Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde virus


  • This topic is locked This topic is locked
13 replies to this topic

#1 Chessca

Chessca

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 14 April 2009 - 06:42 PM

Hi. A few days ago I ran Spybot S&D (which I usually run about once a week) & it picked up Virtumonde with registry files & entries. Since then I have tried to use AVG, Spybot, & Live OneCare (Microsoft) to fix the issues. Spybot says that they are fixed but each time I reboot it is right back in the startup registry titled "senozama" & "feyimupa" & enabled to start-up at log-in. I really need help with removing these. Any help is very much appreciated. Thanks!


DDS (Ver_09-03-16.01) - NTFSx86
Run by Owner at 19:23:42.42 on Tue 04/14/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.766.217 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\Winamp Remote\bin\Orb.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Cobian Backup 8\Cobian.exe
C:\Program Files\Cobian Backup 8\cbInterface.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\9FR8QIY5\dds[1].scr

============== Pseudo HJT Report ===============

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: {717a0aad-9e65-4ad1-a514-fa5a78314c9a} - c:\windows\system32\nunayeta.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Orb] "c:\program files\winamp remote\bin\OrbTray.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [YMailAdvisor] "c:\program files\yahoo!\common\YMailAdvisor.exe"
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palmone\HOTSYNC.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1232405805875
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
Filter: text/html - {0997cbcb-7fe6-4303-a2fb-c802ce748314} - c:\windows\system32\dsound3dd.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\feyimupa.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\feyimupa.dll
LSA: Notification Packages = scecli c:\windows\system32\vopeside.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-17 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-1-17 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-1-17 107272]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-1-17 903960]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-1-17 298264]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-1-19 24652]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]

=============== Created Last 30 ================

2009-04-14 19:11 <DIR> --d----- c:\program files\Cobian Backup 8
2009-04-14 19:08 <DIR> --d----- c:\program files\Cobian Backup 5
2009-04-13 06:20 <DIR> --d----- c:\program files\Common
2009-03-20 20:03 73,728 a------- c:\windows\system32\javacpl.cpl

==================== Find3M ====================

2009-04-13 19:29 64,000 a--sh--- c:\windows\system32\pulovuwi.exe
2009-04-13 07:14 63,488 a--sh--- c:\windows\system32\wumugaka.exe
2009-04-12 19:14 64,000 a--sh--- c:\windows\system32\gutenadu.exe
2009-04-12 19:14 109,056 a--sh--- c:\windows\system32\pikumivu.dll
2009-04-12 07:14 102,400 a--sh--- c:\windows\system32\dilevuso.dll
2009-04-11 19:14 70,656 a--sh--- c:\windows\system32\kinotige.dll
2009-04-10 21:48 100,864 a--sh--- c:\windows\system32\vumeburi.dll
2009-04-10 21:48 61,952 a--sh--- c:\windows\system32\kuzeyogi.exe
2009-03-20 20:03 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-01-31 22:43 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-01-17 01:44 21,640 a------- c:\windows\system32\emptyregdb.dat

============= FINISH: 19:24:19.14 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:12:34 AM

Posted 16 April 2009 - 01:03 AM

Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.



NEXT


Please download GMER and unzip it to your Desktop. <<mirror>>
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.
IMPORTANT: Do NOT run any program while you are doing these scans as it may interfere with the output results



Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GMER result..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 Chessca

Chessca
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 16 April 2009 - 10:00 PM

Thanks a lot for your prompt response. Here is the Malewarebyte's Log:

Malwarebytes' Anti-Malware 1.36
Database version: 1992
Windows 5.1.2600 Service Pack 3

4/16/2009 10:18:46 PM
mbam-log-2009-04-16 (22-18-46).txt

Scan type: Full Scan (A:\|C:\|D:\|E:\|)
Objects scanned: 106643
Time elapsed: 30 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 7
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\dsound3dd.dll (Trojan.Downloader) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{717a0aad-9e65-4ad1-a514-fa5a78314c9a} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{717a0aad-9e65-4ad1-a514-fa5a78314c9a} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{986a8ac1-ab4d-4f41-9068-4b01c0197867} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0997cbcb-7fe6-4303-a2fb-c802ce748314} (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\kinotige.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dsound3dd.dll (Trojan.Downloader) -> Delete on reboot.

