Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with some kind of rogue program


  • This topic is locked This topic is locked
11 replies to this topic

#1 Darkumas

Darkumas

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 08 April 2009 - 04:53 PM

I have been infected with some rogue programs, I tried to remove it with MBAM but on restart I kep getting errors and the the virus came back. Below are the RSIT logs. Please help.

Logfile of random's system information tool 1.06 (written by random/random)
Run by Debbie at 2009-04-08 17:50:07
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 52 GB (72%) free of 73 GB
Total RAM: 958 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:50:22 PM, on 4/8/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\SecureExpertCleaner\Reminder.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\eFax Messenger 4.3\J2GTray.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
c:\progra~1\common~1\instal~1\update~1\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Debbie\Desktop\RSIT.exe
C:\Program Files\trend micro\Debbie.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070712
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070712
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: 82.98.231.89 browser-security.microsoft.com
O1 - Hosts: 82.98.231.89 best-click-scanner.info
O1 - Hosts: 82.98.231.89 antivirus-xp-pro-2009.com
O1 - Hosts: 82.98.231.89 microsoft.infosecuritycenter.com
O1 - Hosts: 82.98.231.89 microsoft.softwaresecurityhelp.com
O1 - Hosts: 82.98.231.89 onlinenotifyq.net
O1 - Hosts: 82.98.231.89 antivirusxp-pro-2009.com
O1 - Hosts: 82.98.231.89 microsoft.browser-security-center.com
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {655dfc8e-15fc-46a6-bbe3-7df88e7f5d79} - C:\WINDOWS\system32\bovupona.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - C:\Program Files\Webshots\WSToolbar4IE.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [eFax 4.3] "C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpywareRemover2009] C:\Program Files\SpywareRemover2009\SR.exe
O4 - HKLM\..\Run: [Jwojuket] rundll32.exe "C:\WINDOWS\orilatiwojili.dll",e
O4 - HKLM\..\Run: [SecureExpertCleaner] C:\Program Files\SecureExpertCleaner\sec.exe
O4 - HKLM\..\Run: [Reminder] C:\Program Files\SecureExpertCleaner\Reminder.exe
O4 - HKLM\..\Run: [f85b6f9f] rundll32.exe "C:\WINDOWS\system32\kipelebi.dll",b
O4 - HKLM\..\Run: [duzetizoka] Rundll32.exe "C:\WINDOWS\system32\wezatugi.dll",s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: eFax 4.3.lnk = C:\Program Files\eFax Messenger 4.3\J2GTray.exe
O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL c:\windows\system32\tiyupotu.dll C:\WINDOWS\system32\gipirego.dll ,C:\WINDOWS\system32\basirani.dll,C:\WINDOWS\system32\wezatugi.dll,C:\WINDOWS\system32\junugudu.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

--
End of file - 12374 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-05-15 817936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-02-09 1078552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2007-12-12 222448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-09-08 110652]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{655dfc8e-15fc-46a6-bbe3-7df88e7f5d79}]
C:\WINDOWS\system32\bovupona.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 184423]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2009-02-09 1968920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-03-12 251504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2009-03-12 657904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b0cda128-b425-4eef-a174-61a11ac5dbf8}]
AIM Toolbar Loader - C:\Program Files\AIM Toolbar\aimtb.dll [2008-10-07 1275176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2009-03-12 522224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\Program Files\BAE\BAE.dll [2006-12-08 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{C17590D2-ECB4-4b15-8820-F58798DCC118} - Webshots Toolbar - C:\Program Files\Webshots\WSToolbar4IE.dll [2007-10-29 176128]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2009-02-09 1968920]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-05-15 817936]
{61539ecd-cc67-4437-a03c-9aaccbd14326} - AIM Toolbar - C:\Program Files\AIM Toolbar\aimtb.dll [2008-10-07 1275176]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-03-12 251504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-08-23 7630848]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-08-23 86016]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe [2005-11-10 36975]
"DMXLauncher"=C:\Program Files\Dell\Media Experience\DMXLauncher.exe [2005-10-05 94208]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-08-15 282624]
"RealTray"=C:\Program Files\Real\RealPlayer\RealPlay.exe [2007-07-12 26112]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-09-08 122940]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-07-27 81920]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2007-07-12 169984]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
"eFax 4.3"=C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe [2007-03-06 116224]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-02-09 1601304]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-03-06 177472]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-03-12 342312]
"SpywareRemover2009"=C:\Program Files\SpywareRemover2009\SR.exe [2009-03-30 1703936]
"Jwojuket"=C:\WINDOWS\orilatiwojili.dll [2007-03-08 155136]
"SecureExpertCleaner"=C:\Program Files\SecureExpertCleaner\sec.exe [2009-03-26 1617920]
"Reminder"=C:\Program Files\SecureExpertCleaner\Reminder.exe [2009-03-26 481280]
"f85b6f9f"=C:\WINDOWS\system32\kipelebi.dll,b []
"duzetizoka"=C:\WINDOWS\system32\wezatugi.dll,s []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-01-06 68856]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"Yahoo! Pager"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2007-08-30 4670704]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
eFax 4.3.lnk - C:\Program Files\eFax Messenger 4.3\J2GTray.exe

C:\Documents and Settings\Debbie\Start Menu\Programs\Startup
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL c:\windows\system32\tiyupotu.dll C:\WINDOWS\system32\gipirego.dll ,C:\WINDOWS\system32\basirani.dll,C:\WINDOWS\system32\wezatugi.dll,C:\WINDOWS\system32\junugudu.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-02-09 10520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\WINDOWS\system32\gipirego.dll
plndmsi.dll
C:\WINDOWS\system32\basirani.dll
C:\WINDOWS\system32\wezatugi.dll
C:\WINDOWS\system32\junugudu.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Disabled:AOL"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Tencent\QQ Games\QQGames.exe"="C:\Program Files\Tencent\QQ Games\QQGames.exe:*:Enabled:QQ Games"
"C:\Program Files\Tencent\QQ Games\QQGamesD.exe"="C:\Program Files\Tencent\QQ Games\QQGamesD.exe:*:Enabled:QQ Games Downloader"
"C:\Program Files\Tencent\QQ Games\Update\Update.exe"="C:\Program Files\Tencent\QQ Games\Update\Update.exe:*:Enabled:QQ Games Updater"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe"="C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe:*:Enabled:WUSB54GC"
"C:\Program Files\AIM6\aolsoftware.exe"="C:\Program Files\AIM6\aolsoftware.exe:*:Enabled:aolsoftware"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ebd30d1c-4926-11dd-92db-00038a000015}]
shell\AutoRun\command - E:\setupSNK.exe


