Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    Seedworm Spy Gang Stores Malware on GitHub, Keeps Up with Infosec Advances

Featured Deal: Get 99% off The The 2019 Ethical Hacker Master Class Bundle

Photo

Adware.Virtumonde and Agent.100 Trojan

Started by white russian , Feb 12 2009 09:21 PM

  • This topic is locked This topic is locked
14 replies to this topic

#1 white russian

white russian

  • Members
  • 10 posts
  • OFFLINE
    •  
  • Local time:04:29 AM

Posted 12 February 2009 - 09:21 PM

I have some sort of trojan on my pc - the main effect is that I get unwanted pop ups while browsing, even though I have a pop up blocker. Performance has been impacted as well. I purchased the Kaspersky software and it found quite a few problems and seems to have cleared some, however the trojan problem persists. I downloaded the evaluation copy of Trojan Hunter and ran it - it returned the following message after a scan:

Registry key exists: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} (matches Adware.Virtumonde.193)
Registry key exists: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} (matches Adware.Virtumonde.193)
Registry key exists: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} (matches Adware.Virtumonde.200)
Registry key exists: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} (matches Adware.Virtumonde.200)
Registry key exists: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} (matches Agent.100)
Registry key exists: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} (matches Agent.100)

Trojan Hunter will not clear anything unless I buy their software. I am reluctant to do so because I am uncertain that it will be able to clear it. So then I downloaded HiJackThis, which led me to generating a report, which led me to this forum. I have periodically run ccleaner as well to clear up the registry. I looked at the startup items using the Startup Control Panel aplet and disabled the ones that appeared unnecessary. I did find some that seemed to not belong and could find little information on - these are listed amongst the items on the HKLM / Run tab:

name: 90c1020b, path: rundll32.exe "C:\WINDOWS\system32\zaputesu.dll",b
name: CPM93f23197, path: Rundll32.exe "c:\windows\system32\gizibena.dll",a
name: rohigisama, path: Rundll32.exe "C:\WINDOWS\system32\sivuferi.dll",s

I disabled all three using the Startup Control Panel aplet and restarted. After the restart, I looked at the control panel again and found that the CPM93f23197 and rohigisama entries now have one listed that is unchecked and a new identical line that is checked.

Next I followed the directions for generating the dds log and the text file to attach. Thank you in advance for any assistance you can provide.


The dds log is as follows:


DDS (Ver_09-02-01.01) - NTFSx86
Run by Family at 17:51:49.51 on Thu 02/12/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2559.1917 [GMT -8:00]

AV: Kaspersky Internet Security *On-access scanning enabled* (Updated)
FW: Kaspersky Internet Security *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
E:\ALL PROGRAMS INSTALLED\ADOBE ACROBAT 8\Acrobat\Acrotray.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
E:\ALL PROGRAMS INSTALLED\Zune\ZuneLauncher.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
E:\ALL PROGRAMS INSTALLED\TrojanHunter 5.0\THGuard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\rundll32.exe
E:\ALL PROGRAMS INSTALLED\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
E:\ALL PROGRAMS INSTALLED\firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Documents and Settings\Family\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/?rs=1
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HelperObject Class: {00c6482d-c502-44c8-8409-fce54ad9c208} - e:\all programs installed\snag it 7.0\snagit 7\SnagItBHO.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2009\ievkbd.dll
BHO: {59776df8-5c8f-4bca-e5a4-378d128c1595}: {5951c821-d873-4a5e-acb4-f8c58fd67795} - c:\windows\system32\vctkay.dll
BHO: {609d1be3-f970-428e-9ea1-446b1e2969b1} - c:\windows\system32\yojuyala.dll
BHO: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\4.1.805.4472\swg.dll
BHO: {C568B2DE-6B81-4992-AC24-AD8740FEB0D8} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - e:\all programs installed\adobe acrobat 8\acrobat\AcroIEFavClient.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - e:\all programs installed\snag it 7.0\snagit 7\SnagItIEAddin.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - e:\all programs installed\creative suite 3\/Adobe Contribute CS3/contributeieplugin.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - e:\all programs installed\adobe acrobat 8\acrobat\AcroIEFavClient.dll
EB: Encarta &Researcher: {9455301c-cf6b-11d3-a266-00c04f689c50} - c:\program files\common files\microsoft shared\encarta researcher\EROPROJ.DLL
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - e:\allpro~1\office~1\office12\REFIEBAR.DLL
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [Acrobat Assistant 8.0] "e:\all programs installed\adobe acrobat 8\acrobat\Acrotray.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [Adobe_ID0EYTHM] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Zune Launcher] "e:\all programs installed\zune\ZuneLauncher.exe"
mRun: [zBrowser Launcher] c:\program files\logitech\itouch\iTouch.exe
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe"
mRun: [THGuard] "e:\all programs installed\trojanhunter 5.0\THGuard.exe"
mRun: [CPM93f23197] Rundll32.exe "c:\windows\system32\gizibena.dll",a
mRun: [rohigisama] Rundll32.exe "c:\windows\system32\sivuferi.dll",s
IE: Add to Banner Ad Blocker - c:\program files\kaspersky lab\kaspersky internet security 2009\ie_banner_deny.htm
IE: Append to existing PDF - e:\all programs installed\adobe acrobat 8\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - e:\all programs installed\adobe acrobat 8\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - e:\all programs installed\adobe acrobat 8\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - e:\all programs installed\adobe acrobat 8\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - e:\all programs installed\adobe acrobat 8\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - e:\all programs installed\adobe acrobat 8\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - e:\all programs installed\adobe acrobat 8\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - e:\all programs installed\adobe acrobat 8\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - e:\allpro~1\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky internet security 2009\SCIEPlgn.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - e:\allpro~1\office~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - e:\allpro~1\office~1\office12\REFIEBAR.DLL
IE: {9455301C-CF6B-11D3-A266-00C04F689C50} - {9455301C-CF6B-11D3-A266-00C04F689C50} - c:\program files\common files\microsoft shared\encarta researcher\EROPROJ.DLL
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
Trusted Zone: turbotax.com
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: PackageCab - hxxp://ak.imgag.com/imgag/cp/install/AxCtp2.cab
DPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxp://download.macromedia.com/pub/shockwave/cabs/authorware/awswaxf.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1205470030218
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - e:\all programs installed\office 2007\office12\GrooveSystemServices.dll
Handler: msero - {B0D92A71-886B-453B-A649-1B91F93801E7} - c:\program files\common files\microsoft shared\encarta researcher\MSERO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: klogon - c:\windows\system32\klogon.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
Notify: yayvWpom - yayvWpom.dll
AppInit_DLLs: kvozfx.dll ypvcxv.dll c:\progra~1\kasper~1\kasper~1\mzvkbd.dll c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll c:\progra~1\kasper~1\kasper~1\adialhk.dll c:\progra~1\kasper~1\kasper~1\kloehk.dll c:\windows\system32\wahemoyu.dll c:\windows\system32\gizibena.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\gizibena.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\gizibena.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - e:\all programs installed\office 2007\office12\GrooveShellExtensions.dll
SEH: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - No File
LSA: Authentication Packages = msv1_0 c:\windows\system32\hgGywVME
LSA: Notification Packages = scecli c:\windows\system32\wahemoyu.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\family\applic~1\mozilla\firefox\profiles\q2e42d22.default\
FF - plugin: c:\program files\google\google updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: e:\all programs installed\adobe acrobat 8\acrobat\browser\nppdf32.dll

============= SERVICES / DRIVERS ===============

R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2008-7-21 121872]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-1-29 33808]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2009-1-26 213520]
R2 AVP;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe [2008-7-29 206088]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-3-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-4-30 24592]
S3 USB-100;Linksys EtherFast 10/100 Compact USB Network Adapter;c:\windows\system32\drivers\USB100M.SYS [2008-3-13 27519]

=============== Created Last 30 ================

2009-02-12 16:45 81,920 a------- c:\windows\system32\Startup.cpl
2009-02-12 08:38 1,535,970 ---sh--- c:\windows\system32\usetupaz.ini
2009-02-12 08:38 144,093 a--sh--- c:\windows\system32\ghuykp.dll
2009-02-11 20:38 1,656,090 ---sh--- c:\windows\system32\itovodot.ini
2009-02-11 20:37 143,031 a--sh--- c:\windows\system32\pktcmn.dll
2009-02-11 08:37 143,189 a--sh--- c:\windows\system32\hwmwgl.dll
2009-02-11 08:37 1,656,090 ---sh--- c:\windows\system32\akuyaral.ini
2009-02-10 20:37 1,648,524 ---sh--- c:\windows\system32\abasotiz.ini
2009-02-10 20:37 140,924 a--sh--- c:\windows\system32\ezlkrd.dll
2009-02-10 20:37 2,713 ---sh--- c:\windows\system32\musesiwo.dll
2009-02-10 08:37 142,958 a--sh--- c:\windows\system32\appdqh.dll
2009-02-10 08:37 1,648,524 ---sh--- c:\windows\system32\aresayum.ini
2009-02-09 18:13 2,713 ---sh--- c:\windows\system32\gafilumu.dll
2009-02-09 18:13 1,640,608 ---sh--- c:\windows\system32\ehojobop.ini
2009-02-09 18:12 142,076 a--sh--- c:\windows\system32\vctkay.dll
2009-02-08 09:25 1,640,608 ---sh--- c:\windows\system32\ezadopub.ini
2009-02-08 09:25 2,713 ---sh--- c:\windows\system32\wasefotu.dll
2009-02-08 09:25 140,381 a--sh--- c:\windows\system32\xbtpji.dll
2009-02-07 21:25 1,634,237 ---sh--- c:\windows\system32\ezusohay.ini
2009-02-07 21:25 140,582 a--sh--- c:\windows\system32\mvictz.dll
2009-02-07 09:25 1,634,246 ---sh--- c:\windows\system32\ezehumul.ini
2009-02-07 09:24 141,936 a--sh--- c:\windows\system32\gijfxq.dll
2009-02-06 10:01 1,624,160 ---sh--- c:\windows\system32\iledagoz.ini
2009-02-06 09:19 2,713 ---sh--- c:\windows\system32\neletato.dll
2009-02-06 09:18 141,982 a--sh--- c:\windows\system32\ycgfaa.dll
2009-02-06 01:01 142,639 a--sh--- c:\windows\system32\suzqhz.dll
2009-02-05 13:07 1,622,634 ---sh--- c:\windows\system32\evofewew.ini
2009-02-05 13:01 142,647 a--sh--- c:\windows\system32\ruicoi.dll
2009-02-04 23:19 142,559 a--sh--- c:\windows\system32\bmttes.dll
2009-02-04 23:19 1,660,914 ---sh--- c:\windows\system32\atesokeg.ini
2009-02-04 11:19 142,549 a--sh--- c:\windows\system32\keqdfz.dll
2009-02-04 11:19 1,660,914 ---sh--- c:\windows\system32\otowiyuh.ini
2009-02-03 23:19 133,740 a--sh--- c:\windows\system32\gmnfrn.dll
2009-02-03 11:19 133,880 a--sh--- c:\windows\system32\cyjwhx.dll
2009-02-03 11:19 1,646,354 ---sh--- c:\windows\system32\arudigim.ini
2009-02-02 23:18 133,885 a--sh--- c:\windows\system32\iqgkqa.dll
2009-02-02 23:18 1,624,041 ---sh--- c:\windows\system32\oyenopag.ini
2009-02-02 22:18 1,624,041 ---sh--- c:\windows\system32\apakazoy.ini
2009-02-02 22:18 134,449 a--sh--- c:\windows\system32\knqrrf.dll
2009-02-02 10:18 1,624,041 ---sh--- c:\windows\system32\onisoyov.ini
2009-02-02 10:18 134,487 a--sh--- c:\windows\system32\qnvtyz.dll
2009-02-01 22:18 135,448 a--sh--- c:\windows\system32\cltzic.dll
2009-02-01 22:18 1,463,187 ---sh--- c:\windows\system32\ubezifit.ini
2009-02-01 10:18 1,463,187 ---sh--- c:\windows\system32\imawekiv.ini
2009-02-01 10:18 135,354 a--sh--- c:\windows\system32\gggcaw.dll
2009-02-01 09:17 1,463,187 ---sh--- c:\windows\system32\usayojis.ini
2009-01-31 21:17 1,463,187 ---sh--- c:\windows\system32\uruwotoz.ini
2009-01-31 21:17 2,713 ---sh--- c:\windows\system32\pifotamo.dll
2009-01-31 21:17 135,406 a--sh--- c:\windows\system32\ptwdtg.dll
2009-01-31 16:50 36,352 a------- c:\windows\system32\awttsSkh.dll
2009-01-31 16:50 36,352 a------- c:\windows\system32\efcDVmLb.dll
2009-01-31 09:17 1,463,187 ---sh--- c:\windows\system32\utizamiy.ini
2009-01-31 09:17 0 a------- c:\windows\system32\ukanedep.tmp
2009-01-31 09:17 2,713 ---sh--- c:\windows\system32\zibipudo.dll
2009-01-31 09:17 135,256 a--sh--- c:\windows\system32\wgmilb.dll
2009-01-30 21:17 1,463,196 ---sh--- c:\windows\system32\ukanedep.ini
2009-01-30 21:17 135,281 a--sh--- c:\windows\system32\hvvefy.dll
2009-01-30 09:16 135,246 a--sh--- c:\windows\system32\rehqej.dll
2009-01-30 09:16 1,463,187 ---sh--- c:\windows\system32\umidomav.ini
2009-01-29 20:15 1,463,190 ---sh--- c:\windows\system32\umarobom.ini
2009-01-29 20:15 135,390 a--sh--- c:\windows\system32\xordge.dll
2009-01-29 09:05 133,445 a------- c:\windows\system32\fjekei.dll
2009-01-29 08:14 1,463,190 ---sh--- c:\windows\system32\ipahidud.ini
2009-01-28 20:14 135,413 a--sh--- c:\windows\system32\zndohw.dll
2009-01-28 20:14 1,463,190 ---sh--- c:\windows\system32\ilowoyuw.ini
2009-01-28 20:14 2,713 ---sh--- c:\windows\system32\yegawogo.dll
2009-01-28 08:14 1,463,208 ---sh--- c:\windows\system32\imijuseh.ini
2009-01-28 08:14 133,408 a--sh--- c:\windows\system32\doviqt.dll
2009-01-27 20:14 1,464,327 ---sh--- c:\windows\system32\ejikegag.ini
2009-01-27 20:14 133,317 a--sh--- c:\windows\system32\dpfbvq.dll
2009-01-26 22:27 101,287 a------- c:\windows\system32\drivers\klin.dat
2009-01-26 22:27 89,601 a------- c:\windows\system32\drivers\klick.dat
2009-01-26 22:26 <DIR> --d----- c:\program files\Kaspersky Lab
2009-01-26 22:26 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab
2009-01-26 21:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2009-01-26 19:26 36,352 a------- c:\windows\system32\wvUooPHB.dll
2009-01-26 15:47 1,462,525 ---sh--- c:\windows\system32\ogoruweh.ini
2009-01-26 15:47 142,071 a--sh--- c:\windows\system32\rsaxad.dll
2009-01-26 13:59 140,916 a--sh--- c:\windows\system32\vhezvb.dll
2009-01-26 07:13 36,352 a------- c:\windows\system32\awtUolLF.dll
2009-01-26 07:13 36,352 a------- c:\windows\system32\qoMGWPfg.dll
2009-01-26 01:59 1,384,658 ---sh--- c:\windows\system32\alefuzeg.ini
2009-01-26 01:59 134,436 a--sh--- c:\windows\system32\xoaluz.dll
2009-01-25 13:58 1,646,354 ---sh--- c:\windows\system32\anuvubij.ini
2009-01-25 01:58 134,268 a--sh--- c:\windows\system32\yzavjf.dll
2009-01-25 01:58 1,384,676 ---sh--- c:\windows\system32\amuwuloh.ini
2009-01-24 21:41 36,864 a------- c:\windows\system32\opnlJBuS.dll
2009-01-24 21:41 36,864 a------- c:\windows\system32\urqNFyAS.dll
2009-01-24 13:59 1,384,676 ---sh--- c:\windows\system32\orufujud.ini
2009-01-24 12:12 36,864 a------- c:\windows\system32\efcCrsRh.dll
2009-01-24 12:12 36,864 a------- c:\windows\system32\vtUOEuVO.dll
2009-01-24 01:59 1,384,649 ---sh--- c:\windows\system32\ayisalup.ini
2009-01-23 13:57 134,378 a--sh--- c:\windows\system32\qjeuvg.dll
2009-01-22 18:56 134,339 a--sh--- c:\windows\system32\naobys.dll
2009-01-22 18:56 1,389,511 ---sh--- c:\windows\system32\amupuyad.ini
2009-01-22 06:57 1,389,502 ---sh--- c:\windows\system32\anikabaz.ini
2009-01-21 18:56 86 a------- c:\windows\wininit.ini
2009-01-21 18:56 1,389,502 ---sh--- c:\windows\system32\alobeley.ini
2009-01-21 06:56 1,389,502 ---sh--- c:\windows\system32\oyomutad.ini
2009-01-20 18:55 1,387,077 ---sh--- c:\windows\system32\ojakomig.ini
2009-01-20 06:56 1,366,413 ---sh--- c:\windows\system32\avihimip.ini
2009-01-19 18:56 1,361,851 ---sh--- c:\windows\system32\azeseper.ini
2009-01-19 06:55 1,358,531 ---sh--- c:\windows\system32\ekayutih.ini
2009-01-18 00:53 1,358,169 ---sh--- c:\windows\system32\efetenew.ini
2009-01-17 12:56 1,358,169 ---sh--- c:\windows\system32\ojekipok.ini
2009-01-17 00:56 1,358,147 ---sh--- c:\windows\system32\okuhepih.ini
2009-01-16 12:52 1,358,165 ---sh--- c:\windows\system32\alorudas.ini
2009-01-15 23:52 1,331,400 ---sh--- c:\windows\system32\ovulenod.ini
2009-01-15 11:51 1,331,400 ---sh--- c:\windows\system32\ojipokul.ini
2009-01-14 23:51 1,321,994 ---sh--- c:\windows\system32\iheyugup.ini
2009-01-14 11:51 1,321,994 ---sh--- c:\windows\system32\ayarahej.ini
2009-01-13 23:51 1,302,227 ---sh--- c:\windows\system32\ahubolup.ini
2009-01-13 22:05 1,305,407 a--sh--- c:\windows\system32\asegiwuz.ini

