Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Massive Popups, other things too.


  • This topic is locked This topic is locked
8 replies to this topic

#1 coyn3burglar

coyn3burglar

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:03:18 PM

Posted 18 February 2009 - 11:42 PM

I am experiencing a lot of popups when a browser is opened and I am unable to update my virus programs including AV8 and Spybot. Here is my Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:41:30 PM, on 2/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: {8173538e-72c8-7169-1e04-45c13938431b} - {b1348393-1c54-40e1-9617-8c27e8353718} - C:\WINDOWS\system32\jgmxfz.dll
O2 - BHO: (no name) - {ba4ebfea-3664-4072-8b70-c2d20663ef12} - C:\WINDOWS\system32\yanagata.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [vivohikafe] Rundll32.exe "C:\WINDOWS\system32\dowosiki.dll",s
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [f8496e73] rundll32.exe "C:\WINDOWS\system32\paforugi.dll",b
O4 - HKLM\..\Run: [CPMfb7a5def] Rundll32.exe "c:\windows\system32\yuzohiku.dll",a
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA784] command /c del "c:\windows\system32\jubateya.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8621] cmd /c del "c:\windows\system32\jubateya.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6305] command /c del "C:\WINDOWS\system32\netojeke.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2007] cmd /c del "C:\WINDOWS\system32\netojeke.dll_old"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [vivohikafe] Rundll32.exe "C:\WINDOWS\system32\dowosiki.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [vivohikafe] Rundll32.exe "C:\WINDOWS\system32\dowosiki.dll",s (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\User\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1198356628938
O16 - DPF: {C9A2CBF3-B7F9-463E-A690-82CC077DCFC6} (ZemiDetectHardware Control) - http://www.4story.com/Active_X/ZemiDetectHardware.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll avgrsstx.dll C:\WINDOWS\system32\huheliva.dll c:\windows\system32\hivofupi.dll jgmxfz.dll c:\windows\system32\yuzohiku.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\yuzohiku.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\yuzohiku.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 9077 bytes

Thanks for the help!

BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:04:18 AM

Posted 19 February 2009 - 04:25 AM

Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.



NEXT


Please download GMER and unzip it to your Desktop. <<mirror>>
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.
IMPORTANT: Do NOT run any program while you are doing these scans as it may interfere with the output results



Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GMER result..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 coyn3burglar

coyn3burglar
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:03:18 PM

Posted 20 February 2009 - 07:42 PM

MALWAREBYTES LOG:


Malwarebytes' Anti-Malware 1.34
Database version: 1782
Windows 5.1.2600 Service Pack 3

2/20/2009 7:14:56 PM
mbam-log-2009-02-20 (19-14-56).txt

Scan type: Full Scan (C:\|)
Objects scanned: 172220
Time elapsed: 1 hour(s), 2 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 6
Registry Keys Infected: 13
Registry Values Infected: 5
Registry Data Items Infected: 5
Folders Infected: 0
Files Infected: 48

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\huheliva.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\gizisuyo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\dowosiki.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\yanagata.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\vamibedi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\kgtcih.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f1bfb3f0-927b-441b-9fb5-5384ba0f369f} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f1bfb3f0-927b-441b-9fb5-5384ba0f369f} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ba4ebfea-3664-4072-8b70-c2d20663ef12} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ba4ebfea-3664-4072-8b70-c2d20663ef12} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ba4ebfea-3664-4072-8b70-c2d20663ef12} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f1bfb3f0-927b-441b-9fb5-5384ba0f369f} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\f8496e73 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vivohikafe (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpmfb7a5def (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Delete on reboot.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\huheliva.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\huheliva.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\huheliva.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\vamibedi.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\vamibedi.dll -> Delete on reboot.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\kgtcih.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\gizisuyo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\oyusizig.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vonowiya.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ayiwonov.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dowosiki.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\vamibedi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\yanagata.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\huheliva.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\System Volume Information\_restore{165B609F-4A18-44E8-B52B-DF8B19D66863}\RP141\A0068575.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{165B609F-4A18-44E8-B52B-DF8B19D66863}\RP141\A0068577.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{165B609F-4A18-44E8-B52B-DF8B19D66863}\RP142\A0068671.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{165B609F-4A18-44E8-B52B-DF8B19D66863}\RP142\A0068673.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\paforugi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gjstou.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gojidisi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kerojade.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mafolibu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\negimeka.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\petokulu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pmnlmjGX.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rutijeri.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sagenumi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dusayamo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\erlcjs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hobolaku.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mmsdrcpw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\momozise.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mqykpq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wrccgk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wmpsxr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jgmxfz.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\huwiyuke.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\buraboto.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wunufuzo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fojawuka.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vevesadi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yopalimi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yozbpf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yuzohiku.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zoloyiru.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ponlbc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iilegm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tumohopu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tuviloko.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\BD2IS2WB\pldr8[1].htm (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xxyVnoLc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\Setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.


RSIT Log.text:


Logfile of random's system information tool 1.05 (written by random/random)
Run by User at 2009-02-20 19:19:20
Microsoft Windows XP Professional Service Pack 3
System drive C: has 94 GB (63%) free of 150 GB
Total RAM: 1022 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:19:35 PM, on 2/20/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\program files\steam\steam.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\User\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\User.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [vivohikafe] Rundll32.exe "C:\WINDOWS\system32\dowosiki.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [vivohikafe] Rundll32.exe "C:\WINDOWS\system32\dowosiki.dll",s (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\User\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1198356628938
O16 - DPF: {C9A2CBF3-B7F9-463E-A690-82CC077DCFC6} (ZemiDetectHardware Control) - http://www.4story.com/Active_X/ZemiDetectHardware.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll avgrsstx.dll c:\windows\system32\hivofupi.dll kgtcih.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 7927 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-09-30 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-27 652784]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"nwiz"=nwiz.exe /install []
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"COMODO Firewall Pro"=C:\Program Files\COMODO\Firewall\cfp.exe [2009-02-17 1797880]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-11-29 1261336]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-08-15 13570048]
"COMODO Internet Security"=C:\Program Files\COMODO\Firewall\cfp.exe [2009-02-17 1797880]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-08-08 490952]
"Aim6"= []
"Steam"=c:\program files\steam\steam.exe [2009-01-08 1410296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /installquiet []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINDOWS\system32\guard32.dll avgrsstx.dll c:\windows\system32\hivofupi.dll kgtcih.dll "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2002-07-30 45056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\opnkllLE