#4 Chessca

Chessca
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 16 April 2009 - 10:05 PM

RSIT log

Logfile of random's system information tool 1.06 (written by random/random)
Run by Owner at 2009-04-16 22:25:56
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 45 GB (78%) free of 57 GB
Total RAM: 766 MB (36% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:26:21 PM, on 4/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\Winamp Remote\bin\Orb.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\F200JJAU\RSIT[1].exe
C:\Program Files\trend micro\Owner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [YMailAdvisor] "C:\Program Files\Yahoo!\Common\YMailAdvisor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [zuzosifofu] Rundll32.exe "C:\WINDOWS\system32\gekujoni.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [zuzosifofu] Rundll32.exe "C:\WINDOWS\system32\gekujoni.dll",s (User 'NETWORK SERVICE')
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1232405805875
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter hijack: text/html - {0997cbcb-7fe6-4303-a2fb-c802ce748314} - (no file)
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 7296 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2009-03-13 908528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-01-31 1078552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-11-07 110652]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2009-01-31 1968920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-20 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-20 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2009-03-13 165616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BA52B914-B692-46c4-B683-905236F6F655}
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2009-01-31 1968920]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2009-03-13 908528]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2005-06-22 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-06-22 126976]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-11-07 122940]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-07-27 81920]
"DMXLauncher"=C:\Program Files\Dell\Media Experience\DMXLauncher.exe [2005-11-01 94208]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2008-08-03 36352]
"DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2006-04-06 49152]
"YMailAdvisor"=C:\Program Files\Yahoo!\Common\YMailAdvisor.exe [2008-06-05 125208]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"Orb"=C:\Program Files\Winamp Remote\bin\OrbTray.exe [2008-03-31 507904]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\5c875ff2]
C:\WINDOWS\system32\senozama.dll,b []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\AIM6\aim6.exe [2008-10-21 50472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPM5fb46c6e]
c:\windows\system32\feyimupa.dll,a []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zuzosifofu]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Forget-Me-Not Flowerpot.lnk]
[]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup
HotSync Manager.lnk - C:\Program Files\palmOne\HOTSYNC.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-01-31 10520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2005-06-22 348160]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\WINDOWS\system32\vopeside.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Documents and Settings\Owner\My Documents\My Music\LimeWire\LimeWire.exe"="C:\Documents and Settings\Owner\My Documents\My Music\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 3 months======

