45 ----HDC---- C:\WINDOWS\$NtUninstallKB940157$
2008-11-09 13:33:23 ----HDC---- C:\WINDOWS\$NtUninstallKB915800-v4$
2008-11-05 11:58:10 ----D---- C:\Documents and Settings\Jeri Bolin\Application Data\Yahoo!
2008-11-05 11:58:10 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion

======List of files/folders modified in the last 3 months======

2009-02-03 00:05:56 ----D---- C:\WINDOWS\system32\drivers
2009-02-03 00:05:56 ----D---- C:\WINDOWS\system32
2009-02-03 00:05:51 ----D---- C:\WINDOWS\Temp
2009-02-03 00:05:51 ----D---- C:\WINDOWS
2009-02-03 00:04:00 ----D---- C:\WINDOWS\system32\CatRoot2
2009-02-02 23:59:08 ----A---- C:\WINDOWS\system.ini
2009-02-02 23:56:47 ----D---- C:\WINDOWS\system32\config
2009-02-02 23:54:54 ----D---- C:\WINDOWS\AppPatch
2009-02-02 23:54:54 ----D---- C:\Program Files\Common Files
2009-02-02 23:52:26 ----RASH---- C:\boot.ini
2009-02-02 23:51:27 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-02 23:49:58 ----D---- C:\WINDOWS\Prefetch
2009-02-02 16:36:54 ----RD---- C:\Program Files
2009-02-02 11:55:05 ----HD---- C:\WINDOWS\inf
2009-02-02 01:58:37 ----A---- C:\WINDOWS\NeroDigital.ini
2009-01-31 03:03:54 ----SD---- C:\WINDOWS\Tasks
2009-01-31 03:03:38 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-01-31 02:08:59 ----SHD---- C:\WINDOWS\Installer
2009-01-31 02:08:37 ----D---- C:\WINDOWS\WinSxS
2009-01-30 15:25:55 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-01-27 20:42:38 ----D---- C:\Documents and Settings\Jeri Bolin\Application Data\Vso
2009-01-27 20:11:42 ----D---- C:\WINDOWS\pss
2009-01-27 20:11:42 ----A---- C:\WINDOWS\win.ini
2009-01-27 16:15:13 ----D---- C:\WINDOWS\Help
2009-01-27 00:59:59 ----D---- C:\Documents and Settings\Jeri Bolin\Application Data\uTorrent
2009-01-26 17:52:35 ----HD---- C:\Program Files\InstallShield Installation Information
2009-01-24 07:50:34 ----D---- C:\Program Files\Google
2009-01-19 23:19:53 ----D---- C:\Program Files\RealArcade
2009-01-15 04:21:18 ----D---- C:\Program Files\Yahoo!
2009-01-11 07:35:06 ----D---- C:\Documents and Settings\All Users\Application Data\pdf995
2009-01-06 02:40:40 ----D---- C:\WINDOWS\repair
2009-01-06 02:40:14 ----D---- C:\WINDOWS\Registration
2009-01-03 16:06:25 ----SD---- C:\Documents and Settings\Jeri Bolin\Application Data\Microsoft
2009-01-03 09:37:05 ----D---- C:\Program Files\Internet Explorer
2008-12-28 00:30:26 ----A---- C:\WINDOWS\AviSplitter.INI
2008-12-23 09:48:12 ----D---- C:\Program Files\Bonjour
2008-12-22 22:03:57 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-20 23:21:25 ----D---- C:\WINDOWS\system
2008-12-18 20:26:07 ----D---- C:\WINDOWS\system32\DirectX
2008-12-18 20:26:06 ----RSD---- C:\WINDOWS\assembly
2008-12-14 18:57:03 ----RSD---- C:\WINDOWS\Fonts
2008-12-14 16:09:07 ----D---- C:\WINDOWS\Microsoft.NET
2008-12-14 16:05:42 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-12 02:30:18 ----D---- C:\Documents and Settings\All Users\Application Data\ArcSoft
2008-12-12 02:30:15 ----D---- C:\Documents and Settings\Jeri Bolin\Application Data\Arcsoft
2008-12-06 10:07:44 ----D---- C:\Documents and Settings
2008-11-13 01:34:42 ----D---- C:\Documents and Settings\Jeri Bolin\Application Data\Adobe
2008-11-13 00:58:00 ----D---- C:\Program Files\Common Files\Adobe
2008-11-13 00:57:24 ----D---- C:\Program Files\Adobe
2008-11-12 15:22:06 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-11-09 13:34:33 ----A---- C:\WINDOWS\imsins.BAK
2008-11-09 13:34:20 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-09 13:34:15 ----D---- C:\WINDOWS\system32\en-us
2008-11-09 13:34:12 ----D---- C:\WINDOWS\system32\wbem
2008-11-09 13:33:34 ----RSHDC---- C:\WINDOWS\system32\dllcache

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2007-08-07 25160]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2007-08-06 33052]
R1 VClone;VClone; C:\WINDOWS\system32\DRIVERS\VClone.sys [2007-06-16 31616]
R2 ASPI32;ASPI32; C:\WINDOWS\System32\drivers\aspi32.sys [2005-11-20 16512]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\System32\DRIVERS\AGRSM.sys [2004-07-22 1268234]
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2008-01-23 97216]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2004-03-22 701440]
R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2003-03-04 145408]
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2007-02-15 34760]
R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2007-02-15 11984]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-05-17 47360]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2006-11-08 21760]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-07-17 578752]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter; \??\C:\WINDOWS\system32\drivers\NSDriver.sys []
S3 Ad-Watch Real-Time Scanner;AW Real-Time Scanner; \??\C:\WINDOWS\system32\drivers\AWRTPD.sys []
S3 Ad-Watch Registry Filter;Ad-Watch Registry Kernel Filter; \??\C:\WINDOWS\system32\drivers\AWRTRD.sys []
S3 Maplom;Maplom; C:\WINDOWS\system32\drivers\Maplom.sys [2007-11-13 34304]
S3 nm;Network Monitor Driver; C:\WINDOWS\System32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-06 152984]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-31 950096]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-11-13 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-06 138168]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-03-30 504104]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824]
S3 NBService;NBService; E:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2008-07-03 109056]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-02-18 110592]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

#11 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:04:27 PM

Posted 03 February 2009 - 01:35 AM

1. Please open Notepad
  • Click Start, then Run
  • Type notepad.exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

File::
c:\windows\system32\rorerilu.dll
c:\windows\system32\dituguwu.dll
c:\windows\system32\sajijade.dll
c:\WINDOWS\system32\worujusu.dll

RegLock::
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Windows\AutorunsDisabled]

Registry::
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Notification Packages"=hex(7):73,63,65,63,6c,69,00,00
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Windows\AutorunsDisabled]
"Appinit_Dlls"=""

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#12 DangerMom

DangerMom
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Duncanville, Texas
  • Local time:02:27 AM

Posted 03 February 2009 - 02:03 PM

Latest ComboFix Log...


ComboFix 09-02-02.04 - Jeri Bolin 2009-02-03 12:48:57.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.261 [GMT -6:00]
Running from: c:\documents and settings\Jeri Bolin\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jeri Bolin\Desktop\CFScript.txt
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated)
* Created a new restore point

FILE ::
c:\windows\system32\dituguwu.dll
c:\windows\system32\rorerilu.dll
c:\windows\system32\sajijade.dll
c:\windows\system32\worujusu.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\dituguwu.dll
c:\windows\system32\rorerilu.dll

.
((((((((((((((((((((((((( Files Created from 2009-01-03 to 2009-02-03 )))))))))))))))))))))))))))))))
.