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Steam\steamapps\koreathebest\counter-strike\hl.exe"="C:\Program Files\Steam\steamapps\koreathebest\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Steam\steamapps\koreathebest\half-life\hl.exe"="C:\Program Files\Steam\steamapps\koreathebest\half-life\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Steam\steamapps\koreathebest\day of defeat\hl.exe"="C:\Program Files\Steam\steamapps\koreathebest\day of defeat\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Steam\steamapps\koreathebest\half-life blue shift\hl.exe"="C:\Program Files\Steam\steamapps\koreathebest\half-life blue shift\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe"="C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Diablo II\Diablo II.exe"="C:\Program Files\Diablo II\Diablo II.exe:*:Enabled:Diablo II - Lord of Destruction"
"C:\Program Files\Ventrilo\Ventrilo.exe"="C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe"
"C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\Program Files\AVG\AVG8\avgrsx.exe"="C:\Program Files\AVG\AVG8\avgrsx.exe:*:Enabled:avgrsx"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 3 months======

2009-02-20 19:19:20 ----D---- C:\rsit
2009-02-20 18:09:15 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-02-14 15:32:58 ----A---- C:\WINDOWS\system32\opnkllLE.dll.vir
2009-02-12 16:45:29 ----A---- C:\FragHYPE Updater.exe
2009-02-12 16:45:15 ----A---- C:\FragHYPE Client.exe
2009-02-12 16:27:36 ----D---- C:\Config.Msi
2009-02-07 14:13:23 ----D---- C:\Program Files\Fraps
2009-02-07 14:10:25 ----D---- C:\Program Files\HELP
2009-01-14 17:16:01 ----A---- C:\Program Files\FragHYPE Updater.exe
2009-01-14 17:15:48 ----A---- C:\Program Files\FragHYPE Client.exe
2009-01-11 23:19:52 ----D---- C:\Program Files\mIRC
2009-01-11 23:19:52 ----D---- C:\Documents and Settings\User\Application Data\mIRC
2009-01-08 18:49:16 ----D---- C:\Program Files\Steam
2009-01-03 08:21:46 ----A---- C:\Program Files\changes.txt
2008-12-31 22:34:09 ----D---- C:\Program Files\Ventrilo
2008-12-31 22:33:58 ----A---- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2008-12-19 00:13:52 ----D---- C:\Documents and Settings\All Users\Application Data\2DBoy
2008-12-19 00:13:29 ----D---- C:\Program Files\WorldOfGooDemo
2008-12-15 15:41:51 ----D---- C:\CrashReport
2008-12-14 17:46:47 ----D---- C:\Program Files\Pando Networks
2008-12-13 22:10:24 ----D---- C:\Program Files\GameSpy Arcade
2008-12-13 22:10:14 ----D---- C:\Program Files\MSXML 4.0
2008-12-12 16:29:13 ----D---- C:\Documents and Settings\User\Application Data\NPLUTO Corporation
2008-11-30 13:59:45 ----D---- C:\Documents and Settings\User\Application Data\fizzy
2008-11-30 13:59:37 ----SHD---- C:\WINDOWS\ftpcache
2008-11-30 00:39:22 ----D---- C:\Documents and Settings\User\Application Data\SystemRequirementsLab
2008-11-23 21:53:28 ----A---- C:\WINDOWS\clientshell.INI
2008-11-22 22:51:21 ----A---- C:\Program Files\Setup.ini