==================== Find3M ====================

2009-02-12 08:38 144,093 a--sh--- c:\windows\system32\zevopawe.dll
2009-02-12 08:38 109,872 a--sh--- c:\windows\system32\gizibena.dll
2009-02-12 08:38 95,418 a--sh--- c:\windows\system32\zaputesu.dll
2009-02-11 20:37 143,031 a--sh--- c:\windows\system32\hepotiza.dll
2009-02-11 20:37 108,705 a--sh--- c:\windows\system32\mefokugi.dll
2009-02-11 20:37 102,510 -------- c:\windows\system32\todovoti.dll
2009-02-11 08:37 143,189 a--sh--- c:\windows\system32\tojihiji.dll
2009-02-11 08:37 108,223 a--sh--- c:\windows\system32\giyesewu.dll
2009-02-11 08:37 102,121 -------- c:\windows\system32\larayuka.dll
2009-02-10 20:37 140,924 a--sh--- c:\windows\system32\juwefisi.dll
2009-02-10 20:37 108,303 a--sh--- c:\windows\system32\nularehi.dll
2009-02-10 20:37 102,122 -------- c:\windows\system32\zitosaba.dll
2009-02-10 08:37 142,958 a--sh--- c:\windows\system32\honumopi.dll
2009-02-10 08:37 108,328 a--sh--- c:\windows\system32\gogoheri.dll
2009-02-10 08:37 102,021 -------- c:\windows\system32\muyasera.dll
2009-02-09 18:12 142,076 a--sh--- c:\windows\system32\vosevodi.dll
2009-02-09 18:12 102,001 -------- c:\windows\system32\pobojohe.dll
2009-02-09 18:12 109,299 a--sh--- c:\windows\system32\hafedeku.dll
2009-02-08 21:25 103,067 a--sh--- c:\windows\system32\hiwiwepu.dll
2009-02-08 09:25 140,381 a--sh--- c:\windows\system32\fiwomuzu.dll
2009-02-08 09:25 108,836 a--sh--- c:\windows\system32\gesiwoha.dll
2009-02-07 21:25 140,582 a--sh--- c:\windows\system32\bizuzuti.dll
2009-02-07 21:25 107,663 a--sh--- c:\windows\system32\neyuvena.dll
2009-02-07 09:24 141,936 a--sh--- c:\windows\system32\beziseno.dll
2009-02-07 09:24 103,098 -------- c:\windows\system32\lumuheze.dll
2009-02-07 09:24 109,246 a--sh--- c:\windows\system32\lodayija.dll
2009-02-06 09:18 141,982 a--sh--- c:\windows\system32\juhiruma.dll
2009-02-06 09:18 108,691 a--sh--- c:\windows\system32\hisakite.dll
2009-02-06 09:18 103,085 -------- c:\windows\system32\zogadeli.dll
2009-02-06 01:01 101,549 a--sh--- c:\windows\system32\rofegivu.dll
2009-02-06 01:01 142,639 a--sh--- c:\windows\system32\legidonu.dll
2009-02-06 01:01 109,805 a--sh--- c:\windows\system32\sumavabu.dll
2009-02-05 13:01 142,647 a--sh--- c:\windows\system32\benituyo.dll
2009-02-05 13:01 109,173 a--sh--- c:\windows\system32\denufudu.dll
2009-02-05 13:01 101,523 a--sh--- c:\windows\system32\wewefove.dll
2009-02-04 23:19 142,559 a--sh--- c:\windows\system32\vulayinu.dll
2009-02-04 23:19 107,757 a--sh--- c:\windows\system32\fosuzopu.dll
2009-02-04 23:19 101,570 a--sh--- c:\windows\system32\gekoseta.dll
2009-02-04 11:19 142,549 a--sh--- c:\windows\system32\hekazemo.dll
2009-02-04 11:19 109,282 a--sh--- c:\windows\system32\vemogefi.dll
2009-02-04 11:19 101,468 -------- c:\windows\system32\huyiwoto.dll
2009-02-04 07:00 33,808 a------- c:\windows\system32\drivers\klbg.sys
2009-02-03 23:19 133,740 a--sh--- c:\windows\system32\sizulase.dll
2009-02-03 23:19 91,855 -------- c:\windows\system32\jibuvuna.dll
2009-02-03 23:19 98,935 a--sh--- c:\windows\system32\dejegima.dll
2009-02-03 11:19 133,880 a--sh--- c:\windows\system32\mililezu.dll
2009-02-03 11:19 99,425 a--sh--- c:\windows\system32\hahomehe.dll
2009-02-03 11:19 93,432 -------- c:\windows\system32\migidura.dll
2009-02-02 23:18 133,885 a--sh--- c:\windows\system32\mitudeju.dll
2009-02-02 23:18 99,609 a--sh--- c:\windows\system32\hesoyebu.dll
2009-02-02 23:18 93,433 -------- c:\windows\system32\gaponeyo.dll
2009-02-02 22:18 91,927 -------- c:\windows\system32\yozakapa.dll
2009-02-02 22:18 64,157 a--sh--- c:\windows\system32\sufafufo.dll
2009-02-02 22:18 134,449 a--sh--- c:\windows\system32\wejerafi.dll
2009-02-02 22:18 98,457 a--sh--- c:\windows\system32\kapidoma.dll
2009-02-02 10:18 93,455 -------- c:\windows\system32\voyosino.dll
2009-02-02 10:18 134,487 a--sh--- c:\windows\system32\sodejaro.dll
2009-02-02 10:18 98,934 a--sh--- c:\windows\system32\ralanagu.dll
2009-02-01 22:18 135,448 a--sh--- c:\windows\system32\nobafuno.dll
2009-02-01 22:18 86,213 -------- c:\windows\system32\tifizebu.dll
2009-02-01 22:18 99,071 a--sh--- c:\windows\system32\rapomapu.dll
2009-02-01 10:18 86,151 -------- c:\windows\system32\vikewami.dll
2009-02-01 10:18 135,354 a--sh--- c:\windows\system32\pizureke.dll
2009-02-01 10:18 100,491 a--sh--- c:\windows\system32\lanimaye.dll
2009-02-01 09:17 64,795 a--sh--- c:\windows\system32\guwakeba.dll
2009-02-01 09:17 100,498 a--sh--- c:\windows\system32\kaleguli.dll
2009-02-01 09:17 86,818 -------- c:\windows\system32\sijoyasu.dll
2009-01-31 21:17 135,406 a--sh--- c:\windows\system32\yijazowi.dll
2009-01-31 21:17 99,103 a--sh--- c:\windows\system32\hezigotu.dll
2009-01-31 21:17 86,831 -------- c:\windows\system32\zotowuru.dll
2009-01-31 09:17 86,829 -------- c:\windows\system32\yimazitu.dll
2009-01-31 09:17 135,256 a--sh--- c:\windows\system32\rezakaju.dll
2009-01-31 09:17 98,936 a--sh--- c:\windows\system32\muwatibi.dll
2009-01-30 21:17 135,281 a--sh--- c:\windows\system32\yoyamama.dll
2009-01-30 21:17 100,649 a--sh--- c:\windows\system32\gizisuyo.dll
2009-01-30 21:17 86,262 -------- c:\windows\system32\pedenaku.dll
2009-01-30 09:16 135,246 a--sh--- c:\windows\system32\lahofipe.dll
2009-01-30 09:16 99,127 a--sh--- c:\windows\system32\vefukufe.dll
2009-01-30 09:16 86,302 -------- c:\windows\system32\vamodimu.dll
2009-01-30 08:16 66,161 a--sh--- c:\windows\system32\pegizoto.dll.tmp
2009-01-29 20:15 135,390 a--sh--- c:\windows\system32\bohomipu.dll
2009-01-29 20:15 98,903 a--sh--- c:\windows\system32\kafehera.dll
2009-01-29 20:15 86,721 -------- c:\windows\system32\moboramu.dll
2009-01-29 09:05 133,445 a------- c:\windows\system32\nakojofa.dll
2009-01-29 08:14 100,668 a--sh--- c:\windows\system32\rufebapu.dll
2009-01-29 08:14 86,315 -------- c:\windows\system32\dudihapi.dll
2009-01-28 20:14 135,413 a--sh--- c:\windows\system32\genajiwe.dll
2009-01-28 20:14 100,506 a--sh--- c:\windows\system32\zumidiba.dll
2009-01-28 20:14 86,180 -------- c:\windows\system32\wuyowoli.dll
2009-01-28 08:14 133,408 a--sh--- c:\windows\system32\yivozizi.dll
2009-01-28 08:14 100,575 a--sh--- c:\windows\system32\segorado.dll
2009-01-28 08:14 86,266 -------- c:\windows\system32\hesujimi.dll
2009-01-27 23:17 100,582 a--sh--- c:\windows\system32\zubotoze.dll
2009-01-27 23:16 99,446 a--sh--- c:\windows\system32\zayitigi.dll
2009-01-27 23:16 66,118 a--sh--- c:\windows\system32\wuyedifu.dll
2009-01-27 23:16 66,118 a--sh--- c:\windows\system32\tuhiwuba.dll.tmp
2009-01-27 23:16 66,118 a--sh--- c:\windows\system32\tofegahe.dll.tmp
2009-01-27 23:16 66,161 a--sh--- c:\windows\system32\seholima.dll.tmp
2009-01-27 23:16 66,161 a--sh--- c:\windows\system32\sagufeho.dll
2009-01-27 23:16:08 A--SH--- 101,532 c:\windows\system32\pupigowu.dll
0000-00-00 00:00 108,032 a--sh--- c:\windows\system32\nujidaku.dll
0000-00-00 00:00 64,157 a--sh--- c:\windows\system32\sivuferi.dll
0000-00-00 00:00 81,920 a--sh--- c:\windows\system32\subalavi.dll
0000-00-00 00:00 64,157 a--sh--- c:\windows\system32\wahemoyu.dll
0000-00-00 00:00 64,157 a--sh--- c:\windows\system32\yojuyala.dll

============= FINISH: 17:53:17.45 ===============

Attached Files


BC AdBot (Login to Remove)

 

#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
    •  
  • Local time:08:29 PM

Posted 13 February 2009 - 07:45 AM

Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.