2009-02-03 00:42 . 2009-02-03 00:42 <DIR> d-------- c:\documents and settings\Jeri Bolin\Application Data\ATI
2009-02-03 00:22 . 2006-05-03 11:57 520,192 --------- c:\windows\system32\ati2sgag.exe
2009-02-03 00:21 . 2009-02-03 00:22 <DIR> d-------- c:\program files\ATI Technologies
2009-02-03 00:20 . 2009-02-03 00:20 <DIR> d-------- C:\ATI
2009-02-02 16:41 . 2009-02-02 16:41 250 --a------ c:\windows\gmer.ini
2009-02-02 16:36 . 2009-02-02 16:37 <DIR> d-------- C:\rsit
2009-02-02 16:36 . 2009-02-03 00:09 <DIR> d-------- c:\program files\trend micro
2009-02-02 12:02 . 2009-02-02 12:02 <DIR> d-------- c:\documents and settings\Jeri Bolin\Application Data\Malwarebytes
2009-02-02 12:02 . 2009-02-02 12:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-02 12:02 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-02 12:02 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-31 03:28 . 2009-01-31 03:28 28,233 --a------ c:\windows\system32\AAWService_2009_01_31_03_28_22.dmp
2009-01-31 03:26 . 2009-01-31 03:03 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-01-31 03:04 . 2009-01-31 03:04 23,003 --a------ c:\windows\system32\AAWService_2009_01_31_03_04_54.dmp
2009-01-31 03:03 . 2009-01-31 03:03 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-01-31 02:08 . 2009-01-31 02:09 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-28 21:44 . 2009-01-31 02:08 <DIR> d-------- c:\program files\Lavasoft
2009-01-26 17:09 . 2009-01-26 17:09 <DIR> d-------- c:\program files\directx
2009-01-25 03:14 . 2005-11-20 23:48 45,056 --a------ c:\windows\system32\WNASPI32.DLL
2009-01-25 03:14 . 2005-11-20 23:48 16,512 --a------ c:\windows\system32\drivers\ASPI32.SYS
2009-01-24 22:47 . 2004-08-18 06:34 442,368 -ra------ c:\windows\system32\vp6vfw.dll
2009-01-24 10:43 . 2009-01-24 10:43 1,466 --a------ c:\windows\X3D.INI
2009-01-24 10:39 . 2009-01-24 10:39 746 --a------ c:\windows\XaraX.INI
2009-01-24 10:37 . 2009-01-24 10:37 <DIR> d-------- c:\documents and settings\Jeri Bolin\Application Data\Xara
2009-01-24 10:37 . 2003-10-17 13:03 876,544 --a------ c:\windows\system32\xaradocg.dll
2009-01-24 10:37 . 2003-10-14 14:49 253,952 --a------ c:\windows\system32\templop.dll
2009-01-24 10:37 . 2003-10-02 15:09 180,224 --a------ c:\windows\system32\xwsindex.exe
2009-01-24 10:37 . 2003-10-01 13:49 131,072 --a------ c:\windows\system32\BMPImporter.dll
2009-01-24 10:37 . 2003-10-17 13:03 126,976 --a------ c:\windows\system32\templman.dll
2009-01-24 10:37 . 2003-11-13 11:13 118,784 --a------ c:\windows\system32\xmupload.dll
2009-01-24 10:37 . 2003-05-19 15:18 86,016 --a------ c:\windows\system32\bincoder.dll
2009-01-24 10:37 . 2003-10-06 13:45 23,552 --a------ c:\windows\system32\xfontman.dll
2009-01-24 09:54 . 2001-07-26 22:04 405,563 --a------ c:\windows\system32\wbocx.ocx
2009-01-24 09:54 . 2000-05-26 09:17 50,688 --a------ c:\windows\system32\wbhelp2.dll
2009-01-24 09:54 . 2000-05-26 09:17 28,672 --a------ c:\windows\system32\wbhelper.exe
2009-01-24 09:54 . 2009-01-24 09:54 1 --a------ c:\windows\system32\mspwtbatchlinkdownloader.max
2009-01-24 09:50 . 2009-01-24 09:50 <DIR> d-------- c:\program files\FileOpen
2009-01-24 09:50 . 2009-01-24 09:50 <DIR> d-------- c:\documents and settings\Jeri Bolin\Application Data\FileOpen
2009-01-24 09:50 . 2009-01-24 09:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\FileOpen
2009-01-24 09:07 . 2009-01-24 09:07 <DIR> d-------- c:\documents and settings\Jeri Bolin\Application Data\InterVideo
2009-01-24 08:59 . 2009-01-24 09:02 <DIR> d-------- c:\documents and settings\Jeri Bolin\Application Data\Free Download Manager
2009-01-24 08:37 . 2009-01-24 08:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-01-24 07:50 . 2009-01-24 07:50 <DIR> d-------- c:\windows\system32\IOSUBSYS
2009-01-22 13:42 . 2009-01-22 13:42 <DIR> d-------- c:\program files\Free Offers from Freeze.com
2009-01-19 23:37 . 2009-01-19 23:37 <DIR> d-------- c:\documents and settings\Jeri Bolin\Application Data\Gogii Games
2009-01-19 23:37 . 2009-01-19 23:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\Gogii Games
2009-01-15 04:25 . 2009-01-15 04:28 <DIR> d-------- c:\documents and settings\Jeri Bolin\Application Data\ICQ
2009-01-15 04:11 . 2009-01-15 04:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo!
2009-01-05 16:33 . 2009-01-05 16:33 3,751,995 --a------ c:\windows\system32\GPhotos.scr
2009-01-04 04:21 . 2009-01-04 04:21 <DIR> d-------- c:\program files\Trymedia
2009-01-03 09:28 . 2007-08-01 22:47 102,664 --a------ c:\windows\system32\drivers\tmcomm.sys
2009-01-03 06:35 . 2009-01-03 09:37 <DIR> d-------- c:\documents and settings\Jeri Bolin\.housecall6.6
2009-01-03 05:43 . 2009-01-22 04:57 211 --a------ c:\windows\wininit.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-02 23:51 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-01-28 02:42 --------- d-----w c:\documents and settings\Jeri Bolin\Application Data\Vso
2009-01-27 06:59 --------- d-----w c:\documents and settings\Jeri Bolin\Application Data\uTorrent
2009-01-26 23:52 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-24 13:50 --------- d-----w c:\program files\Google
2009-01-20 05:19 --------- d-----w c:\program files\RealArcade
2009-01-15 10:21 --------- d-----w c:\program files\Yahoo!
2009-01-11 13:35 --------- d-----w c:\documents and settings\All Users\Application Data\pdf995
2008-12-23 15:48 --------- d-----w c:\program files\Bonjour
2008-12-22 23:28 --------- d-----w c:\documents and settings\Jeri Bolin\Application Data\FLV Extract
2008-12-14 22:12 --------- d-----w c:\documents and settings\Jeri Bolin\Application Data\Sierra Entertainment
2008-12-12 08:30 --------- d-----w c:\documents and settings\Jeri Bolin\Application Data\Arcsoft
2008-12-12 08:30 --------- d-----w c:\documents and settings\All Users\Application Data\ArcSoft
2008-12-08 23:47 --------- d-----w c:\documents and settings\Buddy\Application Data\funkitron
2008-12-08 23:28 --------- d-----w c:\documents and settings\Buddy\Application Data\Windows Search
2008-12-07 01:56 --------- d--h--w c:\program files\Zero G Registry
2008-12-07 01:32 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-12-07 01:32 --------- d-----w c:\program files\Java
2008-12-06 16:41 --------- d--h--r c:\documents and settings\Buddy\Application Data\yahoo!
2008-12-06 16:08 --------- d-----w c:\documents and settings\Buddy\Application Data\Windows Desktop Search
2008-05-17 11:07 47,360 -c--a-w c:\documents and settings\Jeri Bolin\Application Data\pcouffin.sys
2008-05-07 21:30 774,144 ----a-w c:\program files\RngInterstitial.dll
.