======List of files/folders modified in the last 3 months======

2009-02-20 19:19:35 ----D---- C:\WINDOWS\temp
2009-02-20 19:19:10 ----D---- C:\WINDOWS\Prefetch
2009-02-20 19:17:59 ----D---- C:\Program Files\Mozilla Firefox
2009-02-20 19:17:24 ----D---- C:\WINDOWS
2009-02-20 19:16:08 ----D---- C:\WINDOWS\system32
2009-02-20 19:16:07 ----D---- C:\WINDOWS\system32\drivers
2009-02-20 19:15:38 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-20 19:15:37 ----D---- C:\WINDOWS\system32\CatRoot2
2009-02-20 19:14:55 ----RD---- C:\Program Files
2009-02-20 16:17:26 ----HD---- C:\$AVG8.VAULT$
2009-02-20 15:44:00 ----A---- C:\WINDOWS\NeroDigital.ini
2009-02-19 23:43:57 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-02-19 15:48:40 ----A---- C:\WINDOWS\wininit.ini
2009-02-19 11:19:24 ----D---- C:\WINDOWS\system32\LogFiles
2009-02-17 19:51:51 ----A---- C:\WINDOWS\system32\guard32.dll
2009-02-17 19:49:14 ----D---- C:\WINDOWS\Debug
2009-02-17 18:27:59 ----SD---- C:\WINDOWS\Tasks
2009-02-16 12:55:57 ----D---- C:\WINDOWS\Registration
2009-02-14 15:36:38 ----A---- C:\WINDOWS\system32\f36aaa0d-.txt
2009-02-12 17:06:54 ----SHD---- C:\WINDOWS\Installer
2009-02-12 17:05:47 ----HD---- C:\WINDOWS\inf
2009-02-12 17:05:13 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-02-12 17:05:08 ----D---- C:\Program Files\Internet Explorer
2009-02-12 17:03:41 ----D---- C:\WINDOWS\system32\CatRoot
2009-02-12 16:32:08 ----D---- C:\WINDOWS\system32\config
2009-02-12 16:31:36 ----D---- C:\WINDOWS\system32\wbem
2009-02-12 00:02:09 ----HD---- C:\WINDOWS\$hf_mig$
2009-02-12 00:01:31 ----D---- C:\WINDOWS\ie7updates
2009-02-07 14:31:33 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-02-05 15:45:32 ----D---- C:\Documents and Settings\User\Application Data\Mozilla
2009-01-16 21:35:14 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-01-15 19:16:08 ----D---- C:\Program Files\Winamp
2009-01-15 19:15:40 ----D---- C:\Documents and Settings\User\Application Data\Winamp
2009-01-13 19:07:21 ----SD---- C:\Documents and Settings\User\Application Data\Microsoft
2009-01-03 23:11:40 ----D---- C:\Documents and Settings\User\Application Data\Ventrilo
2008-12-31 22:33:49 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-20 18:15:41 ----A---- C:\WINDOWS\system32\wininet.dll
2008-12-20 18:15:40 ----A---- C:\WINDOWS\system32\webcheck.dll
2008-12-20 18:15:40 ----A---- C:\WINDOWS\system32\urlmon.dll
2008-12-20 18:15:39 ----A---- C:\WINDOWS\system32\url.dll
2008-12-20 18:15:38 ----N---- C:\WINDOWS\system32\occache.dll
2008-12-20 18:15:38 ----A---- C:\WINDOWS\system32\pngfilt.dll
2008-12-20 18:15:32 ----N---- C:\WINDOWS\system32\mstime.dll
2008-12-20 18:15:31 ----N---- C:\WINDOWS\system32\msrating.dll
2008-12-20 18:15:30 ----A---- C:\WINDOWS\system32\mshtmled.dll
2008-12-20 18:15:24 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2008-12-20 18:15:23 ----N---- C:\WINDOWS\system32\jsproxy.dll
2008-12-20 18:15:23 ----A---- C:\WINDOWS\system32\msfeeds.dll
2008-12-20 18:15:22 ----A---- C:\WINDOWS\system32\iertutil.dll
2008-12-20 18:15:21 ----N---- C:\WINDOWS\system32\iernonce.dll
2008-12-20 18:15:21 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-12-20 18:15:16 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2008-12-20 18:15:15 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2008-12-20 18:15:14 ----N---- C:\WINDOWS\system32\ieaksie.dll
2008-12-20 18:15:14 ----N---- C:\WINDOWS\system32\ieakeng.dll
2008-12-20 18:15:13 ----N---- C:\WINDOWS\system32\extmgr.dll
2008-12-20 18:15:13 ----A---- C:\WINDOWS\system32\icardie.dll
2008-12-20 18:15:13 ----A---- C:\WINDOWS\system32\dxtrans.dll
2008-12-20 18:15:12 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2008-12-20 18:15:11 ----A---- C:\WINDOWS\system32\advpack.dll
2008-12-19 04:10:15 ----N---- C:\WINDOWS\system32\ie4uinit.exe
2008-12-19 04:10:15 ----A---- C:\WINDOWS\system32\ieudinit.exe
2008-12-19 00:23:56 ----N---- C:\WINDOWS\system32\ieakui.dll
2008-12-14 16:25:58 ----HD---- C:\Documents and Settings\User\Application Data\ijjigame
2008-12-14 16:20:36 ----D---- C:\WINDOWS\WinSxS
2008-12-13 21:15:05 ----D---- C:\Program Files\Diablo II
2008-12-10 22:13:52 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-10 22:10:16 ----D---- C:\Documents and Settings\User\Application Data\BitTorrent
2008-12-10 17:05:36 ----A---- C:\WINDOWS\win.ini
2008-11-30 00:40:20 ----D---- C:\Program Files\SystemRequirementsLab
2008-11-29 23:32:42 ----D---- C:\WINDOWS\system32\DirectX
2008-11-29 23:32:16 ----RSD---- C:\WINDOWS\assembly
2008-11-22 00:26:18 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-09-30 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-09-30 26824]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2009-02-17 101776]
R1 cmdHlp;COMODO Firewall Pro Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2009-02-17 31504]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 NAVAPEL;NAVAPEL; \??\C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPEL.SYS []
R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2007-03-21 37376]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2007-10-09 1123328]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2006-11-21 45568]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-11-02 989696]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-11-02 209152]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2002-09-02 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-08-15 6121504]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2007-05-10 1222840]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-11-02 730112]
S2 npkcrypt;npkcrypt; \??\C:\Nexon\MapleStory\npkcrypt.sys []
S3 aiqdhz5s;aiqdhz5s; C:\WINDOWS\system32\drivers\aiqdhz5s.sys []
S3 ar5hslk1;ar5hslk1; C:\WINDOWS\system32\drivers\ar5hslk1.sys []
S3 DM9USB;DM9601 USB To Fast Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\dm9usb.sys [2002-03-20 21376]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 NAVAP;NAVAP; \??\C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAP.sys []
S3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080912.002\NAVENG.sys []
S3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080912.002\NAVEX15.sys []
S3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 XDva037;XDva037; \??\C:\WINDOWS\system32\XDva037.sys []
S3 XDva064;XDva064; \??\C:\WINDOWS\system32\XDva064.sys []
S3 XDva090;XDva090; \??\C:\WINDOWS\system32\XDva090.sys []
S3 XDva132;XDva132; \??\C:\WINDOWS\system32\XDva132.sys []
S3 XDva143;XDva143; \??\C:\WINDOWS\system32\XDva143.sys []
S3 XDva177;XDva177; \??\C:\WINDOWS\system32\XDva177.sys []
S3 XDva189;XDva189; \??\C:\WINDOWS\system32\XDva189.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-08-11 611664]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-30 231704]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\Firewall\cmdagent.exe [2009-02-17 618232]
R2 DefWatch;DefWatch; C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe [2002-07-30 32768]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-27 168432]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-08-15 163908]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-02-09 66872]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2007-10-09 24064]
S2 Norton AntiVirus Server;Symantec AntiVirus Client; C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe [2002-07-30 573440]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-05-28 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------

RSIT Info.text:




info.txt logfile of random's system information tool 1.05 2009-02-20 19:19:38

======Uninstall list======

-->MsiExec /X{AFD5ED58-271A-4907-96C2-2745C83BB035}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop 7.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
AIM 6-->C:\Program Files\AIM6\uninst.exe
Apple Mobile Device Support-->MsiExec.exe /I{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Broadcom 440x 10/100 Integrated Controller-->MsiExec.exe /X{612B9183-67A9-4B44-9877-2F059E35B86A}
CA eTrust PestPatrol-->MsiExec.exe /X{39586F4F-758D-4A92-A5DF-33E9DB9C09D9}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
COMODO Firewall Pro-->C:\Program Files\COMODO\Firewall\cfpconfg.exe -u
Conexant HDA D330 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F\HXFSETUP.EXE -U -Idel000f5.inf
Counter-Strike-->"C:\Program Files\Steam\steam.exe" steam://uninstall/10
Dell Wireless WLAN Card-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
Diablo II-->C:\WINDOWS\DIIUnin.exe C:\WINDOWS\DIIUnin.dat
DriverAgent by TouchStone Software-->RunDll32.exe advpack.dll,LaunchINFSection driveragent_exe.inf,TVICHW32Remove
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Talk (remove only)-->"C:\Program Files\Google\Google Talk\uninstall.exe"
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Install(US)2-->C:\Program Files\InstallShield Installation Information\{8A4D41F3-3EDA-4DAC-9403-839708EA0667}\setup.exe -runfromtemp -l0x0009 -removeonly
iTunes-->MsiExec.exe /I{3DE0053C-FD9A-483E-B7C9-B06E4392206E}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
LiveUpdate 1.7 (Symantec Corporation)-->C:\Program Files\\Symantec\LiveUpdate\LSETUP.EXE /U
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0-->c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
mIRC-->C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
Mozilla Firefox (3.0.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero Media Player-->C:\WINDOWS\UNNMP.exe /UNINSTALL
Nero OEM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NeroVision Express 2-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
Netflix Movie Viewer-->MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA PhysX v8.08.18-->MsiExec.exe /X{AFD5ED58-271A-4907-96C2-2745C83BB035}
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x9 anything
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
StarCraft-->C:\Program Files\Common Files\Blizzard Entertainment\StarCraft\Uninstall.exe
StealthBot v2.6 Revision 3 (remove only)-->"C:\Program Files\StealthBot\uninst.exe"
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Symantec AntiVirus Client-->MsiExec.exe /X{0EFC6259-3AD8-4CD2-BC57-D4937AF5CC0E}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
TuneXP 1.5-->C:\WINDOWS\iun6002.exe "C:\Program Files\TuneXP\irunin.ini"
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

=====HijackThis Backups=====

O20 - Winlogon Notify: fccywuTN - C:\WINDOWS\
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

======Security center information======

AV: AVG Anti-Virus Free (outdated)
FW: COMODO Firewall

System event log

Computer Name: USER-605848CA00
Event Code: 7035
Message: The IMAPI CD-Burning COM Service service was successfully sent a start control.