2009-04-16 22:25:57 ----D---- C:\Program Files\trend micro
2009-04-16 22:25:56 ----D---- C:\rsit
2009-04-16 21:45:48 ----D---- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2009-04-16 21:45:33 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-04-16 21:45:33 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-04-14 19:11:28 ----D---- C:\Program Files\Cobian Backup 8
2009-04-14 19:08:09 ----D---- C:\Program Files\Cobian Backup 5
2009-04-13 06:20:29 ----D---- C:\Program Files\Common
2009-04-12 22:09:08 ----D---- C:\Program Files\Windows Live Safety Center
2009-04-12 21:55:42 ----D---- C:\WINDOWS\Prefetch
2009-04-12 11:37:12 ----D---- C:\Config.Msi
2009-04-09 23:19:56 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2009-03-20 20:03:31 ----A---- C:\WINDOWS\system32\javaws.exe
2009-03-20 20:03:31 ----A---- C:\WINDOWS\system32\javaw.exe
2009-03-20 20:03:31 ----A---- C:\WINDOWS\system32\java.exe
2009-03-20 20:03:27 ----D---- C:\Program Files\Java
2009-03-17 19:26:47 ----D---- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2009-03-11 00:02:59 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-03-11 00:02:50 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-03-11 00:02:40 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-03-11 00:02:10 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
2009-02-26 10:16:35 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-02-12 01:12:38 ----D---- C:\Documents and Settings\Owner\Application Data\com.adobe.example.Forget-Me-Not-Flowerpot.7BA4C4142CD09162D0640E271AB2BF6AABA58333.1
2009-02-12 01:07:22 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-02-11 19:14:22 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-02-04 01:12:54 ----D---- C:\Program Files\Real
2009-02-04 01:12:54 ----A---- C:\WINDOWS\system32\pncrt.dll
2009-02-04 01:12:49 ----D---- C:\Documents and Settings\Owner\Application Data\Real
2009-02-04 01:12:48 ----D---- C:\Program Files\Common Files\Real
2009-02-04 00:45:49 ----D---- C:\Documents and Settings\Owner\Application Data\Arcsoft
2009-02-04 00:13:37 ----A---- C:\WINDOWS\QuickInstall.INI
2009-02-04 00:08:24 ----D---- C:\Program Files\palmOne
2009-01-23 16:18:24 ----D---- C:\WINDOWS\ie7updates
2009-01-23 16:17:41 ----D---- C:\WINDOWS\WBEM
2009-01-23 16:16:29 ----HDC---- C:\WINDOWS\ie7
2009-01-23 16:16:10 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2009-01-23 16:15:49 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2009-01-20 21:46:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-01-20 21:43:41 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-01-20 21:35:03 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2009-01-20 21:35:03 ----A---- C:\WINDOWS\system32\mucltui.dll
2009-01-20 21:33:24 ----A---- C:\WINDOWS\system32\igfxres.dll
2009-01-19 20:06:19 ----A---- C:\WINDOWS\system32\iAlmCoIn_v4342.dll
2009-01-19 20:06:17 ----D---- C:\Drivers
2009-01-19 19:37:14 ----A---- C:\WINDOWS\system32\wmpns.dll
2009-01-19 19:32:58 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$
2009-01-19 19:32:50 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-01-19 19:32:43 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-01-19 19:32:35 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2009-01-19 19:32:27 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-01-19 19:32:18 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2009-01-19 19:32:09 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-01-19 19:32:01 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-01-19 19:31:51 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-01-19 19:31:43 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-01-19 