((((((((((((((((((((((((((((( snapshot@2009-02-03_ 0.04.19.64 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-03 09:32:57 9,662 ----a-r c:\windows\Installer\{A2A78A4F-C655-48B5-B47F-0F3ADF708AF3}\controlPanelIcon.exe
+ 2009-02-03 09:32:57 10,134 ----a-r c:\windows\Installer\{A2A78A4F-C655-48B5-B47F-0F3ADF708AF3}\SystemFolder_msiexec.exe
+ 2009-02-03 06:24:24 9,158 ----a-r c:\windows\Installer\{EA9FAF16-0E5C-42C4-9742-9AF8D5F6D69B}\ARPPRODUCTICON.exe
+ 2009-02-03 06:24:24 9,158 ----a-r c:\windows\Installer\{EA9FAF16-0E5C-42C4-9742-9AF8D5F6D69B}\NewShortcut1_6E06A57A67284CFBAA9A5149F9C9ADB3.exe
+ 2009-02-03 06:24:24 9,158 ----a-r c:\windows\Installer\{EA9FAF16-0E5C-42C4-9742-9AF8D5F6D69B}\NewShortcut2_6E06A57A67284CFBAA9A5149F9C9ADB3.exe
+ 2009-02-03 06:24:24 9,158 ----a-r c:\windows\Installer\{EA9FAF16-0E5C-42C4-9742-9AF8D5F6D69B}\NewShortcut21_6E06A57A67284CFBAA9A5149F9C9ADB3.exe
+ 2009-02-03 06:24:24 9,158 ----a-r c:\windows\Installer\{EA9FAF16-0E5C-42C4-9742-9AF8D5F6D69B}\NewShortcut22_6E06A57A67284CFBAA9A5149F9C9ADB3.exe
+ 2009-02-03 06:24:24 9,158 ----a-r c:\windows\Installer\{EA9FAF16-0E5C-42C4-9742-9AF8D5F6D69B}\NewShortcut3_6E06A57A67284CFBAA9A5149F9C9ADB3.exe
+ 2009-02-03 06:24:24 9,158 ----a-r c:\windows\Installer\{EA9FAF16-0E5C-42C4-9742-9AF8D5F6D69B}\NewShortcut5_6E06A57A67284CFBAA9A5149F9C9ADB3.exe
- 2004-03-23 00:45:32 229,376 ----a-w c:\windows\system32\ati2cqag.dll
+ 2006-05-03 16:09:20 282,624 ----a-w c:\windows\system32\ati2cqag.dll
- 2004-03-23 02:00:16 201,728 ----a-w c:\windows\system32\ati2dvag.dll
+ 2006-05-03 16:51:00 258,048 ----a-w c:\windows\system32\ati2dvag.dll
- 2004-03-23 01:50:56 30,720 -c--a-w c:\windows\system32\ati2edxx.dll
+ 2006-05-03 16:45:06 41,984 ----a-w c:\windows\system32\ati2edxx.dll
- 2004-03-23 01:50:40 86,016 -c--a-w c:\windows\system32\ati2evxx.dll
+ 2006-05-03 16:44:54 61,440 ----a-w c:\windows\system32\ati2evxx.dll
- 2004-03-23 01:49:08 397,312 -c--a-w c:\windows\system32\ati2evxx.exe
+ 2006-05-03 16:43:46 413,696 ----a-w c:\windows\system32\ati2evxx.exe
- 2001-09-04 19:24:26 28,672 ----a-w c:\windows\system32\Ati2mdxx.exe
+ 2006-05-03 16:45:14 26,112 ----a-w c:\windows\system32\Ati2mdxx.exe
- 2004-03-23 01:38:38 1,888,992 ----a-w c:\windows\system32\ati3duag.dll
+ 2006-05-03 16:35:24 2,693,280 ----a-w c:\windows\system32\ati3duag.dll
- 2004-03-23 01:48:40 81,920 -c--a-w c:\windows\system32\ATIDDC.DLL
+ 2006-05-03 16:43:14 53,248 ----a-w c:\windows\system32\ATIDDC.DLL
+ 2006-05-03 16:12:26 286,720 ----a-w c:\windows\system32\ATIDEMGR.dll
+ 2006-04-28 20:05:14 127,614 ----a-w c:\windows\system32\atiicdxx.dat
- 2004-03-23 04:15:04 294,912 -c--a-w c:\windows\system32\atiiiexx.dll
+ 2006-05-03 16:54:10 307,200 ----a-w c:\windows\system32\atiiiexx.dll
+ 2006-05-03 16:15:58 151,552 ----a-w c:\windows\system32\atikvmag.dll
+ 2006-05-03 16:21:20 6,684,672 ----a-w c:\windows\system32\atioglx1.dll
- 2004-03-23 02:38:24 6,189,056 ----a-w c:\windows\system32\atioglxx.dll
+ 2006-05-03 16:18:04 5,033,984 ----a-w c:\windows\system32\atioglxx.dll
- 2004-03-23 01:51:20 114,688 -c--a-w c:\windows\system32\atipdlxx.dll
+ 2006-05-03 16:45:34 114,688 ----a-w c:\windows\system32\atipdlxx.dll
- 2004-03-23 00:52:12 17,408 -c--a-w c:\windows\system32\atitvo32.dll
+ 2006-05-03 16:15:10 17,408 ----a-w c:\windows\system32\atitvo32.dll
- 2004-03-23 01:05:42 516,768 ----a-w c:\windows\system32\ativvaxx.dll
+ 2006-05-03 16:29:12 1,408,000 ----a-w c:\windows\system32\ativvaxx.dll
+ 2006-05-03 16:50:42 1,540,608 -c--a-w c:\windows\system32\dllcache\ati2mtag.sys
+ 2006-05-03 16:10:34 40,960 ----a-w c:\windows\system32\drivers\ati2erec.dll
- 2004-03-23 01:59:52 701,440 ----a-w c:\windows\system32\drivers\ati2mtag.sys
+ 2006-05-03 16:50:42 1,540,608 ----a-w c:\windows\system32\drivers\ati2mtag.sys
- 2004-03-23 01:51:06 102,400 -c--a-w c:\windows\system32\Oemdspif.dll
+ 2006-05-03 16:45:22 77,824 ----a-w c:\windows\system32\Oemdspif.dll
+ 2004-03-23 00:45:32 229,376 ----a-w c:\windows\system32\ReinstallBackups\0000\DriverFiles\ati2cqag.dll
+ 2004-03-23 02:00:16 201,728 ----a-w c:\windows\system32\ReinstallBackups\0000\DriverFiles\ati2dvag.dll
+ 2004-03-23 01:50:56 30,720 ----a-w c:\windows\system32\ReinstallBackups\0000\DriverFiles\ati2edxx.dll
+ 2004-03-23 01:50:40 86,016 ----a-w c:\windows\system32\ReinstallBackups\0000\DriverFiles\ati2evxx.dll
+ 2004-03-23 01:49:08 397,312 ----a-w c:\windows\system32\ReinstallBackups\0000\DriverFiles\ati2evxx.exe
+ 2001-09-04 19:24:26 28,672 ----a-w c:\windows\system32\ReinstallBackups\0000\DriverFiles\Ati2mdxx.exe
+ 2004-03-23 01:59:52 701,440 ----a-w c:\windows\system32\ReinstallBackups\0000\DriverFiles\ati2mtag.sys
+ 2004-03-23 01:12:08 870,784 ----a-w c:\windows\system32\ReinstallBackups\0000\DriverFiles\ati3d1ag.dll
+ 2004-03-23 01:24:22 1,057,760 ----a-w c:\windows\system32\ReinstallBackups\0000\DriverFiles\ati3d2ag.dll
+ 2004-03-23 01:38:38 1,888,992 ----a-w c:\windows\system32\ReinstallBackups\0000\DriverFiles\ati3duag.dll
+ 2004-03-23 01:48:40 81,920 ----a-w c:\windows\system32\ReinstallBackups\0000\DriverFiles\ATIDDC.DLL
+ 2004-03-23 04:15:04 294,912 ----a-w c:\windows\system32\ReinstallBackups\0000\DriverFiles\atiiiexx.dll
+ 2004-03-23 02:38:24 6,189,056 ----a-w c:\windows\system32\ReinstallBackups\0000\DriverFiles\atioglxx.dll
+ 2004-03-23 01:51:20 114,688 ----a-w c:\windows\system32\ReinstallBackups\0000\DriverFiles\atipdlxx.dll
+ 2004-03-23 00:52:12 17,408 ----a-w c:\windows\system32\ReinstallBackups\0000\DriverFiles\atitvo32.dll
+ 2001-11-09 14:01:04 24,064 ----a-w c:\windows\system32\ReinstallBackups\0000\DriverFiles\ativcoxx.dll
+ 2004-03-23 01:05:42 516,768 ----a-w c:\windows\system32\ReinstallBackups\0000\DriverFiles\ativvaxx.dll
+ 2004-03-23 01:51:06 102,400 ----a-w c:\windows\system32\ReinstallBackups\0000\DriverFiles\Oemdspif.dll
+ 2006-10-08 20:51:00 383,818 ----a-w c:\windows\system32\sqlite3.dll
+ 2009-02-03 18:54:28 16,384 ----atw c:\windows\temp\Perflib_Perfdata_1cc.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="e:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"EPSON WorkForce 500 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEQA.EXE" [2008-02-21 188928]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-01-31 509784]
"PWRISOVM.EXE"="e:\program files\PowerISO\PWRISOVM.EXE" [2007-08-06 200704]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"CPMb7144415"="c:\windows\system32\zefirena.dll" [BU]
"bovuvamutu"="c:\windows\system32\gowodohe.dll" [BU]
"b4277789"="c:\windows\system32\guserohu.dll" [BU]
"AGRSMMSG"="AGRSMMSG.exe" [2004-07-22 c:\windows\AGRSMMSG.exe]