Record Number: 18929
Source Name: Service Control Manager
Time Written: 20081222233639.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: USER-605848CA00
Event Code: 7036
Message: The IMAPI CD-Burning COM Service service entered the stopped state.

Record Number: 18928
Source Name: Service Control Manager
Time Written: 20081222231756.000000-300
Event Type: information
User:

Computer Name: USER-605848CA00
Event Code: 7036
Message: The IMAPI CD-Burning COM Service service entered the running state.

Record Number: 18927
Source Name: Service Control Manager
Time Written: 20081222231750.000000-300
Event Type: information
User:

Computer Name: USER-605848CA00
Event Code: 7035
Message: The IMAPI CD-Burning COM Service service was successfully sent a start control.

Record Number: 18926
Source Name: Service Control Manager
Time Written: 20081222231750.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: USER-605848CA00
Event Code: 7036
Message: The IMAPI CD-Burning COM Service service entered the stopped state.

Record Number: 18925
Source Name: Service Control Manager
Time Written: 20081222231704.000000-300
Event Type: information
User:

Application event log

Computer Name: USER-605848CA00
Event Code: 1000
Message: Faulting application Rtvscan.exe, version 8.0.0.9374, faulting module unknown, version 0.0.0.0, fault address 0x0012e482.

Record Number: 3921
Source Name: Application Error
Time Written: 20081005111103.000000-240
Event Type: error
User:

Computer Name: USER-605848CA00
Event Code: 1800
Message: The Windows Security Center Service has started.

Record Number: 3920
Source Name: SecurityCenter
Time Written: 20081005111035.000000-240
Event Type: information
User:

Computer Name: USER-605848CA00
Event Code: 14
Message:


Licence Data is invalid.
Real-Time scanning for viruses has been deactivated.

Record Number: 3919
Source Name: Norton AntiVirus
Time Written: 20081005111021.000000-240
Event Type: information
User:

Computer Name: USER-605848CA00
Event Code: 0
Message:
Record Number: 3918
Source Name: gusvc
Time Written: 20081005111017.000000-240
Event Type: information
User:

Computer Name: USER-605848CA00
Event Code: 1
Message:
Record Number: 3917
Source Name: Bonjour Service
Time Written: 20081005111017.000000-240
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------

gmer.txt file is attached. Thanks for the help!

Attached Files

  • Attached File  gmer.log   109.85KB   2 downloads


#4 coyn3burglar

coyn3burglar
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:03:18 PM

Posted 20 February 2009 - 07:43 PM

I'm sorry I think all the posts somehow combined..

#5 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:04:18 AM

Posted 21 February 2009 - 12:44 AM

IMPORTANT!! Uninstall these programs first (if present..) so that they won't interfere with our fixes..

1. Ask Toolbar
2. Lavasoft Ad-Aware
3. Spybot - Search & Destroy
4. Viewpoint (all of them..)




Please re-open HijackThis and click on Do a system scan only. Check the boxes next to all the entries listed below.

O4 - HKUS\S-1-5-19\..\Run: [vivohikafe] Rundll32.exe "C:\WINDOWS\system32\dowosiki.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [vivohikafe] Rundll32.exe "C:\WINDOWS\system32\dowosiki.dll",s (User 'NETWORK SERVICE')


Now close all windows other than HijackThis, then click Fix checked. Close HijackThis.




NEXT


Please download the OTMoveIt3 by OldTimer
  • Save it to your Desktop.
  • Please double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Let the Unregister Dll's and Ocx's remain ticked and Zip Files After Moves remain unticked..
  • Copy the codebox contents and paste it to the "Paste List of Files/Folders to Move" window (under the light Yellow bar)

    :processes
    explorer.exe
    
    :services
    
    :files
    C:\WINDOWS\system32\dowosiki.dll
    c:\windows\system32\hivofupi.dll
    c:\windows\system32\kgtcih.dll 
    C:\WINDOWS\system32\opnkllLE.dll.vir
    C:\WINDOWS\system32\f36aaa0d-.txt
    
    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS"=""
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
    
    :commands
    [purity]
    [emptytemp]
    [start explorer]
    [reboot]
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Run RSIT again... Post these logs in your next reply..

1. OTMoveIt3
2. RSIT log.txt

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#6 coyn3burglar

coyn3burglar
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:03:18 PM

Posted 22 February 2009 - 05:05 PM

OTMOVEIT LOG:


========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== FILES ==========
File/Folder C:\WINDOWS\system32\dowosiki.dll not found.
File/Folder c:\windows\system32\hivofupi.dll not found.
File/Folder c:\windows\system32\kgtcih.dll not found.
C:\WINDOWS\system32\opnkllLE.dll.vir moved successfully.
C:\WINDOWS\system32\f36aaa0d-.txt moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_DLLS"|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\"Authentication Packages"|hex(7):6d,73,76,31,5f,30,00,00 /E : value set successfully!
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\User\LOCALS~1\Temp\etilqs_EBTDefEh9WajUHm9r1jB scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\User\LOCALS~1\Temp\Perflib_Perfdata_f20.dat scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\6d36xtix.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\6d36xtix.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\6d36xtix.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\6d36xtix.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\6d36xtix.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\6d36xtix.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02222009_165732

Files moved on Reboot...
File C:\DOCUME~1\User\LOCALS~1\Temp\etilqs_EBTDefEh9WajUHm9r1jB not found!
File C:\DOCUME~1\User\LOCALS~1\Temp\Perflib_Perfdata_f20.dat not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\6d36xtix.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\6d36xtix.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\6d36xtix.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\6d36xtix.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\6d36xtix.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\6d36xtix.default\XUL.mfl moved successfully.


RSIT LOG: Thanks for everything!