19:31:34 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2009-01-19 19:31:27 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-01-19 19:31:18 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-01-19 19:31:09 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-01-19 19:31:01 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-01-19 19:30:54 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-01-19 19:30:47 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-01-19 19:30:41 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-01-19 19:30:34 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-01-19 19:30:27 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-01-19 19:30:20 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2009-01-19 19:26:37 ----D---- C:\WINDOWS\system32\en-us
2009-01-19 19:26:36 ----D---- C:\WINDOWS\system32\scripting
2009-01-19 19:26:36 ----D---- C:\WINDOWS\l2schemas
2009-01-19 19:26:35 ----D---- C:\WINDOWS\system32\en
2009-01-19 19:26:34 ----D---- C:\WINDOWS\system32\bits
2009-01-19 19:22:54 ----D---- C:\WINDOWS\ServicePackFiles
2009-01-19 19:20:30 ----D---- C:\WINDOWS\network diagnostic
2009-01-19 19:14:21 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-01-19 19:14:19 ----D---- C:\WINDOWS\EHome
2009-01-19 18:54:09 ----D---- C:\Documents and Settings\Owner\Application Data\Leadertech
2009-01-19 01:44:40 ----D---- C:\Documents and Settings\Owner\Application Data\acccore
2009-01-19 01:44:04 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2009-01-19 01:44:02 ----D---- C:\Program Files\Viewpoint
2009-01-19 01:44:02 ----D---- C:\Documents and Settings\All Users\Application Data\acccore
2009-01-19 01:43:53 ----D---- C:\Documents and Settings\All Users\Application Data\AOL OCP
2009-01-19 01:43:53 ----D---- C:\Documents and Settings\All Users\Application Data\AOL
2009-01-19 01:43:06 ----D---- C:\Program Files\AIM6
2009-01-18 23:22:36 ----HD---- C:\$AVG8.VAULT$
2009-01-18 22:44:41 ----D---- C:\Documents and Settings\All Users\Application Data\Winamp Toolbar
2009-01-18 22:44:18 ----D---- C:\Documents and Settings\All Users\Application Data\OrbNetworks
2009-01-18 22:44:13 ----D---- C:\Program Files\Winamp Remote
2009-01-18 22:43:05 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2009-01-18 22:43:05 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2009-01-18 22:43:05 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2009-01-18 22:43:05 ----N---- C:\WINDOWS\system32\pxafs.dll
2009-01-18 22:42:58 ----D---- C:\Program Files\Winamp
2009-01-18 22:42:58 ----D---- C:\Documents and Settings\Owner\Application Data\Winamp
2009-01-18 20:08:46 ----D---- C:\Documents and Settings\Owner\Application Data\LimeWire
2009-01-18 20:08:29 ----D---- C:\WINDOWS\Sun
2009-01-18 20:08:14 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-01-18 20:07:18 ----D---- C:\Documents and Settings\Owner\Application Data\Sun
2009-01-18 20:05:17 ----D---- C:\Program Files\LimeWire
2009-01-18 16:35:50 ----D---- C:\Documents and Settings\Owner\Application Data\Move Networks
2009-01-17 23:46:29 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2009-01-17 18:00:31 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$
2009-01-17 18:00:25 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2009-01-17 18:00:20 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2009-01-17 18:00:15 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2009-01-17 18:00:08 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-01-17 18:00:02 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2009-01-17 17:59:47 ----HDC---- C:\WINDOWS\$NtUninstallKB958215_0$