c:\documents and settings\Buddy\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i263_32.drv
"vidc.ffds"= ffdshow.ax
"msacm.ac3filter"= ac3filter.acm
"msacm.g723"= g723.acm
"vidc.I263"= I263_32.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-06-27 18:03 152872 c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 2007-03-01 14:57 153136 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 22:37 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-05-09 22:12 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\Program Files\\iTunes\\iTunes.exe"=
"e:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"e:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\jqs.exe"=
"c:\\WINDOWS\\system32\\searchindexer.exe"=
"e:\\My Documents\\Buddy\\ICQ6.5\\ICQ.exe"=
"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-01-31 64160]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 950096]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5615ea34-cf3a-11dd-87ae-806d6172696f}]
\Shell\AutoRun\command - F:\MTInstall.exe
\Shell\directx\command - f:\redist\directx8a\dxsetup.exe
\Shell\Gamespy\command - f:\redist\GameSpy\ArcadeInstallMTYCOON108c.exe
\Shell\setup\command - F:\MTInstall.exe
.
Contents of the 'Scheduled Tasks' folder

2009-02-03 c:\windows\Tasks\Ad-Aware Update (Daily).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-31 03:03]

2009-01-18 c:\windows\Tasks\User_Feed_Synchronization-{AFB2FC53-83E0-4254-8E46-CC23A0D30B78}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 17:36]
.
- - - - ORPHANS REMOVED - - - -

BHO-{9f4efc44-813e-43c6-bd7e-d0dabe914710} - (no file)
BHO-{abbb680d-5315-42d3-ad2b-66d771fb94ef} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Jeri Bolin\Start Menu\Programs\IMVU\Run IMVU.lnk
Trusted Zone: real.com\account
Trusted Zone: realarcade.com\www
Trusted Zone: torrentzilla.org
DPF: {2ADE19BB-1E79-4EC4-976E-AC74339ADD76} - hxxp://ghimireinc.serveftp.com/ActiveViewGUI.cab
DPF: {3E90FFF5-1347-45B9-91F6-DA47926E9697} - hxxp://www.newhomebasedccr.com/test/PlaNetSysInfo.cab
DPF: {66F7F252-3FE1-4650-B1E5-94B2A38271C5} - hxxp://ghimireinc.serveftp.com/ActiveView.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-03 12:54:38
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Windows\AutorunsDisabled]
"Appinit_Dlls"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(872)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\searchindexer.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2009-02-03 13:01:29 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-03 19:01:26
ComboFix2.txt 2009-02-03 06:05:46

Pre-Run: 1,648,173,056 bytes free
Post-Run: 1,693,949,952 bytes free

302

#13 DangerMom

DangerMom
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Duncanville, Texas
  • Local time:02:27 AM

Posted 03 February 2009 - 02:05 PM

Latest RSIT Log...