Logfile of random's system information tool 1.05 (written by random/random)
Run by User at 2009-02-22 17:04:16
Microsoft Windows XP Professional Service Pack 3
System drive C: has 94 GB (63%) free of 150 GB
Total RAM: 1022 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:04:28 PM, on 2/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\program files\steam\steam.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\User\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\User.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\User\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1198356628938
O16 - DPF: {C9A2CBF3-B7F9-463E-A690-82CC077DCFC6} (ZemiDetectHardware Control) - http://www.4story.com/Active_X/ZemiDetectHardware.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 7140 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-09-30 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-27 652784]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"nwiz"=nwiz.exe /install []
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"COMODO Firewall Pro"=C:\Program Files\COMODO\Firewall\cfp.exe [2009-02-17 1797880]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-11-29 1261336]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-08-15 13570048]
"COMODO Internet Security"=C:\Program Files\COMODO\Firewall\cfp.exe [2009-02-17 1797880]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-08-08 490952]
"Aim6"= []
"Steam"=c:\program files\steam\steam.exe [2009-01-08 1410296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /installquiet []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2002-07-30 45056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Steam\steamapps\koreathebest\counter-strike\hl.exe"="C:\Program Files\Steam\steamapps\koreathebest\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Steam\steamapps\koreathebest\half-life\hl.exe"="C:\Program Files\Steam\steamapps\koreathebest\half-life\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Steam\steamapps\koreathebest\day of defeat\hl.exe"="C:\Program Files\Steam\steamapps\koreathebest\day of defeat\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Steam\steamapps\koreathebest\half-life blue shift\hl.exe"="C:\Program Files\Steam\steamapps\koreathebest\half-life blue shift\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe"="C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Diablo II\Diablo II.exe"="C:\Program Files\Diablo II\Diablo II.exe:*:Enabled:Diablo II - Lord of Destruction"
"C:\Program Files\Ventrilo\Ventrilo.exe"="C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe"
"C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\Program Files\AVG\AVG8\avgrsx.exe"="C:\Program Files\AVG\AVG8\avgrsx.exe:*:Enabled:avgrsx"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 3 months======

2009-02-22 16:57:32 ----D---- C:\_OTMoveIt
2009-02-20 19:20:41 ----A---- C:\WINDOWS\gmer.ini
2009-02-20 19:20:40 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2009-02-20 19:20:40 ----A---- C:\WINDOWS\gmer.exe
2009-02-20 19:20:40 ----A---- C:\WINDOWS\gmer.dll
2009-02-20 19:19:20 ----D---- C:\rsit
2009-02-20 18:09:15 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-02-12 16:45:29 ----A---- C:\FragHYPE Updater.exe
2009-02-12 16:45:15 ----A---- C:\FragHYPE Client.exe
2009-02-12 16:27:36 ----D---- C:\Config.Msi
2009-02-07 14:13:23 ----D---- C:\Program Files\Fraps
2009-02-07 14:10:25 ----D---- C:\Program Files\HELP
2009-01-14 17:16:01 ----A---- C:\Program Files\FragHYPE Updater.exe
2009-01-14 17:15:48 ----A---- C:\Program Files\FragHYPE Client.exe
2009-01-11 23:19:52 ----D---- C:\Program Files\mIRC
2009-01-11 23:19:52 ----D---- C:\Documents and Settings\User\Application Data\mIRC
2009-01-08 18:49:16 ----D---- C:\Program Files\Steam
2009-01-03 08:21:46 ----A---- C:\Program Files\changes.txt
2008-12-31 22:34:09 ----D---- C:\Program Files\Ventrilo
2008-12-31 22:33:58 ----A---- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2008-12-19 00:13:52 ----D---- C:\Documents and Settings\All Users\Application Data\2DBoy
2008-12-19 00:13:29 ----D---- C:\Program Files\WorldOfGooDemo
2008-12-15 15:41:51 ----D---- C:\CrashReport
2008-12-14 17:46:47 ----D---- C:\Program Files\Pando Networks
2008-12-13 22:10:24 ----D---- C:\Program Files\GameSpy Arcade
2008-12-13 22:10:14 ----D---- C:\Program Files\MSXML 4.0
2008-12-12 16:29:13 ----D---- C:\Documents and Settings\User\Application Data\NPLUTO Corporation
2008-11-30 13:59:45 ----D---- C:\Documents and Settings\User\Application Data\fizzy
2008-11-30 13:59:37 ----SHD---- C:\WINDOWS\ftpcache
2008-11-30 00:39:22 ----D---- C:\Documents and Settings\User\Application Data\SystemRequirementsLab
2008-11-23 21:53:28 ----A---- C:\WINDOWS\clientshell.INI

======List of files/folders modified in the last 3 months======

2009-02-22 17:04:28 ----D---- C:\WINDOWS\temp
2009-02-22 17:01:31 ----D---- C:\Program Files\Mozilla Firefox
2009-02-22 17:01:06 ----D---- C:\WINDOWS\Prefetch
2009-02-22 16:59:58 ----D---- C:\WINDOWS
2009-02-22 16:58:31 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-22 16:58:30 ----D---- C:\WINDOWS\system32\CatRoot2
2009-02-22 16:57:40 ----D---- C:\WINDOWS\system32
2009-02-22 16:54:01 ----SHD---- C:\WINDOWS\Installer
2009-02-22 16:54:01 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-02-22 16:53:55 ----D---- C:\WINDOWS\system32\drivers
2009-02-22 16:53:05 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-02-22 16:53:03 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-22 13:12:16 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-02-21 21:08:10 ----HD---- C:\WINDOWS\inf
2009-02-21 17:02:32 ----HD---- C:\$AVG8.VAULT$
2009-02-21 11:12:42 ----D---- C:\WINDOWS\system32\LogFiles
2009-02-20 19:14:55 ----RD---- C:\Program Files
2009-02-20 15:44:00 ----A---- C:\WINDOWS\NeroDigital.ini
2009-02-19 15:48:40 ----A---- C:\WINDOWS\wininit.ini
2009-02-17 19:51:51 ----A---- C:\WINDOWS\system32\guard32.dll
2009-02-17 19:49:14 ----D---- C:\WINDOWS\Debug
2009-02-17 18:27:59 ----SD---- C:\WINDOWS\Tasks
2009-02-16 12:55:57 ----D---- C:\WINDOWS\Registration
2009-02-12 17:05:13 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-02-12 17:05:08 ----D---- C:\Program Files\Internet Explorer
2009-02-12 17:03:41 ----D---- C:\WINDOWS\system32\CatRoot
2009-02-12 16:32:08 ----D---- C:\WINDOWS\system32\config
2009-02-12 16:31:36 ----D---- C:\WINDOWS\system32\wbem
2009-02-12 00:02:09 ----HD---- C:\WINDOWS\$hf_mig$
2009-02-12 00:01:31 ----D---- C:\WINDOWS\ie7updates
2009-02-07 14:31:33 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-02-05 15:45:32 ----D---- C:\Documents and Settings\User\Application Data\Mozilla
2009-01-16 21:35:14 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-01-15 19:16:08 ----D---- C:\Program Files\Winamp
2009-01-15 19:15:40 ----D---- C:\Documents and Settings\User\Application Data\Winamp
2009-01-13 19:07:21 ----SD---- C:\Documents and Settings\User\Application Data\Microsoft
2009-01-03 23:11:40 ----D---- C:\Documents and Settings\User\Application Data\Ventrilo
2008-12-20 18:15:41 ----A---- C:\WINDOWS\system32\wininet.dll
2008-12-20 18:15:40 ----A---- C:\WINDOWS\system32\webcheck.dll
2008-12-20 18:15:40 ----A---- C:\WINDOWS\system32\urlmon.dll
2008-12-20 18:15:39 ----A---- C:\WINDOWS\system32\url.dll
2008-12-20 18:15:38 ----N---- C:\WINDOWS\system32\occache.dll
2008-12-20 18:15:38 ----A---- C:\WINDOWS\system32\pngfilt.dll
2008-12-20 18:15:32 ----N---- C:\WINDOWS\system32\mstime.dll
2008-12-20 18:15:31 ----N---- C:\WINDOWS\system32\msrating.dll
2008-12-20 18:15:30 ----A---- C:\WINDOWS\system32\mshtmled.dll
2008-12-20 18:15:24 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2008-12-20 18:15:23 ----N---- C:\WINDOWS\system32\jsproxy.dll
2008-12-20 18:15:23 ----A---- C:\WINDOWS\system32\msfeeds.dll
2008-12-20 18:15:22 ----A---- C:\WINDOWS\system32\iertutil.dll
2008-12-20 18:15:21 ----N---- C:\WINDOWS\system32\iernonce.dll
2008-12-20 18:15:21 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-12-20 18:15:16 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2008-12-20 18:15:15 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2008-12-20 18:15:14 ----N---- C:\WINDOWS\system32\ieaksie.dll
2008-12-20 18:15:14 ----N---- C:\WINDOWS\system32\ieakeng.dll
2008-12-20 18:15:13 ----N---- C:\WINDOWS\system32\extmgr.dll
2008-12-20 18:15:13 ----A---- C:\WINDOWS\system32\icardie.dll
2008-12-20 18:15:13 ----A---- C:\WINDOWS\system32\dxtrans.dll
2008-12-20 18:15:12 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2008-12-20 18:15:11 ----A---- C:\WINDOWS\system32\advpack.dll
2008-12-19 04:10:15 ----N---- C:\WINDOWS\system32\ie4uinit.exe
2008-12-19 04:10:15 ----A---- C:\WINDOWS\system32\ieudinit.exe
2008-12-19 00:23:56 ----N---- C:\WINDOWS\system32\ieakui.dll
2008-12-14 16:25:58 ----HD---- C:\Documents and Settings\User\Application Data\ijjigame
2008-12-14 16:20:36 ----D---- C:\WINDOWS\WinSxS
2008-12-13 21:15:05 ----D---- C:\Program Files\Diablo II
2008-12-10 22:13:52 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-10 22:10:16 ----D---- C:\Documents and Settings\User\Application Data\BitTorrent
2008-12-10 17:05:36 ----A---- C:\WINDOWS\win.ini
2008-11-30 00:40:20 ----D---- C:\Program Files\SystemRequirementsLab
2008-11-29 23:32:42 ----D---- C:\WINDOWS\system32\DirectX
2008-11-29 23:32:16 ----RSD---- C:\WINDOWS\assembly