2009-01-17 17:59:35 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2009-01-17 17:59:29 ----HDC---- C:\WINDOWS\$NtUninstallKB951698_0$
2009-01-17 17:59:23 ----HDC---- C:\WINDOWS\$NtUninstallKB954211_0$
2009-01-17 17:59:13 ----HDC---- C:\WINDOWS\$NtUninstallKB956841_0$
2009-01-17 17:58:26 ----HDC---- C:\WINDOWS\$NtUninstallKB960714_0$
2009-01-17 17:58:03 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-01-17 17:57:08 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-01-17 17:56:55 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$
2009-01-17 17:56:50 ----HDC---- C:\WINDOWS\$NtUninstallKB957097_0$
2009-01-17 17:56:45 ----HDC---- C:\WINDOWS\$NtUninstallKB958687_0$
2009-01-17 17:56:39 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2009-01-17 17:56:34 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2009-01-17 17:56:20 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2009-01-17 17:56:13 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$
2009-01-17 17:56:07 ----HDC---- C:\WINDOWS\$NtUninstallKB938464_0$
2009-01-17 17:56:01 ----HDC---- C:\WINDOWS\$NtUninstallKB954600_0$
2009-01-17 17:55:55 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
2009-01-17 17:55:48 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_0$
2009-01-17 17:55:42 ----HDC---- C:\WINDOWS\$NtUninstallKB956802_0$
2009-01-17 17:55:37 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2009-01-17 17:55:30 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2009-01-17 17:55:09 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2009-01-17 17:43:36 ----A---- C:\WINDOWS\system32\CNMVS47.DLL
2009-01-17 17:43:36 ----A---- C:\WINDOWS\system32\CNMLM47.DLL
2009-01-17 17:43:35 ----A---- C:\WINDOWS\system32\CNMCP47.exe
2009-01-17 17:43:34 ----HD---- C:\Documents and Settings\All Users\Application Data\CanonBJ
2009-01-17 16:53:28 ----D---- C:\Program Files\Microsoft Works
2009-01-17 16:53:02 ----D---- C:\Program Files\Microsoft Visual Studio
2009-01-17 16:53:02 ----D---- C:\Program Files\Common Files\DESIGNER
2009-01-17 16:51:54 ----D---- C:\Program Files\Microsoft.NET
2009-01-17 16:47:51 ----D---- C:\WINDOWS\SHELLNEW
2009-01-17 16:46:41 ----D---- C:\Program Files\Microsoft Office
2009-01-17 16:46:40 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-01-17 16:45:52 ----RHD---- C:\MSOCache
2009-01-17 16:23:02 ----D---- C:\WINDOWS\system32\PreInstall
2009-01-17 16:23:00 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2009-01-17 15:51:53 ----RSD---- C:\WINDOWS\assembly
2009-01-17 15:51:52 ----D---- C:\WINDOWS\Microsoft.NET
2009-01-17 15:51:51 ----D---- C:\WINDOWS\system32\URTTemp
2009-01-17 15:46:14 ----D---- C:\Documents and Settings\Owner\Application Data\Macromedia
2009-01-17 15:31:03 ----D---- C:\WINDOWS\pss
2009-01-17 15:23:16 ----D---- C:\Documents and Settings\Owner\Application Data\Yahoo!
2009-01-17 15:20:05 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-01-17 15:20:05 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-17 15:19:17 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2009-01-17 15:19:08 ----D---- C:\Program Files\Yahoo!
2009-01-17 15:09:19 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-01-17 15:09:07 ----D---- C:\Documents and Settings\Owner\Application Data\AVGTOOLBAR
2009-01-17 15:09:00 ----D---- C:\Program Files\AVG
2009-01-17 15:08:59 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-01-17 14:40:36 ----HDC---- C:\WINDOWS\$NtUninstallKB926239$
2009-01-17 14:40:28 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-01-17 14:40:24 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2009-01-17 14:40:08 ----D---- C:\Program Files\Windows Media Connect 2