NEXT


Please download GMER and unzip it to your Desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.


Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GMER result..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive

#3 white russian

white russian
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
    •  
  • Local time:04:29 AM

Posted 13 February 2009 - 08:37 PM

Here is the Malwarebytes' log. It had me restart, then Kaspersky kicked in and said it found a trojan and had me restart again. I am assuming I should run the full scan from Malwarebytes again, but this is the first log it produced. I will post another log after the next scan, then proceed to the next steps in your reply. Thanks again...


Malwarebytes' Anti-Malware 1.34
Database version: 1760
Windows 5.1.2600 Service Pack 2

2/13/2009 5:22:54 PM
mbam-log-2009-02-13 (17-22-54).txt

Scan type: Full Scan (C:\|E:\|F:\|)
Objects scanned: 332136
Time elapsed: 1 hour(s), 3 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 6
Registry Keys Infected: 19
Registry Values Infected: 6
Registry Data Items Infected: 5
Folders Infected: 0
Files Infected: 106

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\lujorosu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\wahemoyu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\yojuyala.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\sivuferi.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\suluyeba.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\juyimebo.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5951c821-d873-4a5e-acb4-f8c58fd67795} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5951c821-d873-4a5e-acb4-f8c58fd67795} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{609d1be3-f970-428e-9ea1-446b1e2969b1} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{609d1be3-f970-428e-9ea1-446b1e2969b1} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{609d1be3-f970-428e-9ea1-446b1e2969b1} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5951c821-d873-4a5e-acb4-f8c58fd67795} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\virusremover2008 (Rogue.VirusRemove) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\90c1020b (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rohigisama (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm93f23197 (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\wahemoyu.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\wahemoyu.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\wahemoyu.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\suluyeba.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\suluyeba.dll -> Delete on reboot.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\vctkay.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dayupuma.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\amupuyad.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dudihapi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ipahidud.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gagekije.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ejikegag.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gaponeyo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oyenopag.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gekoseta.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\atesokeg.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hesujimi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\imijuseh.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hewurogo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ogoruweh.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\holuwuma.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\amuwuloh.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\huyiwoto.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\otowiyuh.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jibuvuna.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\anuvubij.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\larayuka.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\akuyaral.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lujorosu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\usorojul.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lumuheze.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ezehumul.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\migidura.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\arudigim.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\moboramu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\umarobom.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\muyasera.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\aresayum.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pedenaku.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ukanedep.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pobojohe.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ehojobop.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sijoyasu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\usayojis.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tifizebu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ubezifit.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\todovoti.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\itovodot.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vamodimu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\umidomav.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vikewami.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\imawekiv.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\voyosino.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\onisoyov.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wewefove.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\evofewew.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wuyowoli.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ilowoyuw.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yimazitu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\utizamiy.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yozakapa.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\apakazoy.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zaputesu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\usetupaz.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zitosaba.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\abasotiz.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zogadeli.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iledagoz.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zotowuru.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uruwotoz.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sivuferi.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\suluyeba.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\yojuyala.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\wahemoyu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\juyimebo.dll (Trojan.Vundo) -> Delete on reboot.
C:\Documents and Settings\Family\Local Settings\Temp\senekaeea.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Temp\seneka9d72.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hekazemo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hepotiza.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rofegivu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vosevodi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vulayinu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ruicoi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\keqdfz.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pktcmn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sufafufo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\suzqhz.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\benituyo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bmttes.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ygxdii.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\legidonu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fosuzopu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vemogefi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\senekafvrfhdro.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\seneka.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\senekaijtqvqjw.sys (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\qoMGWPfg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opnlJBuS.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hezigotu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nujidaku.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\urqNFyAS.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awttsSkh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awtUolLF.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\efcCrsRh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\efcDVmLb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lahofipe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bizuzuti.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wvUooPHB.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\neletato.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vtUOEuVO.dll (Trojan.vundo) -> Quarantined and deleted successfully.
C:\RECYCLER\ADAPT_Installer.exe (Heuristics.Malware) -> Quarantined and deleted successfully.

#4 white russian

white russian
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
    •  
  • Local time:04:29 AM

Posted 13 February 2009 - 10:17 PM

Malwarebytes 2nd log - complete scan after restart:



Malwarebytes' Anti-Malware 1.34
Database version: 1760
Windows 5.1.2600 Service Pack 2

2/13/2009 7:13:15 PM
mbam-log-2009-02-13 (19-13-15).txt

Scan type: Full Scan (C:\|E:\|F:\|)
Objects scanned: 331438
Time elapsed: 1 hour(s), 35 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


RSIT log.txt



Logfile of random's system information tool 1.05 (written by random/random)
Run by Family at 2009-02-13 19:14:29
Microsoft Windows XP Professional Service Pack 2
System drive C: has 22 GB (55%) free of 40 GB
Total RAM: 2559 MB (73% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:14:38 PM, on 2/13/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
E:\ALL PROGRAMS INSTALLED\ADOBE ACROBAT 8\Acrobat\Acrotray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
E:\ALL PROGRAMS INSTALLED\Zune\ZuneLauncher.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
E:\ALL PROGRAMS INSTALLED\TrojanHunter 5.0\THGuard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
E:\ALL PROGRAMS INSTALLED\firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Family\Desktop\RSIT.exe
E:\ALL PROGRAMS INSTALLED\Trend Micro\HijackThis\Family.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?rs=1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - E:\ALL PROGRAMS INSTALLED\snag it 7.0\SnagIt 7\SnagItBHO.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: (no name) - {C568B2DE-6B81-4992-AC24-AD8740FEB0D8} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\ALL PROGRAMS INSTALLED\ADOBE ACROBAT 8\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - E:\ALL PROGRAMS INSTALLED\snag it 7.0\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - E:\ALL PROGRAMS INSTALLED\CREATIVE SUITE 3\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "E:\ALL PROGRAMS INSTALLED\ADOBE ACROBAT 8\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Zune Launcher] "e:\ALL PROGRAMS INSTALLED\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [THGuard] "E:\ALL PROGRAMS INSTALLED\TrojanHunter 5.0\THGuard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [rohigisama] Rundll32.exe "C:\WINDOWS\system32\sivuferi.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [rohigisama] Rundll32.exe "C:\WINDOWS\system32\sivuferi.dll",s (User 'NETWORK SERVICE')
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Append to existing PDF - res://E:\ALL PROGRAMS INSTALLED\ADOBE ACROBAT 8\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://E:\ALL PROGRAMS INSTALLED\ADOBE ACROBAT 8\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://E:\ALL PROGRAMS INSTALLED\ADOBE ACROBAT 8\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://E:\ALL PROGRAMS INSTALLED\ADOBE ACROBAT 8\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://E:\ALL PROGRAMS INSTALLED\ADOBE ACROBAT 8\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://E:\ALL PROGRAMS INSTALLED\ADOBE ACROBAT 8\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://E:\ALL PROGRAMS INSTALLED\ADOBE ACROBAT 8\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://E:\ALL PROGRAMS INSTALLED\ADOBE ACROBAT 8\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\ALLPRO~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\ALLPRO~1\OFFICE~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\ALLPRO~1\OFFICE~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\ALLPRO~1\OFFICE~1\Office12\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: PackageCab - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1205470030218
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\ALL PROGRAMS INSTALLED\OFFICE 2007\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: kvozfx.dll ypvcxv.dll c:\progra~1\kasper~1\kasper~1\mzvkbd.dll c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll c:\progra~1\kasper~1\kasper~1\adialhk.dll c:\progra~1\kasper~1\kasper~1\kloehk.dll
O20 - Winlogon Notify: yayvWpom - yayvWpom.dll (file missing)
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - E:\ALL PROGRAMS INSTALLED\power translator\LogoMedia TranslateDotNet Server.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - E:\ALL PROGRAMS INSTALLED\NERO 7.5\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)

--
End of file - 12073 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1409082233-839522115-1003.job
C:\WINDOWS\tasks\jsfbfqow.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00C6482D-C502-44C8-8409-FCE54AD9C208}]
HelperObject Class - E:\ALL PROGRAMS INSTALLED\snag it 7.0\SnagIt 7\SnagItBHO.dll [2003-11-21 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-06-22 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll [2008-07-29 62728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-21 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-03-14 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-21 652784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C568B2DE-6B81-4992-AC24-AD8740FEB0D8}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-21 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - E:\ALL PROGRAMS INSTALLED\ADOBE ACROBAT 8\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-03-14 2403392]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - SnagIt - E:\ALL PROGRAMS INSTALLED\snag it 7.0\SnagIt 7\SnagItIEAddin.dll [2003-11-21 143360]
{517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - Contribute Toolbar - E:\ALL PROGRAMS INSTALLED\CREATIVE SUITE 3\/Adobe Contribute CS3/contributeieplugin.dll [2007-03-16 118784]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Acrobat Assistant 8.0"=E:\ALL PROGRAMS INSTALLED\ADOBE ACROBAT 8\Acrobat\Acrotray.exe [2008-01-11 623992]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"SoundMAXPnP"=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2004-10-14 1388544]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2004-09-23 860160]
"Adobe_ID0EYTHM"=C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [2007-03-20 1884160]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2008-02-29 76304]
"Zune Launcher"=e:\ALL PROGRAMS INSTALLED\Zune\ZuneLauncher.exe [2008-09-12 160160]
"zBrowser Launcher"=C:\Program Files\Logitech\iTouch\iTouch.exe [2003-12-01 892928]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2009-02-04 206088]
"THGuard"=E:\ALL PROGRAMS INSTALLED\TrojanHunter 5.0\THGuard.exe [2008-10-24 1056928]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-11-16 139264]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-05-01 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-06-22 185896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="kvozfx.dll ypvcxv.dll c:\progra~1\kasper~1\kasper~1\mzvkbd.dll c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll c:\progra~1\kasper~1\kasper~1\adialhk.dll c:\progra~1\kasper~1\kasper~1\kloehk.dll "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-09-29 122880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2008-07-29 218376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2008-05-02 72208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-04-10 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\yayvWpom]
yayvWpom.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=E:\ALL PROGRAMS INSTALLED\OFFICE 2007\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\hgGywVME

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"AllowLegacyWebView"=
"AllowUnhashedWebView"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"E:\ALL PROGRAMS INSTALLED\OFFICE 2007\Office12\OUTLOOK.EXE"="E:\ALL PROGRAMS INSTALLED\OFFICE 2007\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"E:\ALL PROGRAMS INSTALLED\OFFICE 2007\Office12\GROOVE.EXE"="E:\ALL PROGRAMS INSTALLED\OFFICE 2007\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"E:\ALL PROGRAMS INSTALLED\OFFICE 2007\Office12\ONENOTE.EXE"="E:\ALL PROGRAMS INSTALLED\OFFICE 2007\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"E:\ALL PROGRAMS INSTALLED\AVG\avginet.exe"="E:\ALL PROGRAMS INSTALLED\AVG\avginet.exe:*:Enabled:avginet.exe"
"E:\ALL PROGRAMS INSTALLED\AVG\avgamsvr.exe"="E:\ALL PROGRAMS INSTALLED\AVG\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"E:\ALL PROGRAMS INSTALLED\AVG\avgcc.exe"="E:\ALL PROGRAMS INSTALLED\AVG\avgcc.exe:*:Enabled:avgcc.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe"="C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server"
"E:\ALL PROGRAMS INSTALLED\CREATIVE SUITE 3\Adobe Dreamweaver CS3\Dreamweaver.exe"="E:\ALL PROGRAMS INSTALLED\CREATIVE SUITE 3\Adobe Dreamweaver CS3\Dreamweaver.exe:*:Enabled:Adobe Dreamweaver CS3"
"E:\ALL PROGRAMS INSTALLED\TURBO TAX 2007\TurboTax Premier 2007\32bit\ttax.exe"="E:\ALL PROGRAMS INSTALLED\TURBO TAX 2007\TurboTax Premier 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"E:\ALL PROGRAMS INSTALLED\TURBO TAX 2007\TurboTax Premier 2007\32bit\updatemgr.exe"="E:\ALL PROGRAMS INSTALLED\TURBO TAX 2007\TurboTax Premier 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\WINDOWS\system32\mshta.exe"="C:\WINDOWS\system32\mshta.exe:*:Enabled:Microsoft ® HTML Application host"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\WINDOWS\system32\ZuneBusEnum.exe"="C:\WINDOWS\system32\ZuneBusEnum.exe:*:Enabled:ZuneBusEnum"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:IEXPLORE"
"C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe:*:Enabled:GoogleToolbarNotifier"
"C:\WINDOWS\system32\zofumofe.exe"="C:\WINDOWS\system32\zofumofe.exe:*:Enabled:zofumofe"
"C:\Program Files\Norton PC Checkup\PC_Checkup.exe"="C:\Program Files\Norton PC Checkup\PC_Checkup.exe:*:Enabled:PC_Checkup"
"C:\Program Files\Norton PC Checkup\CHECKUP.exe"="C:\Program Files\Norton PC Checkup\CHECKUP.exe:*:Enabled:CHECKUP"
"C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui"
"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe:*:Enabled:hpcmpmgr"
"C:\WINDOWS\system32\lsass.exe"="C:\WINDOWS\system32\lsass.exe:*:Enabled:lsass"
"C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe"="C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe:*:Enabled:SMAgent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02c5ee8a-f180-11dc-9947-0013d4f0eceb}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL recycled\sys.exe


======File associations======

.js - open - "E:\ALL PROGRAMS INSTALLED\CREATIVE SUITE 3\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"