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-09-30 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-09-30 26824]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2009-02-17 101776]
R1 cmdHlp;COMODO Firewall Pro Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2009-02-17 31504]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 NAVAPEL;NAVAPEL; \??\C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPEL.SYS []
R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2007-03-21 37376]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2007-10-09 1123328]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2006-11-21 45568]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-11-02 989696]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-11-02 209152]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2002-09-02 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-08-15 6121504]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2007-05-10 1222840]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-11-02 730112]
S2 npkcrypt;npkcrypt; \??\C:\Nexon\MapleStory\npkcrypt.sys []
S3 an7kt2uc;an7kt2uc; C:\WINDOWS\system32\drivers\an7kt2uc.sys []
S3 az9jfq0v;az9jfq0v; C:\WINDOWS\system32\drivers\az9jfq0v.sys []
S3 DM9USB;DM9601 USB To Fast Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\dm9usb.sys [2002-03-20 21376]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2009-02-20 85969]
S3 NAVAP;NAVAP; \??\C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAP.sys []
S3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080912.002\NAVENG.sys []
S3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080912.002\NAVEX15.sys []
S3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 XDva037;XDva037; \??\C:\WINDOWS\system32\XDva037.sys []
S3 XDva064;XDva064; \??\C:\WINDOWS\system32\XDva064.sys []
S3 XDva090;XDva090; \??\C:\WINDOWS\system32\XDva090.sys []
S3 XDva132;XDva132; \??\C:\WINDOWS\system32\XDva132.sys []
S3 XDva143;XDva143; \??\C:\WINDOWS\system32\XDva143.sys []
S3 XDva177;XDva177; \??\C:\WINDOWS\system32\XDva177.sys []
S3 XDva189;XDva189; \??\C:\WINDOWS\system32\XDva189.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-30 231704]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\Firewall\cmdagent.exe [2009-02-17 618232]
R2 DefWatch;DefWatch; C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe [2002-07-30 32768]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-27 168432]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-08-15 163908]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-02-09 66872]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2007-10-09 24064]
S2 Norton AntiVirus Server;Symantec AntiVirus Client; C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe [2002-07-30 573440]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-05-28 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------

#7 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:04:18 AM

Posted 23 February 2009 - 09:46 AM

Note: BitDefender Online Scan can only be used with Internet Explorer..

Lets do an online scan with BitDefender Online Scanner
  • Click on I Agree
  • Please install the Add-ons if requested
  • Click on Start Scan
  • Let it update its virus definition.. It will then automatically scan all your files and folders..
  • If infections found, it will attempt to disinfect/delete the infection..
  • After the scan finish, click on More Detail >>
  • Go to Detected Problems tab and click on Click here to export the scan report
  • Save the report as result.html on your Desktop. Copy the whole content of result.html and paste it in Notepad
  • Save the result in the Notepad and post the contents here in your next reply


How's the computer now? :thumbup2:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#8 coyn3burglar

coyn3burglar
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:03:18 PM

Posted 24 February 2009 - 11:23 PM

The computer's great!