======File associations======

.reg - open - regedit.exe "%1" %*
.scr - open - "%1" %*

======List of files/folders created in the last 3 months======

65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\pihuyeha.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\lavejipu.dll.tmp
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\keyelibi.dll.tmp
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\hulawira.dll.tmp
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\gipirego.dll.tmp
65535-65535-31889 1707:31889:1771 ----A---- C:\WINDOWS\system32\rozumede.dll.tmp
65535-65535-31889 1707:31889:1771 ----A---- C:\WINDOWS\system32\gagekije.dll.tmp
2009-04-08 17:50:09 ----D---- C:\Program Files\trend micro
2009-04-08 17:50:07 ----D---- C:\rsit
2009-04-08 17:33:40 ----D---- C:\Documents and Settings\All Users\Application Data\SEC
2009-04-08 10:57:00 ----SH---- C:\WINDOWS\system32\upefohes.ini
2009-04-08 10:11:54 ----SH---- C:\WINDOWS\system32\ezigafar.ini
2009-04-08 09:49:19 ----SH---- C:\WINDOWS\system32\oharopak.ini
2009-04-08 01:49:12 ----SH---- C:\WINDOWS\system32\asazogat.ini
2009-04-07 23:56:28 ----SH---- C:\WINDOWS\system32\ajogapam.ini
2009-04-07 23:33:55 ----SH---- C:\WINDOWS\system32\atitiged.ini
2009-04-07 22:31:29 ----SH---- C:\WINDOWS\system32\olowesav.ini
2009-04-07 16:36:35 ----A---- C:\kgqxi.exe
2009-04-07 16:36:28 ----A---- C:\qunxkv.exe
2009-04-07 16:36:23 ----A---- C:\jurj.exe
2009-04-07 16:36:17 ----A---- C:\WINDOWS\instsp2.exe
2009-04-07 04:31:02 ----SH---- C:\WINDOWS\system32\opujohat.ini
2009-04-07 04:08:30 ----SH---- C:\WINDOWS\system32\umudewem.ini
2009-04-07 03:45:56 ----SH---- C:\WINDOWS\system32\ukunajun.ini
2009-04-07 03:23:24 ----SH---- C:\WINDOWS\system32\imorugop.ini
2009-04-06 13:25:34 ----SH---- C:\WINDOWS\system32\ahekofet.ini
2009-04-06 07:14:29 ----D---- C:\Program Files\SecureExpertCleaner
2009-04-06 01:13:55 ----A---- C:\Documents and Settings\All Users\Application Data\SpywareRemover2009update_free.exe
2009-04-06 01:08:46 ----D---- C:\Program Files\SpywareRemover2009
2009-04-06 01:08:46 ----D---- C:\Documents and Settings\All Users\Application Data\SpywareRemover2009
2009-04-03 13:26:35 ----SH---- C:\WINDOWS\system32\ibelepik.ini
2009-04-02 22:56:01 ----SH---- C:\WINDOWS\system32\omevavoj.ini
2009-04-02 10:55:51 ----SH---- C:\WINDOWS\system32\omalifej.ini
2009-03-31 10:39:41 ----SH---- C:\WINDOWS\system32\ejiheyul.ini
2009-03-30 14:07:16 ----D---- C:\Documents and Settings\Debbie\Application Data\VirusRemover2009
2009-03-30 14:02:54 ----SH---- C:\WINDOWS\system32\baborefe.dll
2009-03-30 14:02:53 ----SH---- C:\WINDOWS\system32\modigege.dll
2009-03-21 00:13:00 ----D---- C:\Program Files\iPod
2009-03-21 00:12:57 ----D---- C:\Program Files\iTunes
2009-03-21 00:12:57 ----D---- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-20 23:59:33 ----D---- C:\Program Files\Safari
2009-03-20 23:56:27 ----D---- C:\Program Files\Bonjour
2009-03-11 03:01:41 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-03-11 03:01:33 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-02-26 04:00:34 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-02-20 02:04:27 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2009-02-20 02:03:17 ----D---- C:\Program Files\QuickTime
2009-02-20 02:03:15 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2009-02-20 02:02:56 ----D---- C:\Program Files\Apple Software Update
2009-02-20 02:02:48 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-02-20 02:02:38 ----D---- C:\Program Files\Common Files\Apple
2009-02-20 02:02:37 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2009-02-13 12:22:42 ----D---- C:\Documents and Settings\Debbie\Application Data\Template
2009-02-12 04:00:57 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-02-09 23:36:43 ----D---- C:\Program Files\Tencent
2009-02-09 23:36:43 ----D---- C:\Documents and Settings\All Users\Application Data\Tencent
2009-02-09 23:35:31 ----D---- C:\Program Files\AIMTunes
2009-02-09 23:35:17 ----D---- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2009-02-09 23:35:17 ----A---- C:\WINDOWS\atid.ini
2009-02-09 23:34:58 ----D---- C:\Program Files\Common Files\Software Update Utility
2009-02-09 23:34:55 ----D---- C:\Program Files\AIM Toolbar
2009-02-09 23:34:55 ----D---- C:\Documents and Settings\All Users\Application Data\AIM Toolbar
2009-02-09 23:34:50 ----D---- C:\Documents and Settings\All Users\Application Data\acccore
2009-02-09 23:34:45 ----D---- C:\Documents and Settings\All Users\Application Data\AOL OCP
2009-02-09 23:34:22 ----D---- C:\Program Files\AIM6
2009-01-15 04:02:44 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$

======List of files/folders modified in the last 3 months======

2009-04-08 17:50:09 ----RD---- C:\Program Files
2009-04-08 17:34:07 ----D---- C:\WINDOWS\Prefetch
2009-04-08 17:33:30 ----D---- C:\WINDOWS\Temp
2009-04-08 17:32:33 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-04-08 17:32:10 ----D---- C:\WINDOWS\system32
2009-04-08 11:33:25 ----ASH---- C:\WINDOWS\system32\reluzade.dll
2009-04-08 11:32:56 ----ASH---- C:\WINDOWS\system32\kokibadi.dll
2009-04-08 11:32:55 ----ASH---- C:\WINDOWS\system32\hidamodu.dll
2009-04-08 10:57:27 ----ASH---- C:\WINDOWS\system32\tuvohihi.dll
2009-04-08 10:56:57 ----ASH---- C:\WINDOWS\system32\sehofepu.dll
2009-04-08 10:56:57 ----ASH---- C:\WINDOWS\system32\fohebaro.dll
2009-04-08 10:34:25 ----ASH---- C:\WINDOWS\system32\vohoreba.dll
2009-04-08 10:11:51 ----N---- C:\WINDOWS\system32\rafagize.dll
2009-04-08 10:11:51 ----ASH---- C:\WINDOWS\system32\suyuzaho.dll
2009-04-08 09:49:16 ----N---- C:\WINDOWS\system32\kaporaho.dll
2009-04-08 09:49:16 ----ASH---- C:\WINDOWS\system32\zeniwuki.dll
2009-04-08 02:34:13 ----ASH---- C:\WINDOWS\system32\vupejevo.dll
2009-04-08 02:11:41 ----ASH---- C:\WINDOWS\system32\hopohimu.dll
2009-04-08 01:49:09 ----ASH---- C:\WINDOWS\system32\siwijena.dll
2009-04-08 01:49:08 ----N---- C:\WINDOWS\system32\tagozasa.dll
2009-04-08 01:26:36 ----ASH---- C:\WINDOWS\system32\denakaku.dll
2009-04-08 01:04:04 ----ASH---- C:\WINDOWS\system32\jukejibe.dll
2009-04-08 00:41:32 ----ASH---- C:\WINDOWS\system32\nobawabu.dll
2009-04-08 00:18:57 ----ASH---- C:\WINDOWS\system32\radoyavi.dll
2009-04-07 23:56:25 ----ASH---- C:\WINDOWS\system32\tajilefa.dll
2009-04-07 23:56:24 ----N---- C:\WINDOWS\system32\mapagoja.dll
2009-04-07 23:33:52 ----N---- C:\WINDOWS\system32\degitita.dll
2009-04-07 23:33:51 ----ASH---- C:\WINDOWS\system32\dabukido.dll
2009-04-07 23:03:49 ----ASH---- C:\WINDOWS\system32\lutehibe.dll
2009-04-07 22:31:15 ----N---- C:\WINDOWS\system32\vasewolo.dll
2009-04-07 22:31:14 ----ASH---- C:\WINDOWS\system32\heyitolo.dll
2009-04-07 16:52:17 ----HD---- C:\$AVG8.VAULT$
2009-04-07 16:36:19 ----A---- C:\WINDOWS\wininit.ini
2009-04-07 16:36:17 ----D---- C:\WINDOWS
2009-04-07 16:36:09 ----ASH---- C:\WINDOWS\system32\rodowine.exe
2009-04-07 16:36:08 ----ASH---- C:\WINDOWS\system32\nitizebi.dll
2009-04-07 04:30:59 ----N---- C:\WINDOWS\system32\tahojupo.dll
2009-04-07 04:30:59 ----ASH---- C:\WINDOWS\system32\nuwutote.dll
2009-04-07 04:08:27 ----N---- C:\WINDOWS\system32\mewedumu.dll
2009-04-07 04:08:27 ----ASH---- C:\WINDOWS\system32\fahuyaku.dll
2009-04-07 03:45:55 ----ASH---- C:\WINDOWS\system32\genovoge.dll
2009-04-07 03:45:52 ----N---- C:\WINDOWS\system32\nujanuku.dll
2009-04-07 03:23:20 ----N---- C:\WINDOWS\system32\poguromi.dll
2009-04-07 03:23:20 ----ASH---- C:\WINDOWS\system32\femuhosi.dll
2009-04-07 03:00:48 ----ASH---- C:\WINDOWS\system32\wimorume.dll
2009-04-07 02:38:17 ----ASH---- C:\WINDOWS\system32\fiteliwo.dll
2009-04-06 14:33:08 ----ASH---- C:\WINDOWS\system32\tujomeso.dll
2009-04-06 14:10:32 ----ASH---- C:\WINDOWS\system32\hivubifo.dll
2009-04-06 13:48:00 ----ASH---- C:\WINDOWS\system32\siwonufo.dll
2009-04-06 13:25:26 ----ASH---- C:\WINDOWS\system32\hefodube.dll
2009-04-06 00:51:53 ----D---- C:\Program Files\Mozilla Firefox
2009-04-04 15:48:33 ----D---- C:\WINDOWS\system32\CatRoot2
2009-04-02 10:55:59 ----ASH---- C:\WINDOWS\system32\tupawugu.dll
2009-03-31 10:52:09 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-03-31 10:19:49 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-03-30 13:59:42 ----D---- C:\WINDOWS\security
2009-03-26 17:23:12 ----SHD---- C:\WINDOWS\Installer
2009-03-21 03:02:23 ----D---- C:\WINDOWS\system32\CatRoot
2009-03-21 03:00:35 ----HD---- C:\WINDOWS\inf
2009-03-21 00:13:15 ----D---- C:\WINDOWS\system32\drivers
2009-03-12 03:36:00 ----D---- C:\Documents and Settings\Debbie\Application Data\AdobeUM
2009-03-12 03:35:55 ----D---- C:\Program Files\Google
2009-03-12 02:31:53 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2009-03-11 22:18:54 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-03-11 03:01:43 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-03-11 03:01:39 ----A---- C:\WINDOWS\imsins.BAK
2009-03-11 03:01:07 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-03-10 22:09:49 ----HD---- C:\WINDOWS\$hf_mig$
2009-02-20 02:03:01 ----SD---- C:\WINDOWS\Tasks
2009-02-20 02:02:38 ----D---- C:\Program Files\Common Files
2009-02-20 01:28:33 ----D---- C:\Documents and Settings\All Users\Application Data\QuickTime
2009-02-20 01:27:37 ----D---- C:\WINDOWS\Help
2009-02-13 01:23:35 ----D---- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.3 Output
2009-02-12 04:00:47 ----D---- C:\Program Files\Internet Explorer
2009-02-09 23:34:52 ----D---- C:\Program Files\Viewpoint
2009-02-09 23:34:51 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2009-02-09 23:34:45 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-02-09 23:34:45 ----D---- C:\Documents and Settings\All Users\Application Data\AOL
2009-02-09 23:34:31 ----D---- C:\Program Files\Common Files\AOL
2009-02-09 15:59:41 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-01-17 02:07:16 ----D---- C:\WINDOWS\system32\CatRoot_bak
2009-01-16 22:35:14 ----A---- C:\WINDOWS\system32\mshtml.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-02-09 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-02-09 27656]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-07-03 20747]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2007-07-12 8552]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-09-08 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-09-08 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-09-08 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-09-08 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-09-08 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-09-08 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-09-08 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2006-08-14 44544]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-01-15 23848]
R3 GTNDIS5;GTNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\GTNDIS5.SYS []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-08-12 137728]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-08-23 3959712]
R3 RT73;Linksys Home Wireless-G USB Adapter Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys [2005-11-24 245248]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-08-15 1171464]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2005-10-25 27264]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
S3 BCM42RLY;BCM42RLY; \??\C:\WINDOWS\System32\BCM42RLY.SYS []
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 USB_RNDIS;Compact Wireless-G USB Network Adapter with SpeedBooster; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-04 12672]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-09-15 18944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2004-08-04 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2004-08-04 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2004-08-04 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2004-08-04 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2004-08-03 5504]
S4 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2004-08-04 41088]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-04 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-07-26 611664]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-06 132424]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-02-09 298264]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-08-23 155715]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-09-15 38912]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-03-12 656168]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
S2 WUSB54GCSVC;WUSB54GCSVC; C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe [2005-07-04 53307]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-19 70656]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-12 137200]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------