======List of files/folders created in the last 3 months======

65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\zumidiba.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\zowohuku.dll.tmp
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\zowohuku.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\zevopawe.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\zayitigi.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\yoyamama.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\yidoregu.dll.tmp
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\wuyedifu.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\wutezefi.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\wuleluzu.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\tuhiwuba.dll.tmp
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\tojihiji.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\tofegahe.dll.tmp
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\sumavabu.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\sizulase.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\seholima.dll.tmp
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\segorado.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\sagufeho.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\rufebapu.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\robejozo.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\ralanagu.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\pegizoto.dll.tmp
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\pegizoto.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\nularehi.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\nubawove.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\nobagadu.dll.tmp
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\neyuvena.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\musugita.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\mitudeju.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\mililezu.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\mefokugi.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\lozugava.dll.tmp
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\lodayija.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\lajerode.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\kejowigi.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\kapidoma.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\juwefisi.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\jujukeyo.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\juhiruma.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\jubetufa.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\honumopi.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\hiwiwepu.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\hisakite.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\hesoyebu.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\hahomehe.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\hafedeku.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\guyopate.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\guwakeba.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\gogoheri.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\gizisuyo.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\gizibena.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\giyesewu.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\gesiwoha.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\fuyisajo.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\fiwomuzu.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\fevubitu.dll.tmp
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\dejegima.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\dajiwava.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\beziseno.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\balumoke.dll
2009-02-13 19:14:29 ----D---- C:\rsit
2009-02-13 16:17:03 ----D---- C:\Documents and Settings\Family\Application Data\Malwarebytes
2009-02-13 16:16:55 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-02-13 16:16:55 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-02-12 18:23:04 ----D---- C:\Documents and Settings\Family\Application Data\TrojanHunter
2009-02-12 17:19:11 ----A---- C:\itouch_config_crash_info.txt
2009-02-12 08:38:19 ----ASH---- C:\WINDOWS\system32\ghuykp.dll
2009-02-11 08:37:32 ----ASH---- C:\WINDOWS\system32\hwmwgl.dll
2009-02-10 20:37:17 ----ASH---- C:\WINDOWS\system32\ezlkrd.dll
2009-02-10 20:37:12 ----SH---- C:\WINDOWS\system32\musesiwo.dll
2009-02-10 08:37:09 ----ASH---- C:\WINDOWS\system32\appdqh.dll
2009-02-09 18:13:52 ----SH---- C:\WINDOWS\system32\gafilumu.dll
2009-02-08 09:25:37 ----SH---- C:\WINDOWS\system32\ezadopub.ini
2009-02-08 09:25:32 ----SH---- C:\WINDOWS\system32\wasefotu.dll
2009-02-08 09:25:25 ----ASH---- C:\WINDOWS\system32\xbtpji.dll
2009-02-07 21:25:07 ----SH---- C:\WINDOWS\system32\ezusohay.ini
2009-02-07 21:25:06 ----ASH---- C:\WINDOWS\system32\mvictz.dll
2009-02-07 09:24:57 ----ASH---- C:\WINDOWS\system32\gijfxq.dll
2009-02-06 10:16:38 ----R---- C:\WINDOWS\system32\streamhlp.dll
2009-02-06 09:18:54 ----ASH---- C:\WINDOWS\system32\ycgfaa.dll
2009-02-03 23:19:34 ----ASH---- C:\WINDOWS\system32\gmnfrn.dll
2009-02-03 11:19:07 ----ASH---- C:\WINDOWS\system32\cyjwhx.dll
2009-02-02 23:18:57 ----ASH---- C:\WINDOWS\system32\iqgkqa.dll
2009-01-31 21:17:40 ----SH---- C:\WINDOWS\system32\pifotamo.dll
2009-01-31 09:17:38 ----A---- C:\WINDOWS\system32\ukanedep.tmp
2009-01-31 09:17:27 ----SH---- C:\WINDOWS\system32\zibipudo.dll
2009-01-28 20:14:43 ----SH---- C:\WINDOWS\system32\yegawogo.dll
2009-01-27 21:05:51 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2009-01-26 22:26:28 ----D---- C:\Program Files\Kaspersky Lab
2009-01-26 22:26:28 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2009-01-26 21:25:35 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-01-26 15:47:02 ----ASH---- C:\WINDOWS\system32\rsaxad.dll
2009-01-26 13:59:25 ----ASH---- C:\WINDOWS\system32\vhezvb.dll
2009-01-26 01:59:06 ----SH---- C:\WINDOWS\system32\alefuzeg.ini
2009-01-26 01:59:04 ----ASH---- C:\WINDOWS\system32\xoaluz.dll
2009-01-25 01:58:20 ----ASH---- C:\WINDOWS\system32\yzavjf.dll
2009-01-24 13:59:23 ----SH---- C:\WINDOWS\system32\orufujud.ini
2009-01-24 01:59:12 ----SH---- C:\WINDOWS\system32\ayisalup.ini
2009-01-23 13:57:48 ----ASH---- C:\WINDOWS\system32\qjeuvg.dll
2009-01-22 18:56:24 ----ASH---- C:\WINDOWS\system32\naobys.dll
2009-01-22 06:57:29 ----SH---- C:\WINDOWS\system32\anikabaz.ini
2009-01-21 18:56:12 ----SH---- C:\WINDOWS\system32\alobeley.ini
2009-01-21 18:56:12 ----A---- C:\WINDOWS\wininit.ini
2009-01-21 06:56:57 ----SH---- C:\WINDOWS\system32\oyomutad.ini
2009-01-20 18:55:47 ----SH---- C:\WINDOWS\system32\ojakomig.ini
2009-01-20 06:56:17 ----SH---- C:\WINDOWS\system32\avihimip.ini
2009-01-19 18:56:00 ----SH---- C:\WINDOWS\system32\azeseper.ini
2009-01-19 06:55:50 ----SH---- C:\WINDOWS\system32\ekayutih.ini
2009-01-18 00:53:42 ----SH---- C:\WINDOWS\system32\efetenew.ini
2009-01-17 12:56:30 ----SH---- C:\WINDOWS\system32\ojekipok.ini
2009-01-17 00:56:12 ----SH---- C:\WINDOWS\system32\okuhepih.ini
2009-01-16 12:52:45 ----SH---- C:\WINDOWS\system32\alorudas.ini
2009-01-15 23:52:09 ----SH---- C:\WINDOWS\system32\ovulenod.ini
2009-01-15 11:51:58 ----SH---- C:\WINDOWS\system32\ojipokul.ini
2009-01-14 23:51:40 ----SH---- C:\WINDOWS\system32\iheyugup.ini
2009-01-14 11:51:31 ----SH---- C:\WINDOWS\system32\ayarahej.ini
2009-01-13 23:51:33 ----SH---- C:\WINDOWS\system32\ahubolup.ini
2009-01-13 22:05:47 ----ASH---- C:\WINDOWS\system32\asegiwuz.ini
2009-01-13 10:05:35 ----SH---- C:\WINDOWS\system32\egudegan.ini
2009-01-12 22:05:28 ----SH---- C:\WINDOWS\system32\amonizem.ini
2009-01-10 19:12:24 ----SH---- C:\WINDOWS\system32\ripvtiwv.ini
2009-01-10 19:11:52 ----A---- C:\WINDOWS\system32\9be2c675-.txt
2009-01-10 19:11:18 ----ASH---- C:\WINDOWS\system32\EMVwyGgh.ini2
2009-01-10 19:11:17 ----ASH---- C:\WINDOWS\system32\EMVwyGgh.ini
2009-01-07 20:29:09 ----D---- C:\WINDOWS\system32\CatRoot_bak
2009-01-07 20:27:45 ----D---- C:\WINDOWS\pss
2009-01-07 19:58:57 ----D---- C:\WINDOWS\Prefetch
2009-01-07 19:57:11 ----DC---- C:\WINDOWS\$NtUninstallKB958644$(2)
2009-01-07 19:57:04 ----DC---- C:\WINDOWS\$NtUninstallKB957097$(2)
2009-01-07 19:56:57 ----DC---- C:\WINDOWS\$NtUninstallKB957095$(2)
2009-01-07 19:56:48 ----DC---- C:\WINDOWS\$NtUninstallKB956841$(2)
2009-01-07 19:56:41 ----DC---- C:\WINDOWS\$NtUninstallKB956803$(2)
2009-01-07 19:56:34 ----DC---- C:\WINDOWS\$NtUninstallKB956802$(2)
2009-01-07 19:56:23 ----DC---- C:\WINDOWS\$NtUninstallKB955069$(2)
2009-01-07 19:56:17 ----DC---- C:\WINDOWS\$NtUninstallKB954600$(2)
2009-01-07 19:56:09 ----DC---- C:\WINDOWS\$NtUninstallKB954211$(2)
2009-01-07 19:56:01 ----DC---- C:\WINDOWS\$NtUninstallKB952954$(2)
2009-01-07 19:55:54 ----DC---- C:\WINDOWS\$NtUninstallKB952287$(2)
2009-01-07 19:55:48 ----DC---- C:\WINDOWS\$NtUninstallKB951748$(2)
2009-01-07 19:55:41 ----DC---- C:\WINDOWS\$NtUninstallKB951698$(2)
2009-01-07 19:55:34 ----DC---- C:\WINDOWS\$NtUninstallKB951376-v2$(2)
2009-01-07 19:55:28 ----DC---- C:\WINDOWS\$NtUninstallKB951376$(2)
2009-01-07 19:55:19 ----DC---- C:\WINDOWS\$NtUninstallKB951066$(2)
2009-01-07 19:55:12 ----DC---- C:\WINDOWS\$NtUninstallKB950974$(2)
2009-01-07 19:55:05 ----DC---- C:\WINDOWS\$NtUninstallKB950762$(2)
2009-01-07 19:54:57 ----DC---- C:\WINDOWS\$NtUninstallKB946648$(2)
2009-01-07 19:54:51 ----DC---- C:\WINDOWS\$NtUninstallKB938464$(2)
2009-01-07 19:54:44 ----DC---- C:\WINDOWS\$NtUninstallKB932716-v2$(2)
2009-01-07 19:51:47 ----D---- C:\WINDOWS\system32\scripting
2009-01-07 19:51:47 ----D---- C:\WINDOWS\l2schemas
2009-01-02 19:48:13 ----HD---- C:\Program Files\Zero G Registry
2009-01-02 19:24:52 ----D---- C:\Program Files\DK Interactive Learning
2008-12-25 14:41:17 ----D---- C:\Documents and Settings\Family\Application Data\Microsoft Games
2008-12-25 14:37:52 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Games
2008-12-25 14:37:50 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2008-12-25 14:23:10 ----D---- C:\Program Files\Microsoft Games
2008-12-25 09:51:26 ----D---- C:\Documents and Settings\All Users\Application Data\MumboJumbo
2008-12-25 09:51:10 ----D---- C:\Program Files\MumboJumbo
2008-12-24 09:34:37 ----A---- C:\WINDOWS\system32\WINGDE.DLL
2008-12-24 09:34:36 ----A---- C:\WINDOWS\system32\WING.DLL
2008-12-24 09:34:33 ----D---- C:\Tlcwin
2008-12-24 09:34:33 ----A---- C:\WINDOWS\TLCAPPS.INI
2008-12-21 20:13:27 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-21 20:13:27 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-21 20:13:27 ----A---- C:\WINDOWS\system32\java.exe
2008-12-21 20:13:27 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-21 15:49:16 ----D---- C:\Documents and Settings\Family\Application Data\Apple Computer
2008-12-21 15:47:28 ----D---- C:\Program Files\Apple Software Update
2008-12-21 15:47:28 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2008-12-21 09:35:16 ----R---- C:\RAYMAN.BAT
2008-12-21 09:35:16 ----D---- C:\RAYMAN
2008-12-21 09:24:27 ----A---- C:\WINDOWS\system32\WING32.DLL
2008-12-15 09:48:27 ----D---- C:\Program Files\Overland
2008-12-10 03:03:18 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-10 03:03:12 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-10 03:01:33 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-10 03:01:25 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-07 09:49:09 ----AT---- C:\WINDOWS\system32\SIntfNT.dll
2008-12-07 09:49:09 ----AT---- C:\WINDOWS\system32\SIntf32.dll
2008-12-07 09:49:09 ----AT---- C:\WINDOWS\system32\SIntf16.dll
2008-12-07 09:48:18 ----D---- C:\Documents and Settings\All Users\Application Data\QuickTime
2008-12-07 07:37:40 ----D---- C:\Program Files\directx
2008-11-21 10:50:06 ----D---- C:\WINDOWS\DINC0000
2008-11-21 10:49:43 ----D---- C:\Program Files\Disney Interactive