Here's the results:


BitDefender Online Scanner







Scan report generated at: Mon, Feb 23, 2009 - 20:36:55









Scan path: C:\;D:\;E:\;F:\;















Statistics

Time


01:35:55

Files


284288

Folders


7806

Boot Sectors


0

Archives


8882

Packed Files


19748







Results

Identified Viruses


10

Infected Files


55

Suspect Files


0

Warnings


0

Disinfected


0

Deleted Files


106







Engines Info

Virus Definitions


2682521

Engine build


AVCORE v1.7 (build 8314.19) (i386) (Sep 29 2008 17:19:14)

Scan plugins


17

Archive plugins


45

Unpack plugins


7

E-mail plugins


6

System plugins


4







Scan Settings

First Action


Disinfect

Second Action


Delete

Heuristics


Yes

Enable Warnings


Yes

Scanned Extensions


*;

Exclude Extensions




Scan Emails


Yes

Scan Archives


Yes

Scan Packed


Yes

Scan Files


Yes

Scan Boot


Yes








Scanned File


Status

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00DC0000.VBN=>(Quarantine-PE)


Infected with: Trojan.Crypt.EQ

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00DC0000.VBN=>(Quarantine-PE)


Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00DC0000.VBN=>(Quarantine-PE)


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00DC0000.VBN


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00E80000.VBN=>(Quarantine-PE)


Infected with: Trojan.Kobcka.FB

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00E80000.VBN=>(Quarantine-PE)


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00E80000.VBN


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00E80001.VBN=>(Quarantine-PE)


Infected with: Trojan.Dropper.Kobcka.EN

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00E80001.VBN=>(Quarantine-PE)


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00E80001.VBN


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00E80002.VBN=>(Quarantine-PE)


Infected with: Trojan.Crypt.EQ

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00E80002.VBN=>(Quarantine-PE)


Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00E80002.VBN=>(Quarantine-PE)


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00E80002.VBN


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00E80003.VBN=>(Quarantine-PE)


Infected with: Trojan.Crypt.EQ

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00E80003.VBN=>(Quarantine-PE)


Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00E80003.VBN=>(Quarantine-PE)


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00E80003.VBN


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01340000.VBN=>(Quarantine-PE)


Infected with: Trojan.Dropper.Kobcka.EN

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01340000.VBN=>(Quarantine-PE)


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01340000.VBN


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01C80000.VBN=>(Quarantine-PE)


Infected with: Trojan.Crypt.EQ

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01C80000.VBN=>(Quarantine-PE)


Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01C80000.VBN=>(Quarantine-PE)


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01C80000.VBN


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01DC0000.VBN=>(Quarantine-PE)


Infected with: Trojan.Kobcka.FB

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01DC0000.VBN=>(Quarantine-PE)


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01DC0000.VBN


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09180000.VBN=>(Quarantine-PE)


Infected with: Trojan.Kobcka.FB

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09180000.VBN=>(Quarantine-PE)


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09180000.VBN


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\091C0000.VBN=>(Quarantine-PE)


Infected with: Trojan.Kobcka.FB

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\091C0000.VBN=>(Quarantine-PE)


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\091C0000.VBN


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\091C0001.VBN=>(Quarantine-PE)


Infected with: Trojan.Kobcka.FB

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\091C0001.VBN=>(Quarantine-PE)


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\091C0001.VBN


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\093C0000.VBN=>(Quarantine-PE)


Infected with: Trojan.Kobcka.FB

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\093C0000.VBN=>(Quarantine-PE)


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\093C0000.VBN


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09E80000.VBN=>(Quarantine-PE)


Infected with: Trojan.Crypt.EQ

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09E80000.VBN=>(Quarantine-PE)


Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09E80000.VBN=>(Quarantine-PE)


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09E80000.VBN


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09E80001.VBN=>(Quarantine-PE)


Infected with: Trojan.Dropper.Kobcka.EN

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09E80001.VBN=>(Quarantine-PE)


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09E80001.VBN


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A040001.VBN=>(Quarantine-PE)


Infected with: Trojan.Dropper.Kobcka.EN

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A040001.VBN=>(Quarantine-PE)


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A040001.VBN


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A040002.VBN=>(Quarantine-PE)


Infected with: Trojan.Dropper.Kobcka.EN

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A040002.VBN=>(Quarantine-PE)


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A040002.VBN


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A040003.VBN=>(Quarantine-PE)


Infected with: Trojan.Dropper.Kobcka.EN

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A040003.VBN=>(Quarantine-PE)


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A040003.VBN


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A0C0000.VBN=>(Quarantine-PE)


Infected with: Trojan.Crypt.EQ

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A0C0000.VBN=>(Quarantine-PE)


Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A0C0000.VBN=>(Quarantine-PE)


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A0C0000.VBN


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A0C0001.VBN=>(Quarantine-PE)


Infected with: Trojan.Dropper.Kobcka.EN

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A0C0001.VBN=>(Quarantine-PE)


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A0C0001.VBN


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A100000.VBN=>(Quarantine-PE)


Infected with: Trojan.Crypt.EQ

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A100000.VBN=>(Quarantine-PE)


Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A100000.VBN=>(Quarantine-PE)


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A100000.VBN


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A100001.VBN=>(Quarantine-PE)


Infected with: Trojan.Dropper.Kobcka.EN

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A100001.VBN=>(Quarantine-PE)


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A100001.VBN


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A140000.VBN=>(Quarantine-PE)


Infected with: Trojan.Crypt.EQ

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A140000.VBN=>(Quarantine-PE)


Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A140000.VBN=>(Quarantine-PE)


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A140000.VBN


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B000000.VBN=>(Quarantine-PE)


Infected with: Trojan.FakeAlert.Gen.2

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B000000.VBN=>(Quarantine-PE)


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B000000.VBN


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B040000.VBN=>(Quarantine-PE)


Infected with: Trojan.FakeAlert.Gen.2

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B040000.VBN=>(Quarantine-PE)


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B040000.VBN


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B7C0000.VBN=>(Quarantine-PE)


Infected with: Trojan.Crypt.EQ

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B7C0000.VBN=>(Quarantine-PE)


Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B7C0000.VBN=>(Quarantine-PE)


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B7C0000.VBN


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B7C0001.VBN=>(Quarantine-PE)


Infected with: Trojan.Downloader.Matcash.V

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B7C0001.VBN=>(Quarantine-PE)


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B7C0001.VBN


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B7C0002.VBN=>(Quarantine-PE)


Infected with: Trojan.Crypt.EQ

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B7C0002.VBN=>(Quarantine-PE)


Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B7C0002.VBN=>(Quarantine-PE)


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B7C0002.VBN


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B7C0003.VBN=>(Quarantine-PE)


Infected with: Trojan.Crypt.EQ

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B7C0003.VBN=>(Quarantine-PE)


Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B7C0003.VBN=>(Quarantine-PE)


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B7C0003.VBN


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B800000.VBN=>(Quarantine-PE)


Infected with: Trojan.Downloader.Matcash.V

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B800000.VBN=>(Quarantine-PE)


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B800000.VBN


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B800001.VBN=>(Quarantine-PE)


Infected with: Trojan.Crypt.EQ

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B800001.VBN=>(Quarantine-PE)


Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B800001.VBN=>(Quarantine-PE)


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B800001.VBN


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B840000.VBN=>(Quarantine-PE)


Infected with: Packer.RLPack.D

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B840000.VBN=>(Quarantine-PE)


Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B840000.VBN=>(Quarantine-PE)


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B840000.VBN


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B840001.VBN=>(Quarantine-PE)


Infected with: Trojan.Crypt.EQ

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B840001.VBN=>(Quarantine-PE)


Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B840001.VBN=>(Quarantine-PE)


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B840001.VBN


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B840002.VBN=>(Quarantine-PE)