2009-01-17 14:39:57 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2009-01-17 14:39:02 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2009-01-17 14:38:24 ----D---- C:\WINDOWS\system32\LogFiles
2009-01-17 14:38:14 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2009-01-17 14:38:12 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2009-01-17 14:37:25 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2009-01-17 13:48:42 ----D---- C:\Documents and Settings\Owner\Application Data\AdobeUM
2009-01-17 13:48:32 ----D---- C:\Documents and Settings\Owner\Application Data\Adobe
2009-01-17 13:48:30 ----D---- C:\Program Files\Common Files\Adobe
2009-01-17 13:27:54 ----D---- C:\Program Files\Sonic
2009-01-17 13:27:21 ----A---- C:\WINDOWS\system32\ksuser.dll
2009-01-17 13:27:18 ----D---- C:\Program Files\Analog Devices
2009-01-17 13:27:18 ----A---- C:\WINDOWS\system32\DSndUp.exe
2009-01-17 13:27:18 ----A---- C:\WINDOWS\system32\CleanUp.exe
2009-01-17 13:27:18 ----A---- C:\WINDOWS\system32\a3d.dll
2009-01-17 13:12:48 ----D---- C:\Documents and Settings\All Users\Application Data\InstallShield
2009-01-17 13:12:11 ----D---- C:\Documents and Settings\All Users\Application Data\Sonic
2009-01-17 13:11:45 ----D---- C:\Program Files\Common Files\TiVo Shared
2009-01-17 13:11:42 ----D---- C:\Program Files\Common Files\Roxio Shared
2009-01-17 13:10:53 ----D---- C:\WINDOWS\system32\DLA
2009-01-17 13:10:53 ----A---- C:\WINDOWS\wininit.ini
2009-01-17 13:10:53 ----A---- C:\WINDOWS\system32\DLAAPI_W.DLL
2009-01-17 13:10:53 ----A---- C:\WINDOWS\DLA.EXE
2009-01-17 13:09:45 ----D---- C:\Program Files\Roxio
2009-01-17 13:09:42 ----D---- C:\Program Files\Common Files\Sonic Shared
2009-01-17 13:07:47 ----D---- C:\Program Files\Intel
2009-01-17 13:01:10 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2009-01-17 03:22:27 ----A---- C:\WINDOWS\ModemLog_Conexant SmartHSFi V.9x 56K DF PCI Modem.txt
2009-01-17 03:10:56 ----D---- C:\Program Files\Dell Movie Studio
2009-01-17 02:33:34 ----D---- C:\Program Files\CONEXANT
2009-01-17 02:33:26 ----A---- C:\WINDOWS\system32\mdmxsdk.dll
2009-01-17 02:33:26 ----A---- C:\WINDOWS\system32\HSFCI006.dll
2009-01-17 02:16:53 ----SHD---- C:\RECYCLER
2009-01-17 02:15:17 ----D---- C:\WINDOWS\RegisteredPackages
2009-01-17 02:14:47 ----D---- C:\Program Files\Dell
2009-01-17 02:14:47 ----A---- C:\WINDOWS\UNWISE.EXE
2009-01-17 02:14:25 ----D---- C:\Program Files\MUSICMATCH
2009-01-17 02:14:07 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee.com
2009-01-17 02:04:16 ----D---- C:\Program Files\Common Files\AOL
2009-01-17 02:04:13 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-01-17 02:04:10 ----D---- C:\Program Files\Adobe
2009-01-17 02:01:57 ----RA---- C:\WINDOWS\system32\hhactivex.dll
2009-01-17 02:01:56 ----A---- C:\WINDOWS\system32\RcdScan.dll
2009-01-17 02:01:55 ----A---- C:\WINDOWS\system32\VB5DB.DLL
2009-01-17 02:00:55 ----D---- C:\Documents and Settings\Owner\Application Data\CyberLink
2009-01-17 02:00:24 ----D---- C:\Program Files\CyberLink
2009-01-17 01:57:36 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-01-17 01:57:28 ----D---- C:\WINDOWS\Drivers
2009-01-17 01:57:28 ----A---- C:\WINDOWS\system32\igfxzoom.exe
2009-01-17 01:57:28 ----A---- C:\WINDOWS\system32\igfxtray.exe
2009-01-17 01:57:28 ----A---- C:\WINDOWS\system32\igfxsrvc.dll
2009-01-17 01:57:28 ----A---- C:\WINDOWS\system32\igfxress.dll
2009-01-17 01:57:28 ----A---- C:\WINDOWS\system32\igfxpph.dll
2009-01-17 01:57:28 ----A---- C:\WINDOWS\system32\igfxhk.dll
2009-01-17 01:57:28 ----A---- C:\WINDOWS\system32\igfxext.exe
2009-01-17 01:57:28 ----A---- C:\WINDOWS\system32\igfxexps.dll
2009-01-17 01:57:28 ----A---- C:\WINDOWS\system32\igfxeud.dll