info.txt logfile of random's system information tool 1.06 2009-04-08 17:50:54

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
AIM 6-->C:\Program Files\AIM6\uninst.exe
Aim Plugin for QQ Games-->C:\Program Files\Tencent\QQ Games\Plugin\Uninstall.EXE
AIM Toolbar-->"C:\Program Files\AIM Toolbar\uninstall.exe"
AIMTunes-->C:\Program Files\AIMTunes\Uninstall.exe
AOLIcon-->MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
Apple Mobile Device Support-->MsiExec.exe /I{162B71B8-8464-4680-A086-601D555B331D}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Arthur's Computer Adventure-->C:\Program Files\The Learning Company\Arthur's Computer Adventure\uninstall.exe
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Broadcom Management Programs-->MsiExec.exe /I{FB64BF25-3593-4E4E-AA85-84AEF1D1475F}
Compact Wireless-G USB Adapter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F855C3AE-992D-4B84-A09D-07103CDCDAC2}\setup.exe" -l0x9
Dell CinePlayer-->MsiExec.exe /I{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}
Dell Support Center-->MsiExec.exe /I{B8C54AB1-7E1A-40E8-B794-EDB6E8921F3A}
DellSupport-->MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Digimax Master-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}\Setup.exe" -l0x9 -removeonly
Download Updater (AOL LLC)-->C:\Program Files\Common Files\Software Update Utility\uninstall.exe
EarthLink Setup Files-->MsiExec.exe /X{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2}
eFax Messenger 4.3-->C:\Program Files\eFax Messenger 4.3\Uninstall.exe
FormViewer-->C:\Program Files\InstallShield Installation Information\{58E6A969-8215-4ABC-BD73-FCB25EA6F544}\setup.exe -runfromtemp -l0x0409
Full Tilt Poker.Net-->"C:\Program Files\InstallShield Installation Information\{E07B7A31-E160-466D-A003-3BB7B8989D52}\setup.exe" -runfromtemp -l0x0009 -removeonly
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0531C63A913CC9D1.exe" /uninstall
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
iTunes-->MsiExec.exe /I{C26B06A9-27BB-45B0-9873-9C623EC2BA38}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
LimeWire 4.16.4-->"C:\Program Files\LimeWire\uninstall.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Math Advantage Pre-Algebra-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AD7B678C-489A-479E-A895-6F320DFF8D00}\setup.exe" -uninst
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
MobileMe Control Panel-->MsiExec.exe /I{C7EEC93A-2A61-4B1E-B696-A264680A889D}
Mozilla Firefox (3.0.8)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuide.exe UninstallGUI
QQ Games-->C:\Program Files\Tencent\QQ Games\Uninstall.EXE
QQ Pool-->C:\Program Files\Tencent\QQ Games\QQ Pool\Uninstall.EXE
QualxServ Service Agreement-->MsiExec.exe /X{0F756CD9-4A1E-409B-B101-601DDC4C03AA}
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Roxio DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Roxio MyDVD LE-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Roxio RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Roxio RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Roxio RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Safari-->MsiExec.exe /I{D90AFDE3-3E67-407A-ACA8-F0BAAD012F08}
Samsung USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{86D6A20D-3910-4441-A3E5-EB6977251C86}\Setup.exe" anything
SearchAssist-->C:\DELL\SearchAssist\UninstSA.bat
SecureExpertCleaner 1.0.19.8-->"C:\Program Files\SecureExpertCleaner\unins000.exe" /silent /norestart
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Visio 2007 (KB947590)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB942615)-->"C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338)-->"C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944533)-->"C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB947864)-->"C:\WINDOWS\$NtUninstallKB947864$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Sonic Activation Module-->MsiExec.exe /I{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SpywareRemover2009 1.0.198.1-->"C:\Program Files\SpywareRemover2009\unins000.exe"
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb962871)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {297857BF-4011-449B-BD74-DB64D182821C}
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB942840)-->"C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
Update for Windows XP (KB946627)-->"C:\WINDOWS\$NtUninstallKB946627$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
URL Assistant-->regsvr32 /u /s "C:\Program Files\BAE\BAE.dll"
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Webshots Desktop-->"C:\Program Files\Webshots\unins000.exe"
Webshots Toolbar-->C:\Program Files\Webshots\ToolbarUninstall.exe
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89}
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Yahoo! Browser Services-->C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

======Hosts File======

127.0.0.1 localhost
82.98.231.89 browser-security.microsoft.com
82.98.231.89 best-click-scanner.info
82.98.231.89 antivirus-xp-pro-2009.com
82.98.231.89 microsoft.infosecuritycenter.com
82.98.231.89 microsoft.softwaresecurityhelp.com
82.98.231.89 onlinenotifyq.net
82.98.231.89 antivirusxp-pro-2009.com
82.98.231.89 microsoft.browser-security-center.com

======Security center information======

AV: AVG Anti-Virus Free

======System event log======

Computer Name: FAMILY
Event Code: 1009
Message: A network error occurred when trying to send a message. The error code is: A blocking operation was interrupted by a call to WSACancelBlockingCall.
.