Logfile of random's system information tool 1.05 (written by random/random)
Run by Jeri Bolin at 2009-02-03 13:04:09
Microsoft Windows XP Professional Service Pack 3
System drive C: has 2 GB (11%) free of 14 GB
Total RAM: 511 MB (37% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:04:18 PM, on 2/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
E:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Jeri Bolin\Desktop\RSIT.exe
C:\Program Files\trend micro\Jeri Bolin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - E:\Program Files\Real\New RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] E:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [CPMb7144415] Rundll32.exe "c:\windows\system32\zefirena.dll",a
O4 - HKLM\..\Run: [bovuvamutu] Rundll32.exe "C:\WINDOWS\system32\gowodohe.dll",s
O4 - HKLM\..\Run: [b4277789] rundll32.exe "C:\WINDOWS\system32\guserohu.dll",b
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [EPSON WorkForce 500 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEQA.EXE /FU "C:\WINDOWS\TEMP\E_SB4.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - Global Startup: AutorunsDisabled
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Jeri Bolin\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\My Documents\Buddy\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\My Documents\Buddy\ICQ6.5\ICQ.exe
O15 - Trusted Zone: http://www.realarcade.com
O15 - Trusted Zone: http://*.torrentzilla.org
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {2ADE19BB-1E79-4EC4-976E-AC74339ADD76} (ActiveViewGUI Control) - http://ghimireinc.serveftp.com/ActiveViewGUI.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3E90FFF5-1347-45B9-91F6-DA47926E9697} (PlaNet SysInfo Agent) - http://www.newhomebasedccr.com/test/PlaNetSysInfo.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1210135733452
O16 - DPF: {66F7F252-3FE1-4650-B1E5-94B2A38271C5} (ActiveView Control) - http://ghimireinc.serveftp.com/ActiveView.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NBService - Nero AG - E:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 8796 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Daily).job
C:\WINDOWS\tasks\User_Feed_Synchronization-{AFB2FC53-83E0-4254-8E46-CC23A0D30B78}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - E:\Program Files\Real\New RealPlayer\rpbrowserrecordplugin.dll [2008-05-09 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-06 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-05-06 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-10-01 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-06 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-06 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-05-06 2403392]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-07-22 88361]
"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2007-02-05 849280]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-01-31 509784]
"PWRISOVM.EXE"=E:\Program Files\PowerISO\PWRISOVM.EXE [2007-08-06 200704]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056]
"CPMb7144415"=c:\windows\system32\zefirena.dll []
"bovuvamutu"=C:\WINDOWS\system32\gowodohe.dll []
"b4277789"=C:\WINDOWS\system32\guserohu.dll []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]
"EPSON WorkForce 500 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEQA.EXE [2008-02-21 188928]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Search Protection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2008-10-07 111856]
"YSearchProtection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2008-10-07 111856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-03-28 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-05-09 185896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
C:\PROGRA~1\WI459E~1\WINDOW~1.EXE [2008-05-26 123904]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
AutorunsDisabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-05-03 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-04-10 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"E:\Program Files\iTunes\iTunes.exe"="E:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"E:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe"="E:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"E:\Program Files\uTorrent\uTorrent.exe"="E:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\WINDOWS\system32\spoolsv.exe"="C:\WINDOWS\system32\spoolsv.exe:*:Enabled:spoolsv"
"C:\Program Files\Java\jre6\bin\jqs.exe"="C:\Program Files\Java\jre6\bin\jqs.exe:*:Enabled:jqs"
"C:\WINDOWS\system32\searchindexer.exe"="C:\WINDOWS\system32\searchindexer.exe:*:Enabled:SearchIndexer"
"E:\My Documents\Buddy\ICQ6.5\ICQ.exe"="E:\My Documents\Buddy\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\WINDOWS\system32\wbem\wmiprvse.exe"="C:\WINDOWS\system32\wbem\wmiprvse.exe:*:Enabled:wmiprvse"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5615ea34-cf3a-11dd-87ae-806d6172696f}]
shell\AutoRun\command - F:\MTInstall.exe
shell\directx\command - F:\Redist\directx8a\dxsetup.exe
shell\Gamespy\command - F:\Redist\GameSpy\ArcadeInstallMTYCOON108c.exe
shell\setup\command - F:\MTInstall.exe


======File associations======

.js - open - "E:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"