======List of files/folders modified in the last 3 months======

2009-02-13 19:13:05 ----D---- C:\WINDOWS\Temp
2009-02-13 18:36:17 ----D---- C:\WINDOWS\system32
2009-02-13 17:45:29 ----D---- C:\WINDOWS
2009-02-13 17:30:27 ----D---- C:\WINDOWS\system32\CatRoot2
2009-02-13 17:30:19 ----A---- C:\WINDOWS\iTouch.ini
2009-02-13 17:28:57 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-13 17:24:36 ----D---- C:\WINDOWS\system32\drivers
2009-02-13 17:24:02 ----RD---- C:\Program Files
2009-02-13 17:22:54 ----SHD---- C:\RECYCLER
2009-02-13 16:03:14 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-02-13 16:01:05 ----A---- C:\WINDOWS\NeroDigital.ini
2009-02-12 16:45:04 ----HD---- C:\WINDOWS\inf
2009-02-12 15:59:20 ----D---- C:\Documents and Settings\Family\Application Data\Adobe
2009-02-05 23:16:59 ----SD---- C:\WINDOWS\Tasks
2009-02-03 15:12:40 ----SHD---- C:\WINDOWS\Installer
2009-01-29 00:06:09 ----D---- C:\Documents and Settings\Family\Application Data\LimeWire
2009-01-27 21:44:15 ----D---- C:\Program Files\Java
2009-01-27 21:41:57 ----D---- C:\Program Files\InterActual
2009-01-27 21:08:25 ----D---- C:\WINDOWS\system32\CatRoot
2009-01-27 21:06:15 ----D---- C:\Program Files\QuickTime
2009-01-27 21:05:27 ----D---- C:\Program Files\Common Files
2009-01-26 21:02:39 ----D---- C:\Program Files\ASUS
2009-01-26 21:00:49 ----D---- C:\Program Files\VSO
2009-01-26 21:00:30 ----D---- C:\Documents and Settings\Family\Application Data\Vso
2009-01-26 21:00:29 ----A---- C:\Documents and Settings\Family\Application Data\inst.exe
2009-01-26 20:28:05 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-01-26 04:22:28 ----HD---- C:\$AVG8.VAULT$
2009-01-25 19:25:35 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-01-24 07:55:10 ----A---- C:\WINDOWS\win.ini
2009-01-15 17:32:25 ----SHD---- C:\System Volume Information
2009-01-15 17:32:25 ----D---- C:\WINDOWS\system32\Restore
2009-01-09 17:20:17 ----D---- C:\Documents and Settings\Family\Application Data\Winamp
2009-01-08 01:53:47 ----D---- C:\FORGEXP
2009-01-08 01:53:47 ----A---- C:\WINDOWS\FORGEXP.INI
2009-01-07 20:48:01 ----D---- C:\WINDOWS\Minidump
2009-01-07 20:48:01 ----D---- C:\WINDOWS\Debug
2009-01-07 20:35:26 ----D---- C:\WINDOWS\WinSxS
2009-01-07 20:35:26 ----D---- C:\WINDOWS\system32\wbem
2009-01-07 20:35:24 ----RSD---- C:\WINDOWS\Fonts
2009-01-07 20:35:24 ----D---- C:\WINDOWS\AppPatch
2009-01-07 20:34:41 ----D---- C:\WINDOWS\system32\config
2009-01-07 20:34:14 ----D---- C:\WINDOWS\Registration
2009-01-07 20:33:24 ----D---- C:\WINDOWS\EHome
2009-01-07 20:33:22 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-01-07 20:32:06 ----D---- C:\WINDOWS\system32\usmt
2009-01-07 20:32:06 ----D---- C:\WINDOWS\system
2009-01-07 20:32:05 ----D---- C:\WINDOWS\system32\oobe
2009-01-07 20:32:04 ----D---- C:\WINDOWS\system32\Setup
2009-01-07 20:31:57 ----D---- C:\Program Files\Common Files\System
2009-01-07 20:31:56 ----D---- C:\WINDOWS\Help
2009-01-07 20:31:56 ----D---- C:\Program Files\Outlook Express
2009-01-07 20:31:55 ----D---- C:\WINDOWS\system32\Com
2009-01-07 20:31:55 ----D---- C:\Program Files\Windows NT
2009-01-07 20:31:55 ----D---- C:\Program Files\Windows Media Player
2009-01-07 20:31:54 ----D---- C:\Program Files\NetMeeting
2009-01-07 20:31:53 ----D---- C:\WINDOWS\srchasst
2009-01-07 20:31:53 ----D---- C:\WINDOWS\ime
2009-01-07 20:31:52 ----D---- C:\WINDOWS\msagent
2009-01-07 20:31:51 ----D---- C:\WINDOWS\system32\npp
2009-01-07 20:31:51 ----D---- C:\WINDOWS\mui
2009-01-07 20:31:50 ----D---- C:\Program Files\Movie Maker
2009-01-07 20:29:37 ----D---- C:\WINDOWS\system32\bits
2009-01-07 20:29:37 ----D---- C:\WINDOWS\peernet
2009-01-07 20:29:27 ----D---- C:\WINDOWS\system32\inetsrv
2009-01-07 20:29:27 ----D---- C:\WINDOWS\network diagnostic
2009-01-07 20:29:17 ----D---- C:\Program Files\Messenger
2009-01-07 19:57:51 ----D---- C:\WINDOWS\security
2009-01-07 19:51:48 ----D---- C:\WINDOWS\system32\en-US
2009-01-07 19:45:54 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-01-02 19:34:22 ----A---- C:\WINDOWS\SYSTEM.INI
2008-12-29 23:43:56 ----D---- C:\Documents and Settings\Family\Application Data\Ahead
2008-12-25 14:38:20 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-25 14:37:56 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-25 14:37:52 ----D---- C:\WINDOWS\system32\DirectX
2008-12-22 07:52:49 ----A---- C:\WINDOWS\entpack.ini
2008-12-21 19:43:10 ----D---- C:\Program Files\Common Files\Research In Motion
2008-12-21 19:38:00 ----D---- C:\Program Files\Common Files\Sonic Shared
2008-12-21 19:37:57 ----D---- C:\Program Files\Common Files\Roxio Shared
2008-12-21 19:37:57 ----D---- C:\Documents and Settings\All Users\Application Data\Roxio
2008-12-18 03:00:20 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-17 20:32:07 ----A---- C:\WINDOWS\system32\DEBUG_LOG.txt
2008-12-12 22:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-10 03:04:28 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-12-10 03:02:59 ----D---- C:\Program Files\Internet Explorer
2008-12-07 12:57:30 ----D---- C:\Program Files\eGames
2008-12-07 12:55:36 ----D---- C:\Program Files\Hasbro Interactive
2008-12-07 09:48:35 ----A---- C:\WINDOWS\disney.ini
2008-12-01 09:03:23 ----D---- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-11-15 18:39:58 ----A---- C:\WINDOWS\smsafari.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2006-10-19 12664]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-03 36096]
R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2009-02-04 213520]
R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2004-05-05 4228]
R2 zumbus;Zune Bus Enumerator Driver; C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-09-12 40832]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2005-03-04 127872]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-03 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-09-29 2456064]
R3 E1000;Intel® PRO/1000 Network Connection Driver; C:\WINDOWS\System32\DRIVERS\e1000325.sys [2004-11-22 176128]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\system32\drivers\gearaspiwdm.sys [2006-09-19 15664]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-08-11 51056]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-08-11 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-08-11 21488]
R3 itchfltr;iTouch Keyboard Filter; C:\WINDOWS\system32\DRIVERS\itchfltr.sys [2003-11-08 12953]
R3 KLFLTDEV;Kaspersky Lab KLFltDev; C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592]
R3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2008-02-29 63120]
R3 LMouKE;SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2008-02-29 79120]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-03 61824]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2002-08-29 5888]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2005-03-01 392704]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-08-03 221376]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2004-08-03 17024]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
S1 seneka;seneka; C:\WINDOWS\system32\drivers\senekaijtqvqjw.sys []
S3 Bridge;MAC Bridge; C:\WINDOWS\System32\DRIVERS\bridge.sys [2004-08-03 71552]
S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\System32\DRIVERS\bridge.sys [2004-08-03 71552]
S3 COMMONFX.DLL;COMMONFX.DLL; C:\WINDOWS\system32\COMMONFX.DLL [2007-04-18 98600]
S3 CT20XUT.DLL;CT20XUT.DLL; C:\WINDOWS\system32\CT20XUT.DLL [2007-04-12 164608]
S3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\system32\drivers\ctac32k.sys [2007-04-10 511272]
S3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2007-04-10 520488]
S3 CTAUDFX.DLL;CTAUDFX.DLL; C:\WINDOWS\system32\CTAUDFX.DLL [2007-04-12 546048]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\system32\drivers\ctdvda2k.sys [2007-04-10 347128]
S3 CTEAPSFX.DLL;CTEAPSFX.DLL; C:\WINDOWS\system32\CTEAPSFX.DLL [2007-04-12 168192]
S3 CTEDSPFX.DLL;CTEDSPFX.DLL; C:\WINDOWS\system32\CTEDSPFX.DLL [2007-04-12 280320]
S3 CTEDSPIO.DLL;CTEDSPIO.DLL; C:\WINDOWS\system32\CTEDSPIO.DLL [2007-04-12 128768]
S3 CTEDSPSY.DLL;CTEDSPSY.DLL; C:\WINDOWS\system32\CTEDSPSY.DLL [2007-04-12 323328]
S3 CTERFXFX.DLL;CTERFXFX.DLL; C:\WINDOWS\system32\CTERFXFX.DLL [2007-04-12 94976]
S3 CTEXFIFX.DLL;CTEXFIFX.DLL; C:\WINDOWS\system32\CTEXFIFX.DLL [2007-04-12 1317632]
S3 CTHWIUT.DLL;CTHWIUT.DLL; C:\WINDOWS\system32\CTHWIUT.DLL [2007-04-12 66816]
S3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\system32\drivers\ctprxy2k.sys [2007-04-10 14632]
S3 CTSBLFX.DLL;CTSBLFX.DLL; C:\WINDOWS\system32\CTSBLFX.DLL [2007-04-12 560384]
S3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\drivers\ctsfm2k.sys [2007-04-10 157480]
S3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\system32\drivers\emupia2k.sys [2007-04-10 92968]
S3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2007-04-10 797992]
S3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\system32\drivers\hap16v2k.sys [2007-04-10 163112]
S3 hap17v2k;Creative P17V HAL Driver; C:\WINDOWS\system32\drivers\hap17v2k.sys [2007-04-10 189736]
S3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2008-02-29 20240]
S3 MidiSyn;MidiSyn; C:\WINDOWS\system32\drivers\MidiSyn.sys [2004-09-14 88960]
S3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2007-04-10 126760]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-05-17 47360]
S3 RimUsb;BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys [2007-05-31 22656]
S3 TIEHDUSB;TIEHDUSB; C:\WINDOWS\system32\drivers\tiehdusb.sys [2004-02-04 49536]
S3 USB-100;Linksys EtherFast 10/100 Compact USB Network Adapter; C:\WINDOWS\System32\DRIVERS\USB100M.SYS [2005-03-02 27519]
S3 WinUSB;WinUSB; C:\WINDOWS\system32\DRIVERS\WinUSB.sys [2006-11-02 39368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;System Restore Filter Driver; C:\WINDOWS\System32\DRIVERS\sr.sys [2004-08-03 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-09-29 483328]
R2 AVP;Kaspersky Internet Security; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2009-02-04 206088]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-21 168432]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-21 152984]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-02-26 73728]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 ZuneBusEnum;Zune Bus Enumerator; C:\WINDOWS\system32\ZuneBusEnum.exe [2008-09-12 61856]
R2 ZuneNetworkSvc;Zune Network Sharing Service; e:\ALL PROGRAMS INSTALLED\Zune\ZuneNss.exe [2008-09-12 5119392]
R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-03-14 654848]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe []
S3 Adobe Version Cue CS3;Adobe Version Cue CS3; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [2007-03-20 153792]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2008-05-02 121360]
S3 LEC TranslateDotNet Server;LEC TranslateDotNet Server; E:\ALL PROGRAMS INSTALLED\power translator\LogoMedia TranslateDotNet Server.exe [2004-04-30 724992]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; E:\ALL PROGRAMS INSTALLED\OFFICE 2007\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 NBService;NBService; E:\ALL PROGRAMS INSTALLED\NERO 7.5\Nero 7\Nero BackItUp\NBService.exe [2006-11-10 774144]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-08-11 65795]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe []
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service; C:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-09-12 245664]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

#5 white russian

white russian
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
    •  
  • Local time:04:29 AM