Record Number: 86261
Source Name: Dhcp
Time Written: 20090331102531.000000-240
Event Type: warning
User:

Computer Name: FAMILY
Event Code: 1002
Message: The IP address lease 192.168.1.47 for the Network Card with network address 001C10698679 has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Record Number: 86259
Source Name: Dhcp
Time Written: 20090331102525.000000-240
Event Type: error
User:

Computer Name: FAMILY
Event Code: 1001
Message: Your computer was not assigned an address from the network (by the DHCP
Server) for the Network Card with network address 001C10698679. The following error
occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 86148
Source Name: Dhcp
Time Written: 20090331013732.000000-240
Event Type: error
User:

Computer Name: FAMILY
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001C10698679. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 86127
Source Name: Dhcp
Time Written: 20090330183039.000000-240
Event Type: warning
User:

Computer Name: FAMILY
Event Code: 1073
Message: The attempt to reboot FAMILY failed

Record Number: 86122
Source Name: USER32
Time Written: 20090330170615.000000-240
Event Type: warning
User: FAMILY\Damon & Darius

=====Application event log=====

Computer Name: FAMILY
Event Code: 32026
Message: Fax Service failed to initialize any assigned fax devices (virtual or TAPI).
No faxes can be sent or received until a fax device is installed.

Record Number: 49072
Source Name: Microsoft Fax
Time Written: 20080721095820.000000-240
Event Type: warning
User:

Computer Name: FAMILY
Event Code: 1517
Message: Windows saved user FAMILY\Debbie registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 49058
Source Name: Userenv
Time Written: 20080721030814.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: FAMILY
Event Code: 1524
Message: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



Record Number: 49057
Source Name: Userenv
Time Written: 20080721030814.000000-240
Event Type: warning
User: FAMILY\Debbie

Computer Name: FAMILY
Event Code: 32068
Message: The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly.
Country/region code: '*'
Area code: '*'

Record Number: 49000
Source Name: Microsoft Fax
Time Written: 20080717020240.000000-240
Event Type: warning
User:

Computer Name: FAMILY
Event Code: 32026
Message: Fax Service failed to initialize any assigned fax devices (virtual or TAPI).
No faxes can be sent or received until a fax device is installed.

Record Number: 48999
Source Name: Microsoft Fax
Time Written: 20080717020240.000000-240
Event Type: warning
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 107 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=6b01
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip

-----------------EOF-----------------

BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,711 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:58 AM

Posted 08 April 2009 - 05:09 PM

Hi Darkumas,

The Computer is heavily infected. Please make sure it is disconnected and not used.

It is too late here and I have to get some sleep. Tomorrow I'll post a fix.


Regards,

farbar

#3 Darkumas

Darkumas
  • Topic Starter

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 08 April 2009 - 05:12 PM

Will do

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,711 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:58 AM

Posted 09 April 2009 - 01:44 AM

Hi again,

Your log(s) show that you are using so called peer-to-peer or file-sharing programs. We are not here to pass judgment on file-sharing as a concept. But file-sharing is used to infect users as tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."


Removal Instructions
  • Empty all p2p (LimeWire, uTorrent, etc...) download folders. They might contain infected files. Please avoid using these p2p applications or uninstall them. Using these applications at this stage might lead to reinfection or infecting other users.

  • Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

    http://www.clickz.com/news/article.php/3561546

    I suggest you remove the program if you are not using it.
    If you decided to uninstall it click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist:

    Viewpoint Media Player.

    If you decided to uninstall it also remove the folder in bold: C:\Program Files\Viewpoint

  • Please download ATF Cleaner by Atribune & save it to your desktop.
    • Double-click ATF-Cleaner.exe to run the program.
    • Under Main "Select Files to Delete" choose: Select All.
    • Click the Empty Selected button.
    • If you use Firefox browser click Firefox at the top and choose: Select All
    • Click the Empty Selected button.
      If you would like to keep your saved passwords, please click No at the prompt.
    • If you use Opera browser click Opera at the top and choose: Select All
    • Click the Empty Selected button.
      If you would like to keep your saved passwords, please click No at the prompt.
    • Click Exit on the Main menu to close the program.
  • Open your Malwarebytes' Anti-Malware, first update it, run a "quick scan", let reboot if needed and copy/paste the log to your reply.

    Note: The logs are saved by default under the Logs tab. If the log did not automatically open you can obtain the latest log from there.

  • Download ComboFix from one of these locations:

    Link 1
    Link 2
    Link 3

    * IMPORTANT !!! Save ComboFix.exe to your Desktop

    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Information on A/V control HERE)
    • Double click on ComboFix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    Posted Image


    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image


    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

  • Please copy and paste a fresh Hijackthis log to your reply.
Please include in your next reply:
  • The log of MBAM.
  • The Combofix log.
  • A fresh Hijackthis log.
  • Any comment or feedback about how it went.


#5 Darkumas

Darkumas
  • Topic Starter

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 09 April 2009 - 09:52 AM

Everything ran fine. When I went to run MBAM I noticed she was using Version 1.23 which is probably why she didnt catch the problem when it was ran after I updated it, 111 infections were found and cleaned. I have a question though, should she keep 4 seperate accounts on her pc or go down to 1? When I tried to find the limewire download folder I couldnt find it, I had to switch to another account on the PC to where it was. What are your thoughts. The logs are posted below.


MBAM LOG

Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 5.1.2600 Service Pack 2

4/9/2009 10:40:20 AM
mbam-log-2009-04-09 (10-40-20).txt

Scan type: Quick Scan
Objects scanned: 81614
Time elapsed: 3 minute(s), 35 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 4
Registry Data Items Infected: 3
Folders Infected: 17
Files Infected: 81