======List of files/folders created in the last 3 months======

65535-65535-31889 379:31889:443 ----N---- C:\WINDOWS\system32\hetisote.dll_old
2009-02-03 13:01:31 ----A---- C:\ComboFix.txt
2009-02-03 12:52:07 ----D---- C:\WINDOWS\temp
2009-02-03 00:42:33 ----D---- C:\Documents and Settings\Jeri Bolin\Application Data\ATI
2009-02-03 00:22:10 ----N---- C:\WINDOWS\system32\ati2sgag.exe
2009-02-03 00:21:19 ----D---- C:\Program Files\ATI Technologies
2009-02-03 00:20:41 ----D---- C:\ATI
2009-02-02 23:52:26 ----A---- C:\Boot.bak
2009-02-02 23:52:17 ----RASHD---- C:\cmdcons
2009-02-02 23:50:07 ----A---- C:\WINDOWS\zip.exe
2009-02-02 23:50:07 ----A---- C:\WINDOWS\VFIND.exe
2009-02-02 23:50:07 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-02-02 23:50:07 ----A---- C:\WINDOWS\SWSC.exe
2009-02-02 23:50:07 ----A---- C:\WINDOWS\SWREG.exe
2009-02-02 23:50:07 ----A---- C:\WINDOWS\sed.exe
2009-02-02 23:50:07 ----A---- C:\WINDOWS\NIRCMD.exe
2009-02-02 23:50:07 ----A---- C:\WINDOWS\grep.exe
2009-02-02 23:50:07 ----A---- C:\WINDOWS\fdsv.exe
2009-02-02 23:49:58 ----D---- C:\WINDOWS\ERDNT
2009-02-02 23:49:58 ----D---- C:\Qoobox
2009-02-02 16:41:46 ----A---- C:\WINDOWS\gmer.ini
2009-02-02 16:41:45 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2009-02-02 16:41:45 ----A---- C:\WINDOWS\gmer.dll
2009-02-02 16:41:44 ----A---- C:\WINDOWS\gmer.exe
2009-02-02 16:36:54 ----D---- C:\rsit
2009-02-02 16:36:54 ----D---- C:\Program Files\trend micro
2009-02-02 12:02:47 ----D---- C:\Documents and Settings\Jeri Bolin\Application Data\Malwarebytes
2009-02-02 12:02:40 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-01-31 03:26:36 ----A---- C:\WINDOWS\system32\lsdelete.exe
2009-01-31 02:08:59 ----HDC---- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-28 21:44:39 ----D---- C:\Program Files\Lavasoft
2009-01-26 17:09:04 ----D---- C:\Program Files\directx
2009-01-25 03:14:31 ----A---- C:\WINDOWS\system32\WNASPI32.DLL
2009-01-24 22:47:09 ----RA---- C:\WINDOWS\system32\vp6vfw.dll
2009-01-24 10:43:14 ----A---- C:\WINDOWS\X3D.INI
2009-01-24 10:39:26 ----A---- C:\WINDOWS\XaraX.INI
2009-01-24 10:37:59 ----D---- C:\Documents and Settings\Jeri Bolin\Application Data\Xara
2009-01-24 10:37:56 ----A---- C:\WINDOWS\system32\xwsindex.exe
2009-01-24 10:37:55 ----A---- C:\WINDOWS\system32\xmupload.dll
2009-01-24 10:37:55 ----A---- C:\WINDOWS\system32\xfontman.dll
2009-01-24 10:37:55 ----A---- C:\WINDOWS\system32\xaradocg.dll
2009-01-24 10:37:55 ----A---- C:\WINDOWS\system32\BMPImporter.dll
2009-01-24 10:37:55 ----A---- C:\WINDOWS\system32\bincoder.dll
2009-01-24 10:37:53 ----A---- C:\WINDOWS\system32\templop.dll
2009-01-24 10:37:53 ----A---- C:\WINDOWS\system32\templman.dll
2009-01-24 09:54:51 ----A---- C:\WINDOWS\system32\wbhelper.exe
2009-01-24 09:54:50 ----A---- C:\WINDOWS\system32\wbhelp2.dll
2009-01-24 09:50:31 ----D---- C:\Documents and Settings\Jeri Bolin\Application Data\FileOpen
2009-01-24 09:50:31 ----D---- C:\Documents and Settings\All Users\Application Data\FileOpen
2009-01-24 09:50:18 ----D---- C:\Program Files\FileOpen
2009-01-24 09:07:08 ----D---- C:\Documents and Settings\Jeri Bolin\Application Data\InterVideo
2009-01-24 08:59:31 ----D---- C:\Documents and Settings\Jeri Bolin\Application Data\Free Download Manager
2009-01-24 08:37:56 ----D---- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2009-01-24 07:50:47 ----D---- C:\WINDOWS\system32\IOSUBSYS
2009-01-22 13:42:54 ----D---- C:\Program Files\Free Offers from Freeze.com
2009-01-19 23:37:43 ----D---- C:\Documents and Settings\Jeri Bolin\Application Data\Gogii Games
2009-01-19 23:37:43 ----D---- C:\Documents and Settings\All Users\Application Data\Gogii Games
2009-01-15 04:25:50 ----D---- C:\Documents and Settings\Jeri Bolin\Application Data\ICQ
2009-01-15 04:11:47 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2009-01-04 04:21:49 ----D---- C:\Program Files\Trymedia
2009-01-03 05:43:57 ----A---- C:\WINDOWS\wininit.ini
2008-12-22 22:07:33 ----D---- C:\WINDOWS\system32\appmgmt
2008-12-22 17:25:38 ----D---- C:\Documents and Settings\Jeri Bolin\Application Data\FLV Extract
2008-12-14 18:57:01 ----A---- C:\WINDOWS\DASShp.dll
2008-12-14 16:12:34 ----D---- C:\Documents and Settings\Jeri Bolin\Application Data\Sierra Entertainment
2008-12-14 16:09:14 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2008-12-14 16:09:13 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2008-12-14 16:09:04 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2008-12-14 16:09:04 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2008-12-14 16:09:03 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2008-12-14 16:09:02 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2008-12-14 16:09:01 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2008-12-14 16:09:01 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2008-12-14 16:09:00 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2008-12-14 16:08:59 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2008-12-10 09:52:32 ----A---- C:\WINDOWS\PhotoSnapViewer.INI
2008-12-06 19:48:48 ----HD---- C:\Program Files\Zero G Registry
2008-12-06 19:32:25 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-06 19:32:25 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-06 19:32:25 ----A---- C:\WINDOWS\system32\java.exe
2008-12-06 19:32:25 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-06 19:32:09 ----D---- C:\Program Files\Java
2008-12-06 18:25:23 ----D---- C:\WINDOWS\Minidump
2008-12-06 18:18:37 ----A---- C:\WINDOWS\system32\CmdLineExt.dll
2008-12-06 10:08:04 ----A---- C:\WINDOWS\system32\wmpns.dll
2008-12-06 03:17:30 ----A---- C:\WINDOWS\dvdSanta.INI
2008-12-06 02:22:02 ----D---- C:\TempDVD
2008-12-06 02:22:02 ----D---- C:\dvdsanta
2008-11-14 12:23:26 ----HD---- C:\WINDOWS\PIF
2008-11-13 23:22:52 ----D---- C:\Documents and Settings\Jeri Bolin\Application Data\Windows Search
2008-11-13 05:07:59 ----D---- C:\Documents and Settings\Jeri Bolin\Application Data\FileZilla
2008-11-13 01:04:14 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-11-13 00:09:43 ----D---- C:\Program Files\Common Files\Macrovision Shared
2008-11-09 13:36:09 ----D---- C:\Documents and Settings\Jeri Bolin\Application Data\Windows Desktop Search
2008-11-09 13:34:13 ----D---- C:\Program Files\Windows Desktop Search
2008-11-09 13:34:12 ----D---- C:\WINDOWS\system32\GroupPolicy
2008-11-09 13:33:45 ----HDC---- C:\WINDOWS\$NtUninstallKB940157$
2008-11-09 13:33:23 ----HDC---- C:\WINDOWS\$NtUninstallKB915800-v4$
2008-11-05 11:58:10 ----D---- C:\Documents and Settings\Jeri Bolin\Application Data\Yahoo!
2008-11-05 11:58:10 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion

======List of files/folders modified in the last 3 months======

2009-02-03 13:04:14 ----D---- C:\WINDOWS\Prefetch
2009-02-03 13:01:38 ----D---- C:\WINDOWS\system32\drivers
2009-02-03 13:01:38 ----D---- C:\WINDOWS\system32
2009-02-03 13:01:36 ----D---- C:\WINDOWS
2009-02-03 12:59:57 ----D---- C:\WINDOWS\system32\CatRoot2
2009-02-03 12:54:43 ----A---- C:\WINDOWS\system.ini
2009-02-03 12:51:42 ----D---- C:\Program Files\Common Files
2009-02-03 12:51:41 ----D---- C:\WINDOWS\AppPatch
2009-02-03 12:48:24 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-03 03:33:01 ----SHD---- C:\WINDOWS\Installer
2009-02-03 00:44:16 ----D---- C:\WINDOWS\system32\config
2009-02-03 00:42:28 ----SD---- C:\Documents and Settings\Jeri Bolin\Application Data\Microsoft
2009-02-03 00:21:34 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-02-03 00:21:29 ----HD---- C:\WINDOWS\inf
2009-02-03 00:21:19 ----RD---- C:\Program Files
2009-02-02 23:52:26 ----RASH---- C:\boot.ini
2009-02-02 01:58:37 ----A---- C:\WINDOWS\NeroDigital.ini
2009-01-31 03:03:54 ----SD---- C:\WINDOWS\Tasks
2009-01-31 03:03:38 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-01-31 02:08:37 ----D---- C:\WINDOWS\WinSxS
2009-01-30 15:25:55 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-01-27 20:42:38 ----D---- C:\Documents and Settings\Jeri Bolin\Application Data\Vso
2009-01-27 20:11:42 ----D---- C:\WINDOWS\pss
2009-01-27 20:11:42 ----A---- C:\WINDOWS\win.ini
2009-01-27 16:15:13 ----D---- C:\WINDOWS\Help
2009-01-27 00:59:59 ----D---- C:\Documents and Settings\Jeri Bolin\Application Data\uTorrent
2009-01-26 17:52:35 ----HD---- C:\Program Files\InstallShield Installation Information
2009-01-24 07:50:34 ----D---- C:\Program Files\Google
2009-01-19 23:19:53 ----D---- C:\Program Files\RealArcade
2009-01-15 04:21:18 ----D---- C:\Program Files\Yahoo!
2009-01-11 07:35:06 ----D---- C:\Documents and Settings\All Users\Application Data\pdf995
2009-01-06 02:40:40 ----D---- C:\WINDOWS\repair
2009-01-06 02:40:14 ----D---- C:\WINDOWS\Registration
2009-01-03 09:37:05 ----D---- C:\Program Files\Internet Explorer
2008-12-28 00:30:26 ----A---- C:\WINDOWS\AviSplitter.INI
2008-12-23 09:48:12 ----D---- C:\Program Files\Bonjour
2008-12-22 22:03:57 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-20 23:21:25 ----D---- C:\WINDOWS\system
2008-12-18 20:26:07 ----D---- C:\WINDOWS\system32\DirectX
2008-12-18 20:26:06 ----RSD---- C:\WINDOWS\assembly
2008-12-14 18:57:03 ----RSD---- C:\WINDOWS\Fonts
2008-12-14 16:09:07 ----D---- C:\WINDOWS\Microsoft.NET
2008-12-14 16:05:42 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-12 02:30:18 ----D---- C:\Documents and Settings\All Users\Application Data\ArcSoft
2008-12-12 02:30:15 ----D---- C:\Documents and Settings\Jeri Bolin\Application Data\Arcsoft
2008-12-06 10:07:44 ----D---- C:\Documents and Settings
2008-11-13 01:34:42 ----D---- C:\Documents and Settings\Jeri Bolin\Application Data\Adobe
2008-11-13 00:58:00 ----D---- C:\Program Files\Common Files\Adobe
2008-11-13 00:57:24 ----D---- C:\Program Files\Adobe
2008-11-12 15:22:06 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-11-09 13:34:33 ----A---- C:\WINDOWS\imsins.BAK
2008-11-09 13:34:20 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-09 13:34:15 ----D---- C:\WINDOWS\system32\en-us
2008-11-09 13:34:12 ----D---- C:\WINDOWS\system32\wbem