Posted 13 February 2009 - 10:18 PM

RSIT info.txt



info.txt logfile of random's system information tool 1.05 2009-02-13 19:14:43

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->E:\ALL PROGRAMS INSTALLED\NERO 7.5\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
3D Dinoworld-->C:\WINDOWS\UNINST.EXE -r"DK Interactive Learning\3D Dinoworld\2.0" -n"3D Dinoworld" -fC:\PROGRA~1\DKINTE~1\3DDINO~1\DeIsL2.isu -cC:\PROGRA~1\DKINTE~1\3DDINO~1\uninst.dll -oNT
Add or Remove Adobe Creative Suite 3 Master Collection-->C:\Program Files\Common Files\Adobe\Installers\4dcfd9b7e901b57f81f667144603236\Setup.exe
Adobe Acrobat 8.1.3 Professional-->msiexec /I {AC76BA86-1033-F400-7760-000000000003}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe After Effects CS3 Presets-->MsiExec.exe /I{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}
Adobe After Effects CS3-->MsiExec.exe /I{EB0202F7-016A-410C-ADE4-40F848CCC661}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe BridgeTalk Plugin CS3-->MsiExec.exe /I{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Contribute CS3-->MsiExec.exe /I{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}
Adobe Creative Suite 3 Master Collection-->MsiExec.exe /I{8718DC03-D066-4957-94E5-50C3C5042E8E}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Dreamweaver CS3-->MsiExec.exe /I{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}
Adobe Encore CS3 Codecs-->C:\Program Files\Common Files\Adobe\Installers\964bfb680412b96a6c9f203bc15c9fe\Setup.exe
Adobe Encore CS3 Codecs-->MsiExec.exe /I{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}
Adobe Encore CS3-->MsiExec.exe /I{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}
Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Extension Manager CS3-->MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Fireworks CS3-->MsiExec.exe /I{7DFC1012-D346-46CE-B03E-FF79125AE029}
Adobe Flash CS3-->MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}
Adobe Flash Player ActiveX-->C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Video Encoder-->MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{7ACFB90E-8FD0-4397-AD3A-5195412623A3}
Adobe Illustrator CS3-->MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}
Adobe InDesign CS3 Icon Handler-->MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}
Adobe InDesign CS3-->MsiExec.exe /I{CB3F8375-B600-4B9F-83C9-238ED1E583FD}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe MotionPicture Color Files-->MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Premiere Pro CS3 Functional Content-->MsiExec.exe /I{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}
Adobe Premiere Pro CS3 Third Party Content-->C:\Program Files\Common Files\Adobe\Installers\71c180716438072ebd356ce2549df41\Setup.exe
Adobe Premiere Pro CS3 Third Party Content-->MsiExec.exe /I{485ACF57-F364-440A-8496-E1E81C8FA1AA}
Adobe Premiere Pro CS3-->MsiExec.exe /I{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}
Adobe Setup-->MsiExec.exe /I{2C65AEAA-EDF4-42E0-AA43-D74A5362CA02}
Adobe Setup-->MsiExec.exe /I{4458C442-7376-4CF9-AF58-E8CEA6722363}
Adobe Setup-->MsiExec.exe /I{684A391E-6F9C-42A9-8EEB-1CB19A2EE94B}
Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe SING CS3-->MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2}
Adobe Soundbooth CS3-->MsiExec.exe /I{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe Version Cue CS3 Server {ko_KR} -->MsiExec.exe /I{1D58229F-C505-45CA-8223-F35F3A34B963}
Adobe Video Profiles-->MsiExec.exe /I{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}
Adobe WAS CS3-->MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP DVA Panels CS3-->MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}
Adobe XMP Panels CS3-->MsiExec.exe /I{D5A31AB1-345D-47C7-A87B-036A669F6DF1}
AHV content for Acrobat and Flash-->MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
AnswerWorks 4.0 Runtime - English-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9 -removeonly
AnswerWorks 5.0 English Runtime-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}\setup.exe" -l0x9 -uninst -removeonly
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
BlackBerry Desktop Software 4.6-->MsiExec.exe /I{39822393-2324-4705-9010-1AB76DA144A2}
BlackBerry Desktop Software 4.6-->MsiExec.exe /i{39822393-2324-4705-9010-1AB76DA144A2}
BlackBerry Device Software v4.5.0 for the BlackBerry 8320 smartphone-->MsiExec.exe /X{E896DA69-F993-440E-8515-EB197EFB284F}
CCleaner (remove only)-->"E:\ALL PROGRAMS INSTALLED\ccleaner\uninst.exe"
CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
Centipede-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hasbro Interactive\Centipede\CentUnin.isu"
Crazy Drake Special Edition-->C:\PROGRA~1\eGames\CRAZYD~1\UNWISE.EXE C:\PROGRA~1\eGames\CRAZYD~1\INSTALL.LOG
Dig'nRigs-->C:\WINDOWS\IsUninst.exe -f"e:\all programs installed\Hasbro Interactive\Dig'nRigs\Uninst.isu"
Discover Painting for Kids Special Edition-->C:\PROGRA~1\eGames\DISCOV~1\UNWISE.EXE C:\PROGRA~1\eGames\DISCOV~1\INSTALL.LOG
Disney-Pixars Print Studio, Toy Story 2-->C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\DISNEY~2\DISNEY~1\DeIsL1.isu
DivX-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DVD Shrink 3.2-->"E:\ALL PROGRAMS INSTALLED\DVD Shrink v3.2.0.15\DVD Shrink\unins000.exe"
Frogger2-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hasbro Interactive\Frogger2\Uninst.isu"
Galaxy of Games Red Collection-->E:\ALLPRO~1\GALAXY~2\UNWISE.EXE E:\ALLPRO~1\GALAXY~2\INSTALL.LOG
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Graboid Video 1.2-->E:\ALL PROGRAMS INSTALLED\Graboid\uninst.exe
HijackThis 2.0.2-->"E:\ALL PROGRAMS INSTALLED\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.0 (KB932471)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {ECD292A0-0347-4244-8C24-5DBCE990FB40} /package {BAF78226-3200-4DB4-BE33-4D922A799840}
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB896344)-->"C:\WINDOWS\$NtUninstallKB896344$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB932716-v2)-->"C:\WINDOWS\$NtUninstallKB932716-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Photo & Imaging 3.1-->E:\ALL PROGRAMS INSTALLED\hp psc 2410 printer\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 3.0-->"E:\ALL PROGRAMS INSTALLED\hp psc 2410 printer\Digital Imaging\{F38FA38A-7E5A-4209-88ED-4DE21CD20EEF}\setup\hpzscr01.exe" -datfile hposcr03.dat
HP Software Update-->MsiExec.exe /X{CC0A24CB-87C9-4F1C-A1F2-F87D8D4DDCAF}
HP Unload DLL Patch-->MsiExec.exe /X{595D0DE8-C38A-4432-B851-47DECC1A99BD}
Indeo® Software-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Ligos\Indeo\Uninst.isu" -c"C:\Program Files\Ligos\Indeo\Indeo System Files\indounin.dll"
Intel® PRO Network Connections Drivers-->Prounstl.exe
J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Kaspersky Internet Security 2009-->MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}
Kaspersky Internet Security 2009-->MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}
KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
Language Engineering Power Translator-->MsiExec.exe /I{66EDF2E5-6C37-4939-A837-FBF2C52F91CD}
LEGO Racers-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\LEGO Media\Games\LEGO Racers\Uninst.isu"
LifeGlobe Sharks, Terrors of the Deep-->"E:\ALL PROGRAMS INSTALLED\3D Sharks Aquarium Screensaver\Sharks\unins000.exe"
LightScribe System Software 1.12.33.2-->MsiExec.exe /X{582287DA-0806-4AC0-BF19-C15E3A466034}
LimeWire 4.18.8-->"E:\ALL PROGRAMS INSTALLED\lime wire\LimeWire\uninstall.exe"
Liquid Desktop 3D Screensaver Free-->E:\ALL PROGRAMS INSTALLED\liquid desktop\uninst.exe
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\setup.exe" -l0x9 UNINSTALL
Logitech iTouch Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{036AA4D4-6D32-11D4-9875-00105ACE7734}\setup.exe" -l0x9 UNINSTALL
Logitech SetPoint-->C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x0009 -removeonly
Magic 3D Coloring Book Cool Critters-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM and Crayola\Cool Critters\Uninst.isu"
Mahjongg XP Championship 2-->"C:\Program Files\Selectsoft\Mahjongg XP Championship 2\uninstall.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Mavis Beacon Teaches Typing Deluxe 16-->C:\WINDOWS\TLCUninstall.exe -f "e:\all programs installed\mavis typing 16\Mavis Beacon Teaches Typing Deluxe 16\Uninstall.xml"
MediaMonkey 3.0-->"E:\ALL PROGRAMS INSTALLED\MediaMonkey\MediaMonkey\unins000.exe"
Memento v1.09-->"E:\ALL PROGRAMS INSTALLED\memento notes\Memento\unins000.exe"
Memories Disc Creator 2.0-->MsiExec.exe /X{2E132061-C78A-48D4-A899-1D13B9D189FA}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Encarta Reference Library 2005-->MsiExec.exe /I{05410141-64A6-4248-A026-9745C1E9E159}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Text-to-Speech Engine 4.0 (English)-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msTTSf22.inf, Uninstall
Microsoft User-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWudf01007$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft WinUsb 1.0-->"C:\WINDOWS\$NtUninstallwinusb0100$\spuninst\spuninst.exe"
Mini Golf Master Special Edition-->C:\PROGRA~1\eGames\MINIGO~1\UNWISE.EXE C:\PROGRA~1\eGames\MINIGO~1\INSTALL.LOG
MixMeister CD-R Drivers-->MsiExec.exe /I{4367BF53-8748-4122-8516-85E4375925AF}
MixMeister Fusion Video 7.0.8-->"E:\ALL PROGRAMS INSTALLED\mix miester\MixMeister Fusion + Video\unins000.exe"
Monsters Jr-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5F87EF36-A373-11D5-AA2E-0008C760B784}\setup.exe" Monsters Jr
Mozilla ActiveX Control v1.7.12-->C:\Program Files\Mozilla ActiveX Control v1.7.12\uninst.exe
Mozilla Firefox (3.0.6)-->E:\ALL PROGRAMS INSTALLED\firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
MyAttorney Home And Business-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{DE12AC99-F988-4EE5-BDE9-62623EE42E3B}
Nero 7 Premium-->MsiExec.exe /I{37BA50EE-C851-4394-93DD-A0A611891033}
Norton PartitionMagic 8.0-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{21DBBDD6-93A5-4326-9A04-C9A5C9148502}
overland-->MsiExec.exe /I{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}
Pac-Man Adventures in Time-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2023740-9AAC-11D4-B54D-006008571948}\setup.exe" FromAddRemove
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Quicken 2008-->MsiExec.exe /X{3B0F52AC-EF5C-4831-B221-06C782E41280}
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
Reader Rabbit's Preschool-->C:\WINDOWS\uninst.exe -fC:\Tlcwin\Rrp\uninstal\DeIsL1.isu
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Recuva (remove only)-->"E:\ALL PROGRAMS INSTALLED\recuva\uninst.exe"
SeaMonkey (1.1.8)-->C:\WINDOWS\SeaMonkeyUninstall.exe /ua "1.1.8 (en)"
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Security Update for Visio 2007 (KB947590)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944533)-->"C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Serif MontagePlus 1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A8A42A57-2320-464B-9F5D-3F85089C4714}\setup.exe"
Shockwave-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
SightSpeed (remove only)-->"C:\Program Files\SightSpeed\uninst.exe"
SimSafari-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\DeIsL1.isu
SnagIt 7-->E:\ALL PROGRAMS INSTALLED\snag it 7.0\SnagIt 7\SIUNINST.EXE
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly
Speedy Eggbert Special Edition-->C:\PROGRA~1\eGames\SPEEDY~1\UNWISE.EXE C:\PROGRA~1\eGames\SPEEDY~1\INSTALL.LOG
Star Miner Special Edition-->C:\PROGRA~1\eGames\STARMI~1\UNWISE.EXE C:\PROGRA~1\eGames\STARMI~1\INSTALL.LOG
The Office-->"C:\Program Files\MumboJumbo\The Office\uninstall.exe"
TI Connect 1.6-->MsiExec.exe /I{A8B94669-8654-4126-BD28-D0D2412CDED6}
TrojanHunter 5.0-->"E:\ALL PROGRAMS INSTALLED\TrojanHunter 5.0\unins000.exe"
TurboTax Premier 2007-->E:\ALL PROGRAMS INSTALLED\TURBO TAX 2007\TurboTax Premier 2007\TaxUnst.EXE "E:\ALL PROGRAMS INSTALLED\TURBO TAX 2007\TurboTax Premier 2007\Uninstall.log" -NoGui
Ultimate Ride Disney Coaster-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E4EF7685-98A6-11D6-B2FB-0002A5E32BEF}\setup.exe" Ultimate Ride Disney Coaster
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb958619)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {79B301C1-DBC0-467C-AFDA-2A6CDAFA4302}
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920342)-->"C:\WINDOWS\$NtUninstallKB920342$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
Update for Windows XP (KB925876)-->"C:\WINDOWS\$NtUninstallKB925876$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Venture Africa (remove only)-->"E:\ALL PROGRAMS INSTALLED\Games\Venture Africa\Uninstall.exe"
VideoLAN VLC media player 0.8.6d-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Winamp Remote-->"C:\Program Files\Winamp Remote\uninstall.exe"
Winamp-->"E:\ALL PROGRAMS INSTALLED\Winamp\UninstWA.exe"
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Hotfix - KB873333-->C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
WinRAR archiver-->E:\ALL PROGRAMS INSTALLED\winRAR\uninstall.exe
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe
Zoo Tycoon 2 - Zookeeper Collection-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{238DCFCD-70B3-46B2-B90B-2CDCC69A3D03}
Zune Language Pack (ES)-->MsiExec.exe /X{EE4ACABF-531E-419A-9225-B8E0FA4955AF}
Zune Language Pack (FR)-->MsiExec.exe /X{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}
Zune-->e:\ALL PROGRAMS INSTALLED\Zune\ZuneSetup.exe /x
Zune-->MsiExec.exe /X{FF70513F-E3A7-402F-84FB-B7810A064BE2}

======Security center information======

AV: Kaspersky Internet Security
FW: Kaspersky Internet Security

System event log

Computer Name: HOME-2008
Event Code: 7036
Message: The IMAPI CD-Burning COM Service service entered the stopped state.

Record Number: 8924
Source Name: Service Control Manager
Time Written: 20081220110420.000000-480
Event Type: information
User:

Computer Name: HOME-2008
Event Code: 7036
Message: The IMAPI CD-Burning COM Service service entered the running state.

Record Number: 8923
Source Name: Service Control Manager
Time Written: 20081220110414.000000-480
Event Type: information
User:

Computer Name: HOME-2008
Event Code: 7035
Message: The IMAPI CD-Burning COM Service service was successfully sent a start control.

Record Number: 8922
Source Name: Service Control Manager
Time Written: 20081220110414.000000-480
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: HOME-2008
Event Code: 7036
Message: The IMAPI CD-Burning COM Service service entered the stopped state.

Record Number: 8921
Source Name: Service Control Manager
Time Written: 20081220110352.000000-480
Event Type: information
User:

Computer Name: HOME-2008
Event Code: 7036
Message: The IMAPI CD-Burning COM Service service entered the running state.

Record Number: 8920
Source Name: Service Control Manager
Time Written: 20081220110346.000000-480
Event Type: information
User:

Application event log

Computer Name: HOME-2008
Event Code: 0
Message:
Record Number: 1646
Source Name: Roxio Upnp Server 9
Time Written: 20080902203014.000000-420
Event Type: information
User:

Computer Name: HOME-2008
Event Code: 0
Message:
Record Number: 1645
Source Name: Roxio Upnp Server 9
Time Written: 20080902203014.000000-420
Event Type: information
User:

Computer Name: HOME-2008
Event Code: 0
Message:
Record Number: 1644
Source Name: RoxLiveShare9
Time Written: 20080902203014.000000-420
Event Type: information
User:

Computer Name: HOME-2008
Event Code: 4
Message: The LightScribe Service started successfully.

Record Number: 1643
Source Name: LightScribeService
Time Written: 20080902203013.000000-420
Event Type: information
User:

Computer Name: HOME-2008
Event Code: 0
Message:
Record Number: 1642
Source Name: gusvc
Time Written: 20080902203013.000000-420
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0304
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"VERSION"=3.1.0
"SESSIONID"=1228157613472g1u0355c.austin.hp.com-c4290db:11e3baa5250:-7bd3
"COLLECTIONID"=COL7458
"ITEMID"=ps-22563-2
"UPDATEDIR"=C:\DOCUME~1\Family\LOCALS~1\Temp\rad494B4.tmp
"TOOLPATH"=/E:/ALL%20PROGRAMS%20INSTALLED/hp%20psc%202410%20printer/HP%20Software%20Update/install.htm
"HMSERVER"=https://vausnzisprob.austin.hp.com/wuss/servlet/WUSSServlet
"SWUTVER"=1.0.18.20030625
"OSVER"=winXPP
"LANG"=1033
"TIMEOUT"=0
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

#6 white russian

white russian
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
    •  
  • Local time:04:29 AM

Posted 13 February 2009 - 10:40 PM

GMER result attached...