Memory Processes Infected:
C:\Program Files\SecureExpertCleaner\Reminder.exe (Rogue.SecureExpertCleaner) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\SpywareRemover2009 (Rogue.SpywareRemover) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\SpywareRemover2009 (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\cleaner2009 freeware (Rogue.Cleaner2009) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\3p_usec_is1 (Rogue.SecureExpertCleaner) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\SecureExpertCleaner (Rogue.SecureExpertCleaner) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\spywareremover2009 (Rogue.SpywareRemover) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reminder (Rogue.SecureExpertCleaner) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\secureexpertcleaner (Rogue.SecureExpertCleaner) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jwojuket (Trojan.Agent) -> Delete on reboot.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: plndmsi.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\SecureExpertCleaner (Rogue.SecureExpertCleaner) -> Quarantined and deleted successfully.
C:\Program Files\SecureExpertCleaner\Microsoft.VC80.CRT (Rogue.SecureExpertCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\SecureExpertCleaner (Rogue.SecureExpertCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SEC (Rogue.SecureExpertCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andre'\Application Data\VirusRemover2009 (Rogue.VirusRemover) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andre'\Application Data\VirusRemover2009\Logs (Rogue.VirusRemover) -> Quarantined and deleted successfully.
C:\Documents and Settings\Debbie\Application Data\VirusRemover2009 (Rogue.VirusRemover) -> Quarantined and deleted successfully.
C:\Documents and Settings\Debbie\Application Data\VirusRemover2009\Logs (Rogue.VirusRemover) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SpywareRemover2009 (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SpywareRemover2009\Data (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\SpywareRemover2009 (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.
C:\Program Files\SpywareRemover2009 (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.
C:\Program Files\SpywareRemover2009\database (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.
C:\Program Files\SpywareRemover2009\database\quarantine.dat (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.
C:\Program Files\SpywareRemover2009\Download (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.
C:\Program Files\SpywareRemover2009\Quarantine (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.
C:\Program Files\SpywareRemover2009\quaratine.dat (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\plndmsi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Program Files\SpywareRemover2009\SR.exe (Rogue.SpywareRemover) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jehukalu.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\katigeki.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vegujove.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dohopihi.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kezisate.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\musesiwo.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pimanufi.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\buretapo.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sozofini.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\volenogu.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ziruluzi.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\heyisuya.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fikinula.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rivikego.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rogasovi.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\girulevi.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\kgqxi.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\SecureExpertCleaner\mfc80.dll (Rogue.SecureExpertCleaner) -> Quarantined and deleted successfully.
C:\Program Files\SecureExpertCleaner\Microsoft.VC80.MFC.manifest (Rogue.SecureExpertCleaner) -> Quarantined and deleted successfully.
C:\Program Files\SecureExpertCleaner\Reminder.exe (Rogue.SecureExpertCleaner) -> Quarantined and deleted successfully.
C:\Program Files\SecureExpertCleaner\SEC.exe (Rogue.SecureExpertCleaner) -> Quarantined and deleted successfully.
C:\Program Files\SecureExpertCleaner\SEC.ico (Rogue.SecureExpertCleaner) -> Quarantined and deleted successfully.
C:\Program Files\SecureExpertCleaner\SEC.xml (Rogue.SecureExpertCleaner) -> Quarantined and deleted successfully.
C:\Program Files\SecureExpertCleaner\unins.ico (Rogue.SecureExpertCleaner) -> Quarantined and deleted successfully.
C:\Program Files\SecureExpertCleaner\unins000.dat (Rogue.SecureExpertCleaner) -> Quarantined and deleted successfully.
C:\Program Files\SecureExpertCleaner\unins000.exe (Rogue.SecureExpertCleaner) -> Quarantined and deleted successfully.
C:\Program Files\SecureExpertCleaner\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (Rogue.SecureExpertCleaner) -> Quarantined and deleted successfully.
C:\Program Files\SecureExpertCleaner\Microsoft.VC80.CRT\msvcp80.dll (Rogue.SecureExpertCleaner) -> Quarantined and deleted successfully.
C:\Program Files\SecureExpertCleaner\Microsoft.VC80.CRT\msvcr80.dll (Rogue.SecureExpertCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\SecureExpertCleaner\Launch SecureExpertCleaner.lnk (Rogue.SecureExpertCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\SecureExpertCleaner\Uninstall SecureExpertCleaner.lnk (Rogue.SecureExpertCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andre'\Application Data\VirusRemover2009\Logs\scns.log (Rogue.VirusRemover) -> Quarantined and deleted successfully.
C:\Documents and Settings\Debbie\Application Data\VirusRemover2009\Logs\scns.log (Rogue.VirusRemover) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SpywareRemover2009\restore.dat (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SpywareRemover2009\Data\Abbr (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SpywareRemover2009\Data\ActivationCode (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SpywareRemover2009\Data\ProductCode (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\SpywareRemover2009\Contact Customer Support.url (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\SpywareRemover2009\SpywareRemover2009 Online Manual.url (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\SpywareRemover2009\SpywareRemover2009.lnk (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\SpywareRemover2009\Uninstall SpywareRemover2009.lnk (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.
C:\Program Files\SpywareRemover2009\ATL80.dll (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.
C:\Program Files\SpywareRemover2009\cn.exe (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.
C:\Program Files\SpywareRemover2009\cn.xml (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.
C:\Program Files\SpywareRemover2009\InstUp.exe (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.
C:\Program Files\SpywareRemover2009\license.rtf (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.
C:\Program Files\SpywareRemover2009\mfc80.dll (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.
C:\Program Files\SpywareRemover2009\Microsoft.VC80.ATL.manifest (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.
C:\Program Files\SpywareRemover2009\Microsoft.VC80.CRT.manifest (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.
C:\Program Files\SpywareRemover2009\Microsoft.VC80.MFC.manifest (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.
C:\Program Files\SpywareRemover2009\msvcm80.dll (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.
C:\Program Files\SpywareRemover2009\msvcp80.dll (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.
C:\Program Files\SpywareRemover2009\msvcr80.dll (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.
C:\Program Files\SpywareRemover2009\pv.dat (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.
C:\Program Files\SpywareRemover2009\readme.rtf (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.
C:\Program Files\SpywareRemover2009\settings.ini (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.
C:\Program Files\SpywareRemover2009\SR.xml (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.
C:\Program Files\SpywareRemover2009\unins000.dat (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.
C:\Program Files\SpywareRemover2009\unins000.exe (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.
C:\Program Files\SpywareRemover2009\updateapp.dat (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.
C:\Program Files\SpywareRemover2009\updatedb.dat (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.
C:\Program Files\SpywareRemover2009\Updater.dll (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.
C:\Program Files\SpywareRemover2009\UserAgent.dll (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.
C:\Program Files\SpywareRemover2009\vbpv.dat (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.
C:\Program Files\SpywareRemover2009\database\AutoProcess.dat (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.
C:\Program Files\SpywareRemover2009\database\common.dat (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.
C:\Program Files\SpywareRemover2009\database\enemies.dat (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.
C:\Program Files\SpywareRemover2009\database\Summary.dat (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.
C:\Program Files\SpywareRemover2009\database\vbpv.dat (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.
C:\Program Files\SpywareRemover2009\database\quarantine.dat\#post_quarantine (Rogue.SpywareRemover2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andre'\Application Data\Microsoft\Internet Explorer\Quick Launch\SecureExpertCleaner.lnk (Rogue.SecureExpertCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Desktop\Secure ExpertCleaner.lnk (Rogue.SecureExpertCleaner) -> Quarantined and deleted successfully.
C:\WINDOWS\orilatiwojili.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\instsp2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tuvohihi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\basirani.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\modigege.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andre'\Desktop\SpywareRemover2009.lnk (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andre'\Application Data\Microsoft\Internet Explorer\Quick Launch\SpywareRemover2009.lnk (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.


COMBO FIX LOG

ComboFix 09-04-04.01 - Debbie 2009-04-09 10:20:44.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.958.518 [GMT -4:00]
Running from: c:\documents and settings\Debbie\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\ahekofet.ini
c:\windows\system32\ajogapam.ini
c:\windows\system32\asazogat.ini
c:\windows\system32\atitiged.ini
c:\windows\system32\degitita.dll
c:\windows\system32\ejiheyul.ini
c:\windows\system32\ezigafar.ini
c:\windows\system32\fohebaro.dll
c:\windows\system32\gagekije.dll.tmp
c:\windows\system32\garayudi.dll
c:\windows\system32\gipirego.dll.tmp
c:\windows\system32\hajifagu.dll
c:\windows\system32\hidamodu.dll
c:\windows\system32\hulawira.dll.tmp
c:\windows\system32\ibelepik.ini
c:\windows\system32\imorugop.ini
c:\windows\system32\junugudu.dll
c:\windows\system32\kaporaho.dll
c:\windows\system32\keyelibi.dll.tmp
c:\windows\system32\kokibadi.dll
c:\windows\system32\lavejipu.dll.tmp
c:\windows\system32\mapagoja.dll
c:\windows\system32\mewedumu.dll
c:\windows\system32\ntnet.drv
c:\windows\system32\nujanuku.dll
c:\windows\system32\oharopak.ini
c:\windows\system32\olowesav.ini
c:\windows\system32\omalifej.ini
c:\windows\system32\omevavoj.ini
c:\windows\system32\opujohat.ini
c:\windows\system32\pihuyeha.dll
c:\windows\system32\poguromi.dll
c:\windows\system32\rafagize.dll
c:\windows\system32\robejaku.dll
c:\windows\system32\rozumede.dll.tmp
c:\windows\system32\sehofepu.dll
c:\windows\system32\suyuzaho.dll
c:\windows\system32\tagozasa.dll
c:\windows\system32\tahojupo.dll
c:\windows\system32\ukajebor.ini
c:\windows\system32\ukunajun.ini
c:\windows\system32\umudewem.ini
c:\windows\system32\upefohes.ini
c:\windows\system32\vasewolo.dll
c:\windows\system32\vohoreba.dll
c:\windows\system32\zeniwuki.dll

----- BITS: Possible infected sites -----

hxxp://82.98.235.205
.
((((((((((((((((((((((((( Files Created from 2009-03-09 to 2009-04-09 )))))))))))))))))))))))))))))))
.

2009-04-09 09:37 . 2009-04-09 09:37 <DIR> d-------- c:\documents and settings\Debbie\Application Data\Logs
2009-04-09 09:33 . 2009-04-09 09:33 408 --a------ c:\windows\Ivonabexobed.dat
2009-04-09 09:33 . 2009-04-09 09:33 0 --a------ c:\windows\Xnujiteduzub.bin
2009-04-09 09:31 . 2009-04-09 09:31 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\AVGTOOLBAR
2009-04-08 17:50 . 2009-04-08 17:50 <DIR> d-------- C:\rsit
2009-04-08 17:50 . 2009-04-08 17:50 <DIR> d-------- c:\program files\trend micro
2009-04-08 17:33 . 2009-04-08 17:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\SEC
2009-04-07 16:36 . 2009-04-07 16:36 32,768 --a------ C:\qunxkv.exe
2009-04-07 16:36 . 2009-04-07 16:36 20,480 --a------ C:\jurj.exe
2009-04-07 16:36 . 2009-04-07 16:36 9,216 --a------ c:\windows\instsp2.exe
2009-04-07 16:36 . 2009-04-07 16:36 7,680 --a------ C:\kgqxi.exe
2009-04-06 07:14 . 2009-04-06 16:51 <DIR> d-------- c:\program files\SecureExpertCleaner
2009-04-06 01:13 . 2009-04-06 01:13 <DIR> d-------- c:\documents and settings\Andre'\Application Data\Logs
2009-04-06 01:08 . 2009-04-06 01:12 <DIR> d-------- c:\program files\SpywareRemover2009
2009-04-06 01:08 . 2009-04-06 01:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\SpywareRemover2009
2009-03-31 09:51 . 2009-03-31 09:51 <DIR> d-------- c:\documents and settings\Damon & Darius\Application Data\Malwarebytes
2009-03-30 14:07 . 2009-03-30 14:07 <DIR> d-------- c:\documents and settings\Debbie\Application Data\VirusRemover2009
2009-03-30 14:02 . 2009-03-30 14:02 2,713 ---hs---- c:\windows\system32\modigege.dll
2009-03-30 14:02 . 2009-03-30 14:02 2,713 ---hs---- c:\windows\system32\baborefe.dll
2009-03-29 04:44 . 2009-03-29 04:44 <DIR> d-------- c:\documents and settings\Andre'\Application Data\VirusRemover2009
2009-03-26 17:23 . 2009-03-26 17:23 <DIR> d-------- c:\documents and settings\Damon & Darius\Application Data\Apple Computer
2009-03-21 00:13 . 2009-03-21 00:13 <DIR> d-------- c:\program files\iPod
2009-03-21 00:12 . 2009-03-21 00:13 <DIR> d-------- c:\program files\iTunes
2009-03-21 00:12 . 2009-03-21 00:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-20 23:59 . 2009-03-20 23:59 <DIR> d-------- c:\program files\Safari
2009-03-20 23:56 . 2009-03-20 23:56 <DIR> d-------- c:\program files\Bonjour