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2007-08-07 25160]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2007-08-06 33052]
R1 VClone;VClone; C:\WINDOWS\system32\DRIVERS\VClone.sys [2007-06-16 31616]
R2 ASPI32;ASPI32; C:\WINDOWS\System32\drivers\aspi32.sys [2005-11-20 16512]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\System32\DRIVERS\AGRSM.sys [2004-07-22 1268234]
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2008-01-23 97216]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2006-05-03 1540608]
R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2003-03-04 145408]
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2007-02-15 34760]
R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2007-02-15 11984]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-05-17 47360]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2006-11-08 21760]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-07-17 578752]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter; \??\C:\WINDOWS\system32\drivers\NSDriver.sys []
S3 Ad-Watch Real-Time Scanner;AW Real-Time Scanner; \??\C:\WINDOWS\system32\drivers\AWRTPD.sys []
S3 Ad-Watch Registry Filter;Ad-Watch Registry Kernel Filter; \??\C:\WINDOWS\system32\drivers\AWRTRD.sys []
S3 Maplom;Maplom; C:\WINDOWS\system32\drivers\Maplom.sys [2007-11-13 34304]
S3 nm;Network Monitor Driver; C:\WINDOWS\System32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-03 413696]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-06 152984]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-31 950096]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-05-03 520192]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-11-13 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-06 138168]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-03-30 504104]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824]
S3 NBService;NBService; E:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2008-07-03 109056]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-02-18 110592]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

#14 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:04:27 PM

Posted 03 February 2009 - 09:38 PM

1. Please open Notepad
  • Click Start, then Run
  • Type notepad.exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

File::
c:\windows\system32\zefirena.dll
C:\WINDOWS\system32\gowodohe.dll
C:\WINDOWS\system32\guserohu.dll
C:\WINDOWS\system32\hetisote.dll_old

Registry::
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"CPMb7144415"=-
"bovuvamutu"=-
"b4277789"=-

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#15 DangerMom

DangerMom
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Duncanville, Texas
  • Local time:02:27 AM

Posted 04 February 2009 - 08:01 AM

Here we go again...

ComboFix Log...


ComboFix 09-02-03.01 - Jeri Bolin 2009-02-04 6:30:11.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.180 [GMT -6:00]
Running from: c:\documents and settings\Jeri Bolin\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jeri Bolin\Desktop\CFScript.txt
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated)
* Created a new restore point

FILE ::
c:\windows\system32\gowodohe.dll
c:\windows\system32\guserohu.dll
c:\windows\system32\hetisote.dll_old
c:\windows\system32\zefirena.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\hetisote.dll_old

.
((((((((((((((((((((((((( Files Created from 2009-01-04 to 2009-02-04 )))))))))))))))))))))))))))))))
.

2009-02-03 00:42 . 2009-02-03 00:42 <DIR> d-------- c:\documents and settings\Jeri Bolin\Application Data\ATI
2009-02-03 00:22 . 2006-05-03 11:57 520,192 --------- c:\windows\system32\ati2sgag.exe
2009-02-03 00:21 . 2009-02-03 00:22 <DIR> d-------- c:\program files\ATI Technologies
2009-02-03 00:20 . 2009-02-03 00:20 <DIR> d-------- C:\ATI
2009-02-02 16:41 . 2009-02-02 16:41 250 --a------ c:\windows\gmer.ini
2009-02-02 16:36 . 2009-02-02 16:37 <DIR> d-------- C:\rsit
2009-02-02 16:36 . 2009-02-03 13:04 <DIR> d-------- c:\program files\trend micro
2009-02-02 12:02 . 2009-02-02 12:02 <DIR> d-------- c:\documents and settings\Jeri Bolin\Application Data\Malwarebytes
2009-02-02 12:02 . 2009-02-02 12:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-02 12:02 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-02 12:02 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-31 03:28 . 2009-01-31 03:28 28,233 --a------ c:\windows\system32\AAWService_2009_01_31_03_28_22.dmp
2009-01-31 03:26 . 2009-01-31 03:03 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-01-31 03:04 . 2009-01-31 03:04 23,003 --a------ c:\windows\system32\AAWService_2009_01_31_03_04_54.dmp
2009-01-31 03:03 . 2009-01-31 03:03 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-01-31 02:08 . 2009-01-31 02:09 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-28 21:44 . 2009-01-31 02:08 <DIR> d-------- c:\program files\Lavasoft
2009-01-26 17:09 . 2009-01-26 17:09 <DIR> d-------- c:\program files\directx
2009-01-25 03:14 . 2005-11-20 23:48 45,056 --a------ c:\windows\system32\WNASPI32.DLL
2009-01-25 03:14 . 2005-11-20 23:48 16,512 --a------ c:\windows\system32\drivers\ASPI32.SYS
2009-01-24 22:47 . 2004-08-18 06:34 442,368 -ra------ c:\windows\system32\vp6vfw.dll
2009-01-24 10:43 . 2009-01-24 10:43 1,466 --a------ c:\windows\X3D.INI
2009-01-24 10:39 . 2009-01-24 10:39 746 --a------ c:\windows\XaraX.INI
2009-01-24 10:37 . 2009-01-24 10:37 <DIR> d-------- c:\documents and settings\Jeri Bolin\Application Data\Xara
2009-01-24 10:37 . 2003-10-17 13:03 876,544 --a------ c:\windows\system32\xaradocg.dll
2009-01-24 10:37 . 2003-10-14 14:49 253,952 --a------ c:\windows\system32\templop.dll
2009-01-24 10:37 . 2003-10-02 15:09 180,224 --a------ c:\windows\system32\xwsindex.exe
2009-01-24 10:37 . 2003-10-01 13:49 131,072 --a------ c:\windows\system32\BMPImporter.dll
2009-01-24 10:37 . 2003-10-17 13:03 126,976 --a------ c:\windows\system32\templman.dll
2009-01-24 10:37 . 2003-11-13 11:13 118,784 --a------ c:\windows\system32\xmupload.dll
2009-01-24 10:37 . 2003-05-19 15:18 86,016 --a------ c:\windows\system32\bincoder.dll
2009-01-24 10:37 . 2003-10-06 13:45 23,552 --a------ c:\windows\system32\xfontman.dll
2009-01-24 09:54 . 2001-07-26 22:04 405,563 --a------ c:\windows\system32\wbocx.ocx
2009-01-24 09:54 . 2000-05-26 09:17 50,688 --a------ c:\windows\system32\wbhelp2.dll
2009-01-24 09:54 . 2000-05-26 09:17 28,672 --a------ c:\windows\system32\wbhelper.exe
2009-01-24 09:54 . 2009-01-24 09:54 1 --a------ c:\windows\system32\mspwtbatchlinkdownloader.max
2009-01-24 09:50 . 2009-01-24 09:50 <DIR> d-------- c:\program files\FileOpen
2009-01-24 09:50 . 2009-01-24 09:50 <DIR> d-------- c:\documents and settings\Jeri Bolin\Application Data\FileOpen
2009-01-24 09:50 . 2009-01-24 09:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\FileOpen
2009-01-24 09:07 . 2009-01-24 09:07 <DIR> d-------- c:\documents and settings\Jeri Bolin\Application Data\InterVideo
2009-01-24 08:59 . 2009-01-24 09:02 <DIR> d-------- c:\documents and settings\Jeri Bolin\Application Data\Free Download Manager
2009-01-24 08:37 . 2009-01-24 08:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-01-24 07:50 . 2009-01-24 07:50 <DIR> d-------- c:\windows\system32\IOSUBSYS
2009-01-22 13:42 . 2009-01-22 13:42 <DIR> d-------- c:\program files\Free Offers from Freeze.com
2009-01-19 23:37 . 2009-01-19 23:37 <DIR> d-------- c:\documents and settings\Jeri Bolin\Application Data\Gogii Games
2009-01-19 23:37 . 2009-01-19 23:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\Gogii Games
2009-01-15 04:25 . 2009-01-15 04:28 <DIR> d-------- c:\documents and settings\Jeri Bolin\Application Data\ICQ
2009-01-15 04:11 . 2009-01-15 04:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo!
2009-01-05 16:33 . 2009-01-05 16:33 3,751,995 --a------ c:\windows\system32\GPhotos.scr
2009-01-04 04:21 . 2009-01-04 04:21 <DIR> d-------- c:\program files\Trymedia