Attached Files

  • Attached File  gmer.txt   12.79KB   2 downloads

#7 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
    •  
  • Local time:08:29 PM

Posted 14 February 2009 - 02:55 AM

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive

#8 white russian

white russian
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
    •  
  • Local time:04:29 AM

Posted 14 February 2009 - 05:19 AM

Combofix log (hijackthis log will be on next post)



ComboFix 09-02-12.03 - Family 2009-02-14 1:58:35.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2559.1986 [GMT -8:00]
Running from: c:\documents and settings\Family\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Family\Application Data\inst.exe
c:\windows\system32\ahubolup.ini
c:\windows\system32\alefuzeg.ini
c:\windows\system32\alobeley.ini
c:\windows\system32\alorudas.ini
c:\windows\system32\amonizem.ini
c:\windows\system32\anikabaz.ini
c:\windows\system32\appdqh.dll
c:\windows\system32\asegiwuz.ini
c:\windows\system32\avihimip.ini
c:\windows\system32\ayarahej.ini
c:\windows\system32\ayisalup.ini
c:\windows\system32\azeseper.ini
c:\windows\system32\balumoke.dll
c:\windows\system32\beziseno.dll
c:\windows\system32\cyjwhx.dll
c:\windows\system32\dajiwava.dll
c:\windows\system32\dejegima.dll
c:\windows\system32\efetenew.ini
c:\windows\system32\egudegan.ini
c:\windows\system32\ekayutih.ini
c:\windows\system32\EMVwyGgh.ini
c:\windows\system32\EMVwyGgh.ini2
c:\windows\system32\ezadopub.ini
c:\windows\system32\ezlkrd.dll
c:\windows\system32\ezusohay.ini
c:\windows\system32\fevubitu.dll.tmp
c:\windows\system32\fiwomuzu.dll
c:\windows\system32\fuyisajo.dll
c:\windows\system32\gesiwoha.dll
c:\windows\system32\ghuykp.dll
c:\windows\system32\gijfxq.dll
c:\windows\system32\giyesewu.dll
c:\windows\system32\gizibena.dll
c:\windows\system32\gizisuyo.dll
c:\windows\system32\gmnfrn.dll
c:\windows\system32\gogoheri.dll
c:\windows\system32\guwakeba.dll
c:\windows\system32\guyopate.dll
c:\windows\system32\hafedeku.dll
c:\windows\system32\hahomehe.dll
c:\windows\system32\hesoyebu.dll
c:\windows\system32\hisakite.dll
c:\windows\system32\hiwiwepu.dll
c:\windows\system32\honumopi.dll
c:\windows\system32\hwmwgl.dll
c:\windows\system32\iheyugup.ini
c:\windows\system32\iqgkqa.dll
c:\windows\system32\juhiruma.dll
c:\windows\system32\jujukeyo.dll
c:\windows\system32\juwefisi.dll
c:\windows\system32\kapidoma.dll
c:\windows\system32\kejowigi.dll
c:\windows\system32\lajerode.dll
c:\windows\system32\lodayija.dll
c:\windows\system32\lozugava.dll.tmp
c:\windows\system32\mefokugi.dll
c:\windows\system32\mililezu.dll
c:\windows\system32\mitudeju.dll
c:\windows\system32\musugita.dll
c:\windows\system32\mvictz.dll
c:\windows\system32\naobys.dll
c:\windows\system32\neyuvena.dll
c:\windows\system32\nubawove.dll
c:\windows\system32\nularehi.dll
c:\windows\system32\ojakomig.ini
c:\windows\system32\ojekipok.ini
c:\windows\system32\ojipokul.ini
c:\windows\system32\okuhepih.ini
c:\windows\system32\orufujud.ini
c:\windows\system32\ovulenod.ini
c:\windows\system32\oyomutad.ini
c:\windows\system32\pegizoto.dll
c:\windows\system32\qjeuvg.dll
c:\windows\system32\ralanagu.dll
c:\windows\system32\ripvtiwv.ini
c:\windows\system32\robejozo.dll
c:\windows\system32\rsaxad.dll
c:\windows\system32\rufebapu.dll
c:\windows\system32\sagufeho.dll
c:\windows\system32\segorado.dll
c:\windows\system32\sizulase.dll
c:\windows\system32\sumavabu.dll
c:\windows\system32\tojihiji.dll
c:\windows\system32\vhezvb.dll
c:\windows\system32\wuleluzu.dll
c:\windows\system32\wutezefi.dll
c:\windows\system32\wuyedifu.dll
c:\windows\system32\xbtpji.dll
c:\windows\system32\xoaluz.dll
c:\windows\system32\ycgfaa.dll
c:\windows\system32\yidoregu.dll.tmp
c:\windows\system32\yzavjf.dll
c:\windows\system32\zayitigi.dll
c:\windows\system32\zevopawe.dll
c:\windows\system32\zowohuku.dll
c:\windows\system32\zowohuku.dll.tmp
c:\windows\system32\zumidiba.dll
c:\windows\Tasks\jsfbfqow.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_seneka


((((((((((((((((((((((((( Files Created from 2009-01-14 to 2009-02-14 )))))))))))))))))))))))))))))))
.

2009-02-13 19:25 . 2009-02-13 19:25 250 --a------ c:\windows\gmer.ini
2009-02-13 19:14 . 2009-02-13 19:14 <DIR> d-------- C:\rsit
2009-02-13 17:24 . 2009-02-14 02:02 7,945,760 --ahs---- c:\windows\system32\drivers\fidbox.dat
2009-02-13 17:24 . 2009-02-14 02:03 557,088 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2009-02-13 17:24 . 2009-02-14 02:02 65,252 --ahs---- c:\windows\system32\drivers\fidbox.idx
2009-02-13 17:24 . 2009-02-14 02:03 4,032 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2009-02-13 16:17 . 2009-02-13 16:17 <DIR> d-------- c:\documents and settings\Family\Application Data\Malwarebytes
2009-02-13 16:16 . 2009-02-13 16:17 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-13 16:16 . 2009-02-13 16:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-13 16:16 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-13 16:16 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-12 18:23 . 2009-02-12 18:23 <DIR> d-------- c:\documents and settings\Family\Application Data\TrojanHunter
2009-02-12 16:45 . 2002-12-29 01:14 81,920 --a------ c:\windows\system32\Startup.cpl
2009-02-10 20:37 . 2009-02-10 20:37 2,713 ---hs---- c:\windows\system32\musesiwo.dll
2009-02-09 18:13 . 2009-02-09 18:13 2,713 ---hs---- c:\windows\system32\gafilumu.dll
2009-02-08 09:25 . 2009-02-08 09:25 2,713 ---hs---- c:\windows\system32\wasefotu.dll
2009-01-31 21:17 . 2009-01-31 21:17 2,713 ---hs---- c:\windows\system32\pifotamo.dll
2009-01-31 09:17 . 2009-01-31 09:17 2,713 ---hs---- c:\windows\system32\zibipudo.dll
2009-01-31 09:17 . 2009-01-31 09:17 0 --a------ c:\windows\system32\ukanedep.tmp
2009-01-28 20:14 . 2009-01-28 20:14 2,713 ---hs---- c:\windows\system32\yegawogo.dll
2009-01-27 21:05 . 2009-01-27 21:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2009-01-26 22:27 . 2009-02-03 10:09 101,287 --a------ c:\windows\system32\drivers\klin.dat
2009-01-26 22:27 . 2009-02-03 10:09 89,601 --a------ c:\windows\system32\drivers\klick.dat
2009-01-26 22:26 . 2009-01-26 22:26 <DIR> d-------- c:\program files\Kaspersky Lab
2009-01-26 22:26 . 2009-02-14 02:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-01-26 21:25 . 2009-01-26 21:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-01-21 18:56 . 2009-01-22 18:56 86 --a------ c:\windows\wininit.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-14 00:03 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-02-04 15:00 33,808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-01-29 08:06 --------- d-----w c:\documents and settings\Family\Application Data\LimeWire
2009-01-28 05:44 --------- d-----w c:\program files\Java
2009-01-28 05:41 --------- d-----w c:\program files\InterActual
2009-01-28 05:06 --------- d-----w c:\program files\QuickTime
2009-01-27 05:02 --------- d-----w c:\program files\ASUS
2009-01-27 05:00 47,360 ----a-w c:\documents and settings\Family\Application Data\pcouffin.sys
2009-01-27 05:00 --------- d-----w c:\program files\VSO
2009-01-27 05:00 --------- d-----w c:\documents and settings\Family\Application Data\Vso
2009-01-27 04:28 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-01-26 03:25 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-10 01:20 --------- d-----w c:\documents and settings\Family\Application Data\Winamp
2009-01-05 00:54 --------- d--h--w c:\program files\Zero G Registry
2009-01-03 03:24 --------- d-----w c:\program files\DK Interactive Learning
2008-12-30 07:43 --------- d-----w c:\documents and settings\Family\Application Data\Ahead
2008-12-25 23:01 --------- d-----w c:\documents and settings\Family\Application Data\Microsoft Games
2008-12-25 22:38 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-25 22:37 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Games
2008-12-25 22:23 --------- d-----w c:\program files\Microsoft Games
2008-12-25 17:51 --------- d-----w c:\program files\MumboJumbo
2008-12-25 17:51 --------- d-----w c:\documents and settings\All Users\Application Data\MumboJumbo
2008-12-22 03:43 --------- d-----w c:\program files\Common Files\Research In Motion
2008-12-22 03:38 --------- d-----w c:\program files\Common Files\Sonic Shared
2008-12-22 03:37 --------- d-----w c:\program files\Common Files\Roxio Shared
2008-12-22 03:37 --------- d-----w c:\documents and settings\All Users\Application Data\Roxio
2008-12-21 23:49 --------- d-----w c:\documents and settings\Family\Application Data\Apple Computer
2008-12-21 23:47 --------- d-----w c:\program files\Apple Software Update
2008-12-21 23:47 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2008-12-21 17:35 56 ------r C:\RAYMAN.BAT
2008-12-15 17:48 --------- d-----w c:\program files\Overland
2008-08-30 01:02 256 ----a-w c:\documents and settings\Family\pool.bin
2008-07-11 00:12 0 ----a-w c:\documents and settings\Family\jagex_runescape_preferences.dat
1601-01-01 00:12 95,232 --sha-w c:\windows\system32\jubetufa.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-01 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acrobat Assistant 8.0"="e:\all programs installed\ADOBE ACROBAT 8\Acrobat\Acrotray.exe" [2008-01-11 623992]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"Adobe_ID0EYTHM"="c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 1884160]
"Zune Launcher"="e:\all programs installed\Zune\ZuneLauncher.exe" [2008-09-12 160160]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2003-12-01 892928]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-02-04 206088]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-06-22 09:28 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\ALL PROGRAMS INSTALLED\\OFFICE 2007\\Office12\\OUTLOOK.EXE"=
"e:\\ALL PROGRAMS INSTALLED\\OFFICE 2007\\Office12\\GROOVE.EXE"=
"e:\\ALL PROGRAMS INSTALLED\\OFFICE 2007\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"e:\\ALL PROGRAMS INSTALLED\\CREATIVE SUITE 3\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=
"c:\\WINDOWS\\system32\\ZuneBusEnum.exe"=
"c:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"=
"c:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe"=
"c:\\Program Files\\Analog Devices\\SoundMAX\\SMAgent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 33808]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592]
S3 USB-100;Linksys EtherFast 10/100 Compact USB Network Adapter;c:\windows\system32\drivers\USB100M.SYS [2008-03-13 27519]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02c5ee8a-f180-11dc-9947-0013d4f0eceb}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL recycled\sys.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-02-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1409082233-839522115-1003.job
- c:\documents and settings\Family\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-16 22:46]
.
- - - - ORPHANS REMOVED - - - -

BHO-{C568B2DE-6B81-4992-AC24-AD8740FEB0D8} - (no file)
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
Notify-yayvWpom - yayvWpom.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?rs=1
uInternet Settings,ProxyOverride = *.local
IE: Add to Banner Ad Blocker - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: Append to existing PDF - e:\all programs installed\ADOBE ACROBAT 8\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - e:\all programs installed\ADOBE ACROBAT 8\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - e:\all programs installed\ADOBE ACROBAT 8\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - e:\all programs installed\ADOBE ACROBAT 8\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - e:\all programs installed\ADOBE ACROBAT 8\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - e:\all programs installed\ADOBE ACROBAT 8\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - e:\all programs installed\ADOBE ACROBAT 8\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - e:\all programs installed\ADOBE ACROBAT 8\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - e:\allpro~1\Office12\EXCEL.EXE/3000
Trusted Zone: turbotax.com
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: PackageCab - hxxp://ak.imgag.com/imgag/cp/install/AxCtp2.cab
FF - ProfilePath - c:\documents and settings\Family\Application Data\Mozilla\Firefox\Profiles\q2e42d22.default\
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: e:\all programs installed\ADOBE ACROBAT 8\Acrobat\browser\nppdf32.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-14 02:03:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1080)
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\ZuneBusEnum.exe
e:\all programs installed\Zune\ZuneNss.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-02-14 2:11:16 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-14 10:11:13

Pre-Run: 23,103,361,024 bytes free
Post-Run: 24,213,925,888 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

320 --- E O F --- 2008-12-18 11:00:54

#9 white russian

white russian
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
    •  
  • Local time:04:29 AM

Posted 14 February 2009 - 05:20 AM

fresh HijackThis log:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:12:28 AM, on 2/14/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
E:\ALL PROGRAMS INSTALLED\ADOBE ACROBAT 8\Acrobat\Acrotray.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
E:\ALL PROGRAMS INSTALLED\Zune\ZuneLauncher.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
E:\ALL PROGRAMS INSTALLED\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?rs=1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - E:\ALL PROGRAMS INSTALLED\snag it 7.0\SnagIt 7\SnagItBHO.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\ALL PROGRAMS INSTALLED\ADOBE ACROBAT 8\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - E:\ALL PROGRAMS INSTALLED\snag it 7.0\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - E:\ALL PROGRAMS INSTALLED\CREATIVE SUITE 3\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "E:\ALL PROGRAMS INSTALLED\ADOBE ACROBAT 8\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Zune Launcher] "e:\ALL PROGRAMS INSTALLED\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Append to existing PDF - res://E:\ALL PROGRAMS INSTALLED\ADOBE ACROBAT 8\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://E:\ALL PROGRAMS INSTALLED\ADOBE ACROBAT 8\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://E:\ALL PROGRAMS INSTALLED\ADOBE ACROBAT 8\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://E:\ALL PROGRAMS INSTALLED\ADOBE ACROBAT 8\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://E:\ALL PROGRAMS INSTALLED\ADOBE ACROBAT 8\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://E:\ALL PROGRAMS INSTALLED\ADOBE ACROBAT 8\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://E:\ALL PROGRAMS INSTALLED\ADOBE ACROBAT 8\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://E:\ALL PROGRAMS INSTALLED\ADOBE ACROBAT 8\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\ALLPRO~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\ALLPRO~1\OFFICE~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\ALLPRO~1\OFFICE~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\ALLPRO~1\OFFICE~1\Office12\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: PackageCab - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1205470030218
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\ALL PROGRAMS INSTALLED\OFFICE 2007\Office12\GrooveSystemServices.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - E:\ALL PROGRAMS INSTALLED\power translator\LogoMedia TranslateDotNet Server.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - E:\ALL PROGRAMS INSTALLED\NERO 7.5\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)