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-09 13:59 --------- d-----w c:\program files\LimeWire
2009-04-09 13:51 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-04-08 21:32 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-04-04 20:06 --------- d-----w c:\program files\AIMTunes
2009-04-04 19:23 --------- d-----w c:\documents and settings\Andre'\Application Data\LimeWire
2009-03-31 14:19 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-03-21 04:12 --------- d-----w c:\program files\Common Files\Apple
2009-03-18 16:24 3,110 ----a-w c:\documents and settings\Andre'\Application Data\wklnhst.dat
2009-03-16 00:40 --------- d-----w c:\documents and settings\Damon & Darius\Application Data\Yahoo!
2009-03-12 07:36 --------- d-----w c:\documents and settings\Debbie\Application Data\AdobeUM
2009-03-12 07:35 --------- d-----w c:\program files\Google
2009-03-11 07:01 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-20 06:27 --------- d-----w c:\documents and settings\Andre'\Application Data\Apple Computer
2009-02-20 06:04 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-02-20 06:03 --------- d-----w c:\program files\QuickTime
2009-02-20 06:02 --------- d-----w c:\program files\Apple Software Update
2009-02-20 06:02 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2009-02-20 05:28 --------- d-----w c:\documents and settings\All Users\Application Data\QuickTime
2009-02-13 16:22 136 ----a-w c:\documents and settings\Debbie\Application Data\wklnhst.dat
2009-02-13 16:22 --------- d-----w c:\documents and settings\Debbie\Application Data\Template
2009-02-13 05:23 --------- d-----w c:\documents and settings\All Users\Application Data\eFax Messenger 4.3 Output
2009-02-11 23:49 --------- d-----w c:\documents and settings\Andre'\Application Data\Viewpoint
2009-02-10 03:37 --------- d-----w c:\documents and settings\Andre'\Application Data\QQ Games Plugin
2009-02-10 03:37 --------- d-----w c:\documents and settings\Andre'\Application Data\acccore
2009-02-10 03:37 --------- d-----w c:\documents and settings\All Users\Application Data\AOL OCP
2009-02-10 03:36 --------- d-----w c:\program files\Tencent
2009-02-10 03:36 --------- d-----w c:\program files\AIM6
2009-02-10 03:36 --------- d-----w c:\documents and settings\All Users\Application Data\Tencent
2009-02-10 03:35 --------- d-----w c:\documents and settings\All Users\Application Data\AOL Downloads
2009-02-10 03:34 --------- d-----w c:\program files\Common Files\Software Update Utility
2009-02-10 03:34 --------- d-----w c:\program files\Common Files\AOL
2009-02-10 03:34 --------- d-----w c:\program files\AIM Toolbar
2009-02-10 03:34 --------- d-----w c:\documents and settings\All Users\Application Data\AOL
2009-02-10 03:34 --------- d-----w c:\documents and settings\All Users\Application Data\AIM Toolbar
2009-02-10 03:34 --------- d-----w c:\documents and settings\All Users\Application Data\acccore
2009-02-09 19:59 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2008-10-14 14:46 1,234,120 ----a-w c:\program files\wrar380.exe
2008-07-17 06:06 61,224 ----a-w c:\documents and settings\Debbie\GoToAssistDownloadHelper.exe
2008-07-03 06:42 487,424 ----a-w c:\documents and settings\Andre'\GoToAssist_phone__268_en.exe
2008-04-08 00:05 0 ----a-w c:\program files\temp01
2008-01-17 20:31 439,296 ----a-w c:\documents and settings\Debbie\GoToAssist_phone__317_en.exe
2007-11-21 01:40 439,296 ----a-w c:\documents and settings\Andre'\GoToAssist_phone__317_en.exe
2009-01-02 14:56 49,152 --sha-w c:\windows\system32\basirani.dll.vir
2009-01-08 14:11 61,440 --sha-w c:\windows\system32\buretapo.exe
2009-01-08 15:44 49,152 --sha-w c:\windows\system32\diyisafi.dll
2009-01-08 05:04 61,440 --sha-w c:\windows\system32\dohopihi.exe
2009-01-08 02:31 61,440 --sha-w c:\windows\system32\fikinula.exe
2009-01-08 04:18 61,440 --sha-w c:\windows\system32\girulevi.exe
2009-01-08 15:08 49,152 --sha-w c:\windows\system32\hehileha.dll
2009-01-08 05:49 61,440 --sha-w c:\windows\system32\heyisuya.exe
2009-01-08 14:34 61,440 --sha-w c:\windows\system32\jehukalu.exe
2009-01-08 14:56 61,440 --sha-w c:\windows\system32\katigeki.exe
2009-01-08 13:49 61,440 --sha-w c:\windows\system32\kezisate.exe
2009-01-08 23:31 61,440 --sha-w c:\windows\system32\musesiwo.exe
2009-01-08 15:08 49,152 --sha-w c:\windows\system32\muvutani.dll
2009-01-08 05:26 61,440 --sha-w c:\windows\system32\pimanufi.exe
2009-01-08 03:03 61,440 --sha-w c:\windows\system32\rivikego.exe
2009-01-08 03:56 61,440 --sha-w c:\windows\system32\rogasovi.exe
2009-01-08 06:34 61,440 --sha-w c:\windows\system32\sozofini.exe
2009-01-08 15:44 49,152 --sha-w c:\windows\system32\vabozevo.dll
2009-01-08 04:41 61,440 --sha-w c:\windows\system32\vegujove.exe
2009-01-08 15:32 61,440 --sha-w c:\windows\system32\volenogu.exe
2009-01-08 03:33 61,440 --sha-w c:\windows\system32\ziruluzi.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-06 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-23 7630848]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-23 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2007-07-12 26112]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-12 169984]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"eFax 4.3"="c:\program files\eFax Messenger 4.3\J2GDllCmd.exe" [2007-03-06 116224]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-09 1601304]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-06 177472]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312]
"SpywareRemover2009"="c:\program files\SpywareRemover2009\SR.exe" [2009-03-30 1703936]
"Jwojuket"="c:\windows\orilatiwojili.dll" [2007-03-08 155136]
"SecureExpertCleaner"="c:\program files\SecureExpertCleaner\sec.exe" [2009-03-26 1617920]
"Reminder"="c:\program files\SecureExpertCleaner\Reminder.exe" [2009-03-26 481280]
"nwiz"="nwiz.exe" [2006-08-23 c:\windows\system32\nwiz.exe]
"SigmatelSysTrayApp"="stsystra.exe" [2006-08-15 c:\windows\stsystra.exe]

c:\documents and settings\Andre'\Start Menu\Programs\Startup\
wkcalrem.LNK - c:\program files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2006-06-04 21504]

c:\documents and settings\Debbie\Start Menu\Programs\Startup\
Webshots.lnk - c:\program files\Webshots\Launcher.exe [2008-01-17 157008]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
eFax 4.3.lnk - c:\program files\eFax Messenger 4.3\J2GTray.exe [2008-02-12 629248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-09 15:59 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= wdmaud.sys

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli plndmsi.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Tencent\\QQ Games\\QQGames.exe"=
"c:\\Program Files\\Tencent\\QQ Games\\QQGamesD.exe"=
"c:\\Program Files\\Tencent\\QQ Games\\Update\\Update.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Compact Wireless-G USB Adapter Wireless Network Monitor\\WUSB54GC.exe"=
"c:\\Program Files\\AIM6\\aolsoftware.exe"=
"c:\\Program Files\\iPod\\bin\\iPodService.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-07-20 325128]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-20 298264]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - GTNDIS5
*Deregistered* - wuauserv
*Deregistered* - WUSB54GCSVC
*Deregistered* - WZCSVC