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-28 02:42 --------- d-----w c:\documents and settings\Jeri Bolin\Application Data\Vso
2009-01-27 06:59 --------- d-----w c:\documents and settings\Jeri Bolin\Application Data\uTorrent
2009-01-26 23:52 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-24 13:50 --------- d-----w c:\program files\Google
2009-01-20 05:19 --------- d-----w c:\program files\RealArcade
2009-01-15 10:21 --------- d-----w c:\program files\Yahoo!
2009-01-11 13:35 --------- d-----w c:\documents and settings\All Users\Application Data\pdf995
2008-12-23 15:48 --------- d-----w c:\program files\Bonjour
2008-12-22 23:28 --------- d-----w c:\documents and settings\Jeri Bolin\Application Data\FLV Extract
2008-12-14 22:12 --------- d-----w c:\documents and settings\Jeri Bolin\Application Data\Sierra Entertainment
2008-12-12 08:30 --------- d-----w c:\documents and settings\Jeri Bolin\Application Data\Arcsoft
2008-12-12 08:30 --------- d-----w c:\documents and settings\All Users\Application Data\ArcSoft
2008-12-08 23:47 --------- d-----w c:\documents and settings\Buddy\Application Data\funkitron
2008-12-08 23:28 --------- d-----w c:\documents and settings\Buddy\Application Data\Windows Search
2008-12-07 01:56 --------- d--h--w c:\program files\Zero G Registry
2008-12-07 01:32 --------- d-----w c:\program files\Java
2008-12-06 16:41 --------- d--h--r c:\documents and settings\Buddy\Application Data\yahoo!
2008-12-06 16:08 --------- d-----w c:\documents and settings\Buddy\Application Data\Windows Desktop Search
2008-05-17 11:07 47,360 -c--a-w c:\documents and settings\Jeri Bolin\Application Data\pcouffin.sys
2008-05-07 21:30 774,144 ----a-w c:\program files\RngInterstitial.dll
.

((((((((((((((((((((((((((((( snapshot_2009-02-03_13.00.10.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-04 12:49:32 16,384 ----atw c:\windows\temp\Perflib_Perfdata_7c8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="e:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"EPSON WorkForce 500 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEQA.EXE" [2008-02-21 188928]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-01-31 509784]
"PWRISOVM.EXE"="e:\program files\PowerISO\PWRISOVM.EXE" [2007-08-06 200704]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"AGRSMMSG"="AGRSMMSG.exe" [2004-07-22 c:\windows\AGRSMMSG.exe]

c:\documents and settings\Buddy\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i263_32.drv
"vidc.ffds"= ffdshow.ax
"msacm.ac3filter"= ac3filter.acm
"msacm.g723"= g723.acm
"vidc.I263"= I263_32.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-06-27 18:03 152872 c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 2007-03-01 14:57 153136 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 22:37 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-05-09 22:12 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\Program Files\\iTunes\\iTunes.exe"=
"e:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"e:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\jqs.exe"=
"c:\\WINDOWS\\system32\\searchindexer.exe"=
"e:\\My Documents\\Buddy\\ICQ6.5\\ICQ.exe"=
"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-01-31 64160]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 950096]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5615ea34-cf3a-11dd-87ae-806d6172696f}]
\Shell\AutoRun\command - F:\MTInstall.exe
\Shell\directx\command - f:\redist\directx8a\dxsetup.exe
\Shell\Gamespy\command - f:\redist\GameSpy\ArcadeInstallMTYCOON108c.exe
\Shell\setup\command - F:\MTInstall.exe
.
Contents of the 'Scheduled Tasks' folder

2009-02-04 c:\windows\Tasks\Ad-Aware Update (Daily).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-31 03:03]

2009-01-18 c:\windows\Tasks\User_Feed_Synchronization-{AFB2FC53-83E0-4254-8E46-CC23A0D30B78}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 17:36]
.
- - - - ORPHANS REMOVED - - - -

BHO-{9f4efc44-813e-43c6-bd7e-d0dabe914710} - (no file)
BHO-{abbb680d-5315-42d3-ad2b-66d771fb94ef} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Jeri Bolin\Start Menu\Programs\IMVU\Run IMVU.lnk
Trusted Zone: real.com\account
Trusted Zone: realarcade.com\www
Trusted Zone: torrentzilla.org
DPF: {2ADE19BB-1E79-4EC4-976E-AC74339ADD76} - hxxp://ghimireinc.serveftp.com/ActiveViewGUI.cab
DPF: {3E90FFF5-1347-45B9-91F6-DA47926E9697} - hxxp://www.newhomebasedccr.com/test/PlaNetSysInfo.cab
DPF: {66F7F252-3FE1-4650-B1E5-94B2A38271C5} - hxxp://ghimireinc.serveftp.com/ActiveView.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-04 06:52:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Windows\AutorunsDisabled]
"Appinit_Dlls"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(872)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\searchindexer.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\ati2evxx.exe
.
**************************************************************************
.
Completion time: 2009-02-04 6:56:08 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-04 12:56:04
ComboFix2.txt 2009-02-03 19:01:31
ComboFix3.txt 2009-02-03 06:05:46

Pre-Run: 1,634,926,592 bytes free
Post-Run: 1,643,003,904 bytes free

228




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users