Infected with: Trojan.Crypt.EQ

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B840002.VBN=>(Quarantine-PE)


Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B840002.VBN=>(Quarantine-PE)


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B840002.VBN


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B880000.VBN=>(Quarantine-PE)


Infected with: Trojan.Dropper.SHL

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B880000.VBN=>(Quarantine-PE)


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B880000.VBN


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B880001.VBN=>(Quarantine-PE)


Infected with: Packer.RLPack.D

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B880001.VBN=>(Quarantine-PE)


Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B880001.VBN=>(Quarantine-PE)


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B880001.VBN


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B880002.VBN=>(Quarantine-PE)


Infected with: Trojan.Crypt.EQ

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B880002.VBN=>(Quarantine-PE)


Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B880002.VBN=>(Quarantine-PE)


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B880002.VBN


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B8C0000.VBN=>(Quarantine-PE)


Infected with: Trojan.Dropper.SHL

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B8C0000.VBN=>(Quarantine-PE)


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B8C0000.VBN


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B900000.VBN=>(Quarantine-PE)


Infected with: Trojan.Dropper.SHL

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B900000.VBN=>(Quarantine-PE)


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B900000.VBN


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B900001.VBN=>(Quarantine-PE)


Infected with: Trojan.Dropper.Kobcka.EN

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B900001.VBN=>(Quarantine-PE)


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B900001.VBN


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B940000.VBN=>(Quarantine-PE)


Infected with: Trojan.Kobcka.FB

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B940000.VBN=>(Quarantine-PE)


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B940000.VBN


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B940001.VBN=>(Quarantine-PE)


Infected with: Trojan.Crypt.EQ

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B940001.VBN=>(Quarantine-PE)


Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B940001.VBN=>(Quarantine-PE)


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B940001.VBN


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B980000.VBN=>(Quarantine-PE)


Infected with: Trojan.Crypt.EQ

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B980000.VBN=>(Quarantine-PE)


Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B980000.VBN=>(Quarantine-PE)


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B980000.VBN


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BA00000.VBN=>(Quarantine-PE)


Infected with: Trojan.Dropper.SHL

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BA00000.VBN=>(Quarantine-PE)


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BA00000.VBN


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BA00001.VBN=>(Quarantine-PE)


Infected with: Trojan.Crypt.EQ

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BA00001.VBN=>(Quarantine-PE)


Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BA00001.VBN=>(Quarantine-PE)


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BA00001.VBN


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BA00002.VBN=>(Quarantine-PE)


Infected with: Trojan.Crypt.EQ

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BA00002.VBN=>(Quarantine-PE)


Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BA00002.VBN=>(Quarantine-PE)


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BA00002.VBN


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C400000.VBN=>(Quarantine-PE)


Infected with: Trojan.Crypt.EQ

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C400000.VBN=>(Quarantine-PE)


Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C400000.VBN=>(Quarantine-PE)


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C400000.VBN


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E240000.VBN=>(Quarantine-PE)


Infected with: Trojan.Crypt.EQ

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E240000.VBN=>(Quarantine-PE)


Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E240000.VBN=>(Quarantine-PE)


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E240000.VBN


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E280000.VBN=>(Quarantine-PE)


Infected with: Trojan.Crypt.EQ

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E280000.VBN=>(Quarantine-PE)


Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E280000.VBN=>(Quarantine-PE)


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E280000.VBN


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E2C0000.VBN=>(Quarantine-PE)


Infected with: Trojan.Crypt.EQ

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E2C0000.VBN=>(Quarantine-PE)


Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E2C0000.VBN=>(Quarantine-PE)


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E2C0000.VBN


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E2C0001.VBN=>(Quarantine-PE)


Infected with: Trojan.Crypt.EQ

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E2C0001.VBN=>(Quarantine-PE)


Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E2C0001.VBN=>(Quarantine-PE)


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E2C0001.VBN


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E340000.VBN=>(Quarantine-PE)


Infected with: Trojan.Crypt.EQ

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E340000.VBN=>(Quarantine-PE)


Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E340000.VBN=>(Quarantine-PE)


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E340000.VBN


Deleted

C:\System Volume Information\_restore{165B609F-4A18-44E8-B52B-DF8B19D66863}\RP138\A0067243.dll


Infected with: Gen:Trojan.Heur.564E44

C:\System Volume Information\_restore{165B609F-4A18-44E8-B52B-DF8B19D66863}\RP138\A0067243.dll


Disinfection failed

C:\System Volume Information\_restore{165B609F-4A18-44E8-B52B-DF8B19D66863}\RP138\A0067243.dll


Deleted

C:\System Volume Information\_restore{165B609F-4A18-44E8-B52B-DF8B19D66863}\RP142\A0068737.dll


Infected with: Trojan.Vundo.GIB

C:\System Volume Information\_restore{165B609F-4A18-44E8-B52B-DF8B19D66863}\RP142\A0068737.dll


Disinfection failed

C:\System Volume Information\_restore{165B609F-4A18-44E8-B52B-DF8B19D66863}\RP142\A0068737.dll


Deleted

C:\System Volume Information\_restore{165B609F-4A18-44E8-B52B-DF8B19D66863}\RP77\A0037645.exe


Infected with: Trojan.Packed.33571

C:\System Volume Information\_restore{165B609F-4A18-44E8-B52B-DF8B19D66863}\RP77\A0037645.exe


Deleted

C:\_OTMoveIt\MovedFiles\02222009_165732\WINDOWS\system32\opnkllLE.dll.vir


Infected with: Gen:Trojan.Heur.564E44

C:\_OTMoveIt\MovedFiles\02222009_165732\WINDOWS\system32\opnkllLE.dll.vir


Disinfection failed

C:\_OTMoveIt\MovedFiles\02222009_165732\WINDOWS\system32\opnkllLE.dll.vir


Deleted





Thanks!

#9 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:04:18 AM

Posted 25 February 2009 - 06:16 AM

Looks good to me.. Lets do some cleanup...


Please download OTCleanIt and save it to Desktop.
  • Make sure you have internet connection..
  • Double-click OTCleanIt.exe
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes



Let's clean your Restore Points and set a new one:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous Restore Points which are likely to be infected)
To create a new Restore Point.
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • Check Turn off System Restore.
  • Click Apply, and then click OK. This will flush your old System Restore.
  • Then please UNCHECK the Turn off System Restore.
  • Click again on Apply, and then click OK. This will create a new Restore Point
System Restore will now be active again

If you are using Windows Vista, please go HERE for tutorial on how to use, disable and enable System Restore

Then please create a fresh Restore Point... Please visit this webpage if you do not know how..

If you are using Windows Vista, please visit this webpage for more information.





Please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware



Read these links about safe internet surfing..

http://www.pcpitstop.com/spycheck/safesurfing.asp
http://bluefive.pair.com/practice_safe_surfing.htm



Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :thumbup2:



Have a safe and happy computing day!


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users