--
End of file - 11216 bytes

#10 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
    •  
  • Local time:08:29 PM

Posted 14 February 2009 - 07:03 AM

1. Please open Notepad
  • Click Start, then Run
  • Type notepad.exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

File::
c:\windows\system32\musesiwo.dll
c:\windows\system32\gafilumu.dll
c:\windows\system32\wasefotu.dll
c:\windows\system32\pifotamo.dll
c:\windows\system32\zibipudo.dll
c:\windows\system32\ukanedep.tmp
c:\windows\system32\yegawogo.dll
c:\windows\system32\jubetufa.dll

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02c5ee8a-f180-11dc-9947-0013d4f0eceb}]

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive

#11 white russian

white russian
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
    •  
  • Local time:04:29 AM

Posted 14 February 2009 - 02:06 PM

Here is the Combofix log after running the script:



ComboFix 09-02-12.03 - Family 2009-02-14 10:48:53.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2559.2014 [GMT -8:00]
Running from: c:\documents and settings\Family\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Family\Desktop\CFScript.txt
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*
* Created a new restore point

FILE ::
c:\windows\system32\gafilumu.dll
c:\windows\system32\jubetufa.dll
c:\windows\system32\musesiwo.dll
c:\windows\system32\pifotamo.dll
c:\windows\system32\ukanedep.tmp
c:\windows\system32\wasefotu.dll
c:\windows\system32\yegawogo.dll
c:\windows\system32\zibipudo.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\gafilumu.dll
c:\windows\system32\jubetufa.dll
c:\windows\system32\musesiwo.dll
c:\windows\system32\pifotamo.dll
c:\windows\system32\ukanedep.tmp
c:\windows\system32\wasefotu.dll
c:\windows\system32\yegawogo.dll
c:\windows\system32\zibipudo.dll

.
((((((((((((((((((((((((( Files Created from 2009-01-14 to 2009-02-14 )))))))))))))))))))))))))))))))
.

2009-02-13 19:25 . 2009-02-13 19:25 250 --a------ c:\windows\gmer.ini
2009-02-13 19:14 . 2009-02-13 19:14 <DIR> d-------- C:\rsit
2009-02-13 17:24 . 2009-02-14 10:54 7,945,760 --ahs---- c:\windows\system32\drivers\fidbox.dat
2009-02-13 17:24 . 2009-02-14 10:54 573,472 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2009-02-13 17:24 . 2009-02-14 10:54 65,252 --ahs---- c:\windows\system32\drivers\fidbox.idx
2009-02-13 17:24 . 2009-02-14 10:54 4,088 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2009-02-13 16:17 . 2009-02-13 16:17 <DIR> d-------- c:\documents and settings\Family\Application Data\Malwarebytes
2009-02-13 16:16 . 2009-02-13 16:17 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-13 16:16 . 2009-02-13 16:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-13 16:16 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-13 16:16 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-12 18:23 . 2009-02-12 18:23 <DIR> d-------- c:\documents and settings\Family\Application Data\TrojanHunter
2009-02-12 16:45 . 2002-12-29 01:14 81,920 --a------ c:\windows\system32\Startup.cpl
2009-01-27 21:05 . 2009-01-27 21:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2009-01-26 22:27 . 2009-02-03 10:09 101,287 --a------ c:\windows\system32\drivers\klin.dat
2009-01-26 22:27 . 2009-02-03 10:09 89,601 --a------ c:\windows\system32\drivers\klick.dat
2009-01-26 22:26 . 2009-01-26 22:26 <DIR> d-------- c:\program files\Kaspersky Lab
2009-01-26 22:26 . 2009-02-14 10:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-01-26 21:25 . 2009-01-26 21:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-01-21 18:56 . 2009-01-22 18:56 86 --a------ c:\windows\wininit.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-14 00:03 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-02-04 15:00 33,808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-01-29 08:06 --------- d-----w c:\documents and settings\Family\Application Data\LimeWire
2009-01-28 05:44 --------- d-----w c:\program files\Java
2009-01-28 05:41 --------- d-----w c:\program files\InterActual
2009-01-28 05:06 --------- d-----w c:\program files\QuickTime
2009-01-27 05:02 --------- d-----w c:\program files\ASUS
2009-01-27 05:00 47,360 ----a-w c:\documents and settings\Family\Application Data\pcouffin.sys
2009-01-27 05:00 --------- d-----w c:\program files\VSO
2009-01-27 05:00 --------- d-----w c:\documents and settings\Family\Application Data\Vso
2009-01-27 04:28 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-01-26 03:25 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-10 01:20 --------- d-----w c:\documents and settings\Family\Application Data\Winamp
2009-01-05 00:54 --------- d--h--w c:\program files\Zero G Registry
2009-01-03 03:24 --------- d-----w c:\program files\DK Interactive Learning
2008-12-30 07:43 --------- d-----w c:\documents and settings\Family\Application Data\Ahead
2008-12-25 23:01 --------- d-----w c:\documents and settings\Family\Application Data\Microsoft Games
2008-12-25 22:38 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-25 22:37 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Games
2008-12-25 22:23 --------- d-----w c:\program files\Microsoft Games
2008-12-25 17:51 --------- d-----w c:\program files\MumboJumbo
2008-12-25 17:51 --------- d-----w c:\documents and settings\All Users\Application Data\MumboJumbo
2008-12-22 03:43 --------- d-----w c:\program files\Common Files\Research In Motion
2008-12-22 03:38 --------- d-----w c:\program files\Common Files\Sonic Shared
2008-12-22 03:37 --------- d-----w c:\program files\Common Files\Roxio Shared
2008-12-22 03:37 --------- d-----w c:\documents and settings\All Users\Application Data\Roxio
2008-12-21 23:49 --------- d-----w c:\documents and settings\Family\Application Data\Apple Computer
2008-12-21 23:47 --------- d-----w c:\program files\Apple Software Update
2008-12-21 23:47 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2008-12-21 17:35 56 ------r C:\RAYMAN.BAT
2008-12-15 17:48 --------- d-----w c:\program files\Overland
2008-08-30 01:02 256 ----a-w c:\documents and settings\Family\pool.bin
2008-07-11 00:12 0 ----a-w c:\documents and settings\Family\jagex_runescape_preferences.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-02-14_ 2.09.58.09 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-02-06 18:54:51 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-02-14 18:55:30 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-02-06 18:54:51 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-02-14 18:55:30 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-02-06 18:54:51 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-14 18:55:30 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-14 18:55:25 16,384 ----atw c:\windows\temp\Perflib_Perfdata_6f0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-01 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acrobat Assistant 8.0"="e:\all programs installed\ADOBE ACROBAT 8\Acrobat\Acrotray.exe" [2008-01-11 623992]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"Adobe_ID0EYTHM"="c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 1884160]
"Zune Launcher"="e:\all programs installed\Zune\ZuneLauncher.exe" [2008-09-12 160160]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2003-12-01 892928]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-02-04 206088]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-06-22 09:28 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\ALL PROGRAMS INSTALLED\\OFFICE 2007\\Office12\\OUTLOOK.EXE"=
"e:\\ALL PROGRAMS INSTALLED\\OFFICE 2007\\Office12\\GROOVE.EXE"=
"e:\\ALL PROGRAMS INSTALLED\\OFFICE 2007\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"e:\\ALL PROGRAMS INSTALLED\\CREATIVE SUITE 3\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=
"c:\\WINDOWS\\system32\\ZuneBusEnum.exe"=
"c:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"=
"c:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe"=
"c:\\Program Files\\Analog Devices\\SoundMAX\\SMAgent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 33808]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592]
S3 USB-100;Linksys EtherFast 10/100 Compact USB Network Adapter;c:\windows\system32\drivers\USB100M.SYS [2008-03-13 27519]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-02-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1409082233-839522115-1003.job
- c:\documents and settings\Family\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-16 22:46]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?rs=1
uInternet Settings,ProxyOverride = *.local
IE: Add to Banner Ad Blocker - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: Append to existing PDF - e:\all programs installed\ADOBE ACROBAT 8\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - e:\all programs installed\ADOBE ACROBAT 8\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - e:\all programs installed\ADOBE ACROBAT 8\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - e:\all programs installed\ADOBE ACROBAT 8\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - e:\all programs installed\ADOBE ACROBAT 8\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - e:\all programs installed\ADOBE ACROBAT 8\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - e:\all programs installed\ADOBE ACROBAT 8\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - e:\all programs installed\ADOBE ACROBAT 8\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - e:\allpro~1\Office12\EXCEL.EXE/3000
Trusted Zone: turbotax.com
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: PackageCab - hxxp://ak.imgag.com/imgag/cp/install/AxCtp2.cab
FF - ProfilePath - c:\documents and settings\Family\Application Data\Mozilla\Firefox\Profiles\q2e42d22.default\
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: e:\all programs installed\ADOBE ACROBAT 8\Acrobat\browser\nppdf32.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-14 10:56:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1068)
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\ZuneBusEnum.exe
e:\all programs installed\Zune\ZuneNss.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
.
**************************************************************************
.
Completion time: 2009-02-14 11:03:01 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-14 19:02:57
ComboFix2.txt 2009-02-14 10:11:18

Pre-Run: 24,159,752,192 bytes free
Post-Run: 24,179,343,360 bytes free

226 --- E O F --- 2008-12-18 11:00:54


Here is the new hijackthis log:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:03:39 AM, on 2/14/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
E:\ALL PROGRAMS INSTALLED\ADOBE ACROBAT 8\Acrobat\Acrotray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
E:\ALL PROGRAMS INSTALLED\Zune\ZuneLauncher.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
E:\ALL PROGRAMS INSTALLED\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?rs=1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - E:\ALL PROGRAMS INSTALLED\snag it 7.0\SnagIt 7\SnagItBHO.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\ALL PROGRAMS INSTALLED\ADOBE ACROBAT 8\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - E:\ALL PROGRAMS INSTALLED\snag it 7.0\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - E:\ALL PROGRAMS INSTALLED\CREATIVE SUITE 3\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "E:\ALL PROGRAMS INSTALLED\ADOBE ACROBAT 8\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Zune Launcher] "e:\ALL PROGRAMS INSTALLED\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Append to existing PDF - res://E:\ALL PROGRAMS INSTALLED\ADOBE ACROBAT 8\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://E:\ALL PROGRAMS INSTALLED\ADOBE ACROBAT 8\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://E:\ALL PROGRAMS INSTALLED\ADOBE ACROBAT 8\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://E:\ALL PROGRAMS INSTALLED\ADOBE ACROBAT 8\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://E:\ALL PROGRAMS INSTALLED\ADOBE ACROBAT 8\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://E:\ALL PROGRAMS INSTALLED\ADOBE ACROBAT 8\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://E:\ALL PROGRAMS INSTALLED\ADOBE ACROBAT 8\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://E:\ALL PROGRAMS INSTALLED\ADOBE ACROBAT 8\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\ALLPRO~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\ALLPRO~1\OFFICE~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\ALLPRO~1\OFFICE~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\ALLPRO~1\OFFICE~1\Office12\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: PackageCab - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1205470030218
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\ALL PROGRAMS INSTALLED\OFFICE 2007\Office12\GrooveSystemServices.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - E:\ALL PROGRAMS INSTALLED\power translator\LogoMedia TranslateDotNet Server.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - E:\ALL PROGRAMS INSTALLED\NERO 7.5\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)

--
End of file - 11217 bytes

#12 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
    •  
  • Local time:08:29 PM

Posted 14 February 2009 - 02:41 PM

Hello.. Do you know anything about below file?. If not, just find and delete it manually..

C:\RAYMAN.BAT



Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

How's the computer now? :thumbup2:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive

#13 white russian

white russian
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
    •  
  • Local time:04:29 AM

Posted 14 February 2009 - 11:01 PM

The computer is running much much better now. I have not had any popups and the speed has improved dramatically. The rayman.bat file was from a game that is no longer in use, so I deleted the file.

Thank you so very much - I was ready to just wipe out the whole system, but I did not want to resort to that.

Here is the log from EsetOnlineScanner:



# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3853 (20090214)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=992929914a8e384d8a3bf9c4178373b6
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2009-02-15 03:55:42
# local_time=2009-02-14 07:55:42 (-0800, Pacific Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=576226
# found=4
# scan_time=4406
C:\Qoobox\Quarantine\C\WINDOWS\system32\fevubitu.dll.tmp.vir Win32/Adware.Virtumonde application (unable to clean - deleted) 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\system32\guwakeba.dll.vir Win32/Adware.Virtumonde application (unable to clean - deleted) 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\system32\lozugava.dll.tmp.vir Win32/Adware.Virtumonde application (unable to clean - deleted) 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\system32\yidoregu.dll.tmp.vir Win32/Adware.Virtumonde application (unable to clean - deleted) 00000000000000000000000000000000

#14 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
    •  
  • Local time:08:29 PM

Posted 15 February 2009 - 12:15 AM

Looks good to me.. Lets do some cleanup...


Time for some housekeeping
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK
    Please note that the space between combofix and /u is needed

    Posted Image



Please download OTCleanIt and save it to Desktop.
  • Make sure you have internet connection..
  • Double-click OTCleanIt.exe
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes



Please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware

Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :thumbup2:



Have a safe and happy computing day!


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive

#15 white russian

white russian
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
    •  
  • Local time:04:29 AM

Posted 15 February 2009 - 04:34 PM

Computer is running very well now - thank you for your time and help...

:thumbup2:
Back to Virus, Trojan, Spyware, and Malware Removal Help


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Help
  4. Privacy Policy
  5. Rules ·