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ebd30d1c-4926-11dd-92db-00038a000015}]
\Shell\AutoRun\command - E:\setupSNK.exe
.
Contents of the 'Scheduled Tasks' folder

2009-04-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]
.
- - - - ORPHANS REMOVED - - - -

BHO-{655dfc8e-15fc-46a6-bbe3-7df88e7f5d79} - c:\windows\system32\bovupona.dll
HKLM-Run-duzetizoka - c:\windows\system32\wezatugi.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.cnn.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070712
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Webshots Photo Search - c:\program files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Debbie\Application Data\Mozilla\Firefox\Profiles\07eetao2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-09 10:23:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(824)
c:\windows\plndmsi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
c:\program files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\windows\system32\rundll32.exe
c:\program files\Google\Google Desktop Search\GoogleDesktopIndex.exe
c:\program files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
c:\progra~1\Webshots\Webshots.scr
c:\program files\iPod\bin\iPodService.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-04-09 10:26:32 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-09 14:26:30

Pre-Run: 59,669,426,176 bytes free
Post-Run: 59,617,779,712 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

316 --- E O F --- 2009-03-21 07:00:35



HIJACKTHIS LOG

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:46:43 AM, on 4/9/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\eFax Messenger 4.3\J2GTray.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Debbie\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070712
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - C:\Program Files\Webshots\WSToolbar4IE.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [eFax 4.3] "C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: eFax 4.3.lnk = C:\Program Files\eFax Messenger 4.3\J2GTray.exe
O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

--
End of file - 10638 bytes

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,711 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:58 AM

Posted 09 April 2009 - 11:40 AM

Let's first concentrate on the cleaning. Please remind me of any question you have before we close the topic.
  • Please run Notepad (start > All Programs > Accessories > Notepad) and copy and paste the text in the code box into a new file:

    http://www.bleepingcomputer.com/forums/t/217880/infected-with-some-kind-of-rogue-program/?p=1215432
    
    Collect::[4]
    C:\qunxkv.exe
    C:\jurj.exe
    c:\windows\instsp2.exe
    C:\kgqxi.exe
    c:\windows\system32\modigege.dll
    c:\windows\system32\baborefe.dll
    c:\windows\system32\basirani.dll.vir
    c:\windows\system32\buretapo.exe
    c:\windows\system32\diyisafi.dll
    c:\windows\system32\dohopihi.exe
    c:\windows\system32\fikinula.exe
    c:\windows\system32\girulevi.exe
    c:\windows\system32\hehileha.dll
    c:\windows\system32\heyisuya.exe
    c:\windows\system32\jehukalu.exe
    c:\windows\system32\katigeki.exe
    c:\windows\system32\kezisate.exe
    c:\windows\system32\musesiwo.exe
    c:\windows\system32\muvutani.dll
    c:\windows\system32\pimanufi.exe
    c:\windows\system32\rivikego.exe
    c:\windows\system32\rogasovi.exe
    c:\windows\system32\sozofini.exe
    c:\windows\system32\vabozevo.dll
    c:\windows\system32\vegujove.exe
    c:\windows\system32\volenogu.exe
    c:\windows\system32\ziruluzi.exe
    c:\windows\orilatiwojili.dll
    c:\windows\plndmsi.dll
    File::
    c:\windows\Ivonabexobed.dat
    c:\windows\Xnujiteduzub.bin
    c:\program files\wrar380.exe
    Folder::
    c:\program files\SpywareRemover2009
    c:\documents and settings\Debbie\Application Data\VirusRemover2009
    c:\documents and settings\Andre'\Application Data\VirusRemover2009
    c:\documents and settings\All Users\Application Data\SpywareRemover2009
    DirLook::
    c:\documents and settings\Debbie\Application Data\Logs
    c:\program files\temp01
    Registry::
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=0
    "UpdatesDisableNotify"=0
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Jwojuket"=-

    Save this as CFScript.txt

    Close any open browsers.

    Posted Image


    Referring to the picture above, drag CFScript.txt into ComboFix.exe

    When finished, it shall produce a log for you. Post that log in your next reply.

    **Important Note**

    When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
    • Ensure you are connected to the internet and click OK on the message box.
  • Go to start => Run => Copy/paste the following line in the run box and click OK.

    cmd /c Vfind -ltf "%systemdrive%\wdmaud.sys" >Log.txt&Log.txt&del Log.txt


    A command window opens, wait until a log file opens. Please post the content of it to your reply.


#7 Darkumas

Darkumas
  • Topic Starter

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 09 April 2009 - 11:55 AM

COMBO FIX LOG

ComboFix 09-04-04.01 - Debbie 2009-04-09 12:47:11.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.958.557 [GMT -4:00]
Running from: c:\documents and settings\Debbie\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Debbie\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Created a new restore point

FILE ::
c:\program files\wrar380.exe
c:\windows\Ivonabexobed.dat
c:\windows\Xnujiteduzub.bin
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\jurj.exe
c:\program files\wrar380.exe
C:\qunxkv.exe
c:\windows\Ivonabexobed.dat
c:\windows\system32\baborefe.dll
c:\windows\system32\diyisafi.dll
c:\windows\system32\hehileha.dll
c:\windows\system32\muvutani.dll
c:\windows\system32\vabozevo.dll
c:\windows\Xnujiteduzub.bin

.
((((((((((((((((((((((((( Files Created from 2009-03-09 to 2009-04-09 )))))))))))))))))))))))))))))))
.

2009-04-09 09:37 . 2009-04-09 09:37 <DIR> d-------- c:\documents and settings\Debbie\Application Data\Logs
2009-04-09 09:31 . 2009-04-09 09:31 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\AVGTOOLBAR
2009-04-08 17:50 . 2009-04-08 17:50 <DIR> d-------- C:\rsit
2009-04-08 17:50 . 2009-04-08 17:50 <DIR> d-------- c:\program files\trend micro
2009-04-06 01:13 . 2009-04-06 01:13 <DIR> d-------- c:\documents and settings\Andre'\Application Data\Logs
2009-03-31 09:51 . 2009-03-31 09:51 <DIR> d-------- c:\documents and settings\Damon & Darius\Application Data\Malwarebytes
2009-03-26 17:23 . 2009-03-26 17:23 <DIR> d-------- c:\documents and settings\Damon & Darius\Application Data\Apple Computer
2009-03-21 00:13 . 2009-03-21 00:13 <DIR> d-------- c:\program files\iPod
2009-03-21 00:12 . 2009-03-21 00:13 <DIR> d-------- c:\program files\iTunes
2009-03-21 00:12 . 2009-03-21 00:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-20 23:59 . 2009-03-20 23:59 <DIR> d-------- c:\program files\Safari
2009-03-20 23:56 . 2009-03-20 23:56 <DIR> d-------- c:\program files\Bonjour

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-09 14:34 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-09 13:59 --------- d-----w c:\program files\LimeWire
2009-04-09 13:51 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-04-08 21:32 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-04-06 19:32 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 19:32 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-04 20:06 --------- d-----w c:\program files\AIMTunes
2009-04-04 19:23 --------- d-----w c:\documents and settings\Andre'\Application Data\LimeWire
2009-03-21 04:12 --------- d-----w c:\program files\Common Files\Apple
2009-03-18 16:24 3,110 ----a-w c:\documents and settings\Andre'\Application Data\wklnhst.dat
2009-03-16 00:40 --------- d-----w c:\documents and settings\Damon & Darius\Application Data\Yahoo!
2009-03-12 07:36 --------- d-----w c:\documents and settings\Debbie\Application Data\AdobeUM
2009-03-12 07:35 --------- d-----w c:\program files\Google
2009-03-11 07:01 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-20 06:27 --------- d-----w c:\documents and settings\Andre'\Application Data\Apple Computer
2009-02-20 06:04 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-02-20 06:03 --------- d-----w c:\program files\QuickTime
2009-02-20 06:02 --------- d-----w c:\program files\Apple Software Update
2009-02-20 06:02 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2009-02-20 05:28 --------- d-----w c:\documents and settings\All Users\Application Data\QuickTime
2009-02-13 16:22 136 ----a-w c:\documents and settings\Debbie\Application Data\wklnhst.dat
2009-02-13 16:22 --------- d-----w c:\documents and settings\Debbie\Application Data\Template
2009-02-13 05:23 --------- d-----w c:\documents and settings\All Users\Application Data\eFax Messenger 4.3 Output
2009-02-11 23:49 --------- d-----w c:\documents and settings\Andre'\Application Data\Viewpoint
2009-02-10 03:37 --------- d-----w c:\documents and settings\Andre'\Application Data\QQ Games Plugin
2009-02-10 03:37 --------- d-----w c:\documents and settings\Andre'\Application Data\acccore
2009-02-10 03:37 --------- d-----w c:\documents and settings\All Users\Application Data\AOL OCP
2009-02-10 03:36 --------- d-----w c:\program files\Tencent
2009-02-10 03:36 --------- d-----w c:\program files\AIM6
2009-02-10 03:36 --------- d-----w c:\documents and settings\All Users\Application Data\Tencent
2009-02-10 03:35 --------- d-----w c:\documents and settings\All Users\Application Data\AOL Downloads
2009-02-10 03:34 --------- d-----w c:\program files\Common Files\Software Update Utility
2009-02-10 03:34 --------- d-----w c:\program files\Common Files\AOL
2009-02-10 03:34 --------- d-----w c:\program files\AIM Toolbar
2009-02-10 03:34 --------- d-----w c:\documents and settings\All Users\Application Data\AOL
2009-02-10 03:34 --------- d-----w c:\documents and settings\All Users\Application Data\AIM Toolbar
2009-02-10 03:34 --------- d-----w c:\documents and settings\All Users\Application Data\acccore
2009-02-09 19:59 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2008-07-17 06:06 61,224 ----a-w c:\documents and settings\Debbie\GoToAssistDownloadHelper.exe
2008-07-03 06:42 487,424 ----a-w c:\documents and settings\Andre'\GoToAssist_phone__268_en.exe
2008-04-08 00:05 0 ----a-w c:\program files\temp01
2008-01-17 20:31 439,296 ----a-w c:\documents and settings\Debbie\GoToAssist_phone__317_en.exe
2007-11-21 01:40 439,296 ----a-w c:\documents and settings\Andre'\GoToAssist_phone__317_en.exe
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of c:\documents and settings\Debbie\Application Data\Logs ----

2009-04-09 10:29 3739 --a------ c:\documents and settings\Debbie\Application Data\Logs\scns.log

---- Directory of c:\program files\temp01 ----

c:\program files\temp01\


((((((((((((((((((((((((((((( SnapShot@2009-04-09_10.26.00.37 )))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-06 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-23 7630848]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-23 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2007-07-12 26112]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-12 169984]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"eFax 4.3"="c:\program files\eFax Messenger 4.3\J2GDllCmd.exe" [2007-03-06 116224]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-09 1601304]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-06 177472]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312]
"nwiz"="nwiz.exe" [2006-08-23 c:\windows\system32\nwiz.exe]
"SigmatelSysTrayApp"="stsystra.exe" [2006-08-15 c:\windows\stsystra.exe]

c:\documents and settings\Andre'\Start Menu\Programs\Startup\
wkcalrem.LNK - c:\program files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2006-06-04 21504]

c:\documents and settings\Debbie\Start Menu\Programs\Startup\
Webshots.lnk - c:\program files\Webshots\Launcher.exe [2008-01-17 157008]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
eFax 4.3.lnk - c:\program files\eFax Messenger 4.3\J2GTray.exe [2008-02-12 629248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-09 15:59 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Tencent\\QQ Games\\QQGames.exe"=
"c:\\Program Files\\Tencent\\QQ Games\\QQGamesD.exe"=
"c:\\Program Files\\Tencent\\QQ Games\\Update\\Update.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Compact Wireless-G USB Adapter Wireless Network Monitor\\WUSB54GC.exe"=
"c:\\Program Files\\AIM6\\aolsoftware.exe"=
"c:\\Program Files\\iPod\\bin\\iPodService.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-07-20 325128]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-20 298264]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - GTNDIS5

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ebd30d1c-4926-11dd-92db-00038a000015}]
\Shell\AutoRun\command - E:\setupSNK.exe
.
Contents of the 'Scheduled Tasks' folder

2009-04-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.cnn.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070712
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Webshots Photo Search - c:\program files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Debbie\Application Data\Mozilla\Firefox\Profiles\07eetao2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-09 12:49:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
c:\program files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\program files\Google\Google Desktop Search\GoogleDesktopIndex.exe
c:\program files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
c:\progra~1\Webshots\Webshots.scr
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-04-09 12:51:31 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-09 16:51:29
ComboFix2.txt 2009-04-09 14:26:33

Pre-Run: 59,587,874,816 bytes free
Post-Run: 59,581,829,120 bytes free

222 --- E O F --- 2009-03-21 07:00:35


OTHER LOG REQUESTED


----a-w 82,944 2004-08-04 04:15:06 C:\i386\wdmaud.sys
----a-w 82,944 2006-06-14 09:17:04 C:\WINDOWS\$hf_mig$\KB920872\SP2QFE\wdmaud.sys
-c----w 82,944 2004-08-04 04:15:06 C:\WINDOWS\$NtUninstallKB920872$\wdmaud.sys
------w 82,944 2006-06-14 09:00:45 C:\WINDOWS\Driver Cache\i386\wdmaud.sys
----a-w 83,072 2008-04-13 19:17:18 C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\wdmaud.sys
----a-w 82,944 2006-06-14 09:00:45 C:\WINDOWS\system32\dllcache\wdmaud.sys
----a-w 82,944 2006-06-14 09:00:45 C:\WINDOWS\system32\drivers\wdmaud.sys

Entries: 7 (7)
Directories: 0 Files: 7
Bytes: 580,736 Blocks: 1,135

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,711 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:58 AM

Posted 09 April 2009 - 12:49 PM

Coming back to your question about having more than one account, I would like to hear the reason why she keeps more than one account but I think living in one house makes it easier to keep it clean and safe than otherwise.


Evrything looks good.
  • Go to Start => Run => Copy and paste the following text in the run box and click OK.

    cmd /c assoc. scr=scrfile

    A window flashes, it is normal

  • Go to start > run and copy and paste or type next command in the field then hit enter:

    ComboFix /u

    Note: There's a space between Combofix and /

    This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

    It also makes a clean Restore Point and flashes all the old restore points in order to prevent possible reinfection from an old one through system restore.

    The first reboot might be a little slow, the next one will be faster.

Optional Recommendations.
  • Your log looks clean. But your computer is still very much susceptible in particular to hacking and intrusion from outside. If you are not behind a router I strongly advise you to install a firewall before surfing. The windows firewall is not good enough. The Windows firewall provides protection from outside threats as long as the malware is not on your system. When the malware gets to your computer Windows firewall is no more effective. You find more information on firewalls below.
    Click for more information on:Understanding and Using Firewalls

    There are several good free programs available like:

    Sunbelt-Kerio
    (Note: You install the Sunbelt trial version but after the trial period it will revert back to free version.)

    Online Armor Free edition

  • Make sure you install all the security updates for Windows, Internet explorer & Microsoft Office.
    Whenever a security problem in its software is found, Microsoft will usually create a patch for it to that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC, so keeping up with these patches will help to prevent malicious software being installed on your PC. Windows XP Service Pack 2 is now outdated. Microsoft has released Service Pack 3 which has more features and is more secure than Service Pack 2.

    When installing SP3 disable your antivirus real-time/auto-protection and enable it again after installing SP3.

    In order to update Windows go to Start -> All Programs -> Windows Update wait the page to be loaded, then press Custom button. Windows searches your computer and gives you possible updates.

    Note: Before installing SP3 disable your antivirus real-time protection.

  • I recommend using Site Advisor for safe surfing. It is a free extension both for Internet Explorer and Firefox. When you search a site it gives you an indication of how safe a site is.

  • I recommend installing this small application for safe surfing: Javacoolsİ SpywareBlaster
    SpywareBlaster will add a large list of programs and sites into your Internet Explorer and Firefox settings and that will protect you from running and downloading known malicious programs. Update it manually (if you use the free version) once in 2-3 weeks and enable the restriction.
Please let me know ComboFix uninstalled properly.

I hope she enjoys surfing!

#9 Darkumas

Darkumas
  • Topic Starter

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 09 April 2009 - 12:59 PM

She has an account for everyone in the house. All her sons have their own account. I told her she should just use one.

Combofix did uninstall properly

#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,711 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:58 AM

Posted 09 April 2009 - 01:07 PM

It seams reasonable to have an account for everyone.

Do you have any other question before we close the thread?

#11 Darkumas

Darkumas
  • Topic Starter

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 09 April 2009 - 01:09 PM

No more questions. Thanks a lot Farbar, hopefully her other desktop doesn't get infected :thumbup2:

#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,711 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:58 AM

Posted 09 April 2009 - 01:15 PM

You are welcome Darkumas.

This thread will now be closed.

If you need this topic reopened, please send me a PM and I will reopen it for you. Include the address of this thread in your request.

If you should have a new issue, please start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users