2009-01-17 01:57:28 ----A---- C:\WINDOWS\system32\igfxdo.dll
2009-01-17 01:57:28 ----A---- C:\WINDOWS\system32\igfxdiag.exe
2009-01-17 01:57:28 ----A---- C:\WINDOWS\system32\igfxdgps.dll
2009-01-17 01:57:28 ----A---- C:\WINDOWS\system32\igfxdev.dll
2009-01-17 01:57:28 ----A---- C:\WINDOWS\system32\igfxcfg.exe
2009-01-17 01:57:28 ----A---- C:\WINDOWS\system32\ialmrnt5.dll
2009-01-17 01:57:28 ----A---- C:\WINDOWS\system32\ialmrem.dll
2009-01-17 01:57:28 ----A---- C:\WINDOWS\system32\ialmgicd.dll
2009-01-17 01:57:28 ----A---- C:\WINDOWS\system32\ialmgdev.dll
2009-01-17 01:57:28 ----A---- C:\WINDOWS\system32\ialmdnt5.dll
2009-01-17 01:57:28 ----A---- C:\WINDOWS\system32\ialmdev5.dll
2009-01-17 01:57:28 ----A---- C:\WINDOWS\system32\ialmdd5.dll
2009-01-17 01:57:28 ----A---- C:\WINDOWS\system32\iAlmCoIn_v3762.dll
2009-01-17 01:57:28 ----A---- C:\WINDOWS\system32\hkcmd.exe
2009-01-17 01:57:28 ----A---- C:\WINDOWS\system32\hccutils.dll
2009-01-17 01:54:59 ----HD---- C:\Program Files\InstallShield Installation Information
2009-01-17 01:54:56 ----D---- C:\Program Files\Broadcom
2009-01-17 01:54:49 ----D---- C:\Program Files\Common Files\InstallShield
2009-01-17 01:52:26 ----D---- C:\Documents and Settings\Owner\Application Data\Identities
2009-01-17 01:52:24 ----HD---- C:\Program Files\Uninstall Information
2009-01-17 01:52:17 ----ASH---- C:\Documents and Settings\Owner\Application Data\desktop.ini
2009-01-17 01:52:16 ----SD---- C:\Documents and Settings\Owner\Application Data\Microsoft
2009-01-17 01:52:10 ----D---- C:\WINDOWS\SoftwareDistribution
2009-01-17 01:52:07 ----SD---- C:\WINDOWS\system32\Microsoft
2009-01-17 01:52:07 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-17 01:48:52 ----D---- C:\WINDOWS\system32\xircom
2009-01-17 01:48:52 ----D---- C:\Program Files\xerox
2009-01-17 01:48:52 ----D---- C:\Program Files\microsoft frontpage
2009-01-17 01:48:49 ----D---- C:\DELL
2009-01-17 01:48:35 ----HD---- C:\WINDOWS\$hf_mig$
2009-01-17 01:48:32 ----A---- C:\WINDOWS\system32\xpsp3res.dll
2009-01-17 01:48:20 ----A---- C:\WINDOWS\control.ini
2009-01-17 01:48:20 ----A---- C:\AUTOEXEC.BAT
2009-01-17 01:48:03 ----A---- C:\WINDOWS\OEWABLog.txt
2009-01-17 01:47:59 ----A---- C:\WINDOWS\system32\mapi32.dll
2009-01-17 01:47:01 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-01-17 01:47:01 ----RD---- C:\WINDOWS\Offline Web Pages
2009-01-17 01:47:01 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-01-17 01:46:54 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-01-17 01:46:49 ----HD---- C:\Program Files\WindowsUpdate
2009-01-17 01:46:29 ----D---- C:\WINDOWS\system32\DirectX
2009-01-17 01:45:55 ----A---- C:\WINDOWS\system32\atrace.dll
2009-01-17 01:45:49 ----A---- C:\WINDOWS\system32\desktop.ini
2009-01-17 01:45:49 ----A---- C:\WINDOWS\desktop.ini
2009-01-17 01:45:41 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2009-01-17 01:45:40 ----A---- C:\WINDOWS\system32\acctres.dll
2009-01-17 01:45:38 ----D---- C:\Program Files\Common Files\Services
2009-01-17 01:45:36 ----SD---- C:\WINDOWS\Tasks
2009-01-17 01:45:36 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2009-01-17 01:45:34 ----D---- C:\Program Files\Common Files\MSSoap
2009-01-17 01:45:28 ----D---- C:\WINDOWS\srchasst
2009-01-17 01:45:26 ----D---- C:\WINDOWS\system32\Macromed
2009-01-17 01:45:21 ----A---- C:\WINDOWS\system32\wuweb.dll
2009-01-17 01:45:21 ----A---- C:\WINDOWS\system32\wucltui.dll
2009-01-17 01:45:21 ----A---- C:\WINDOWS\system32\wuauserv.dll
2009-01-17 01:45:21 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2009-01-17 01:45:20 ----A---- C:\WINDOWS\system32\wups.dll
2009-01-17 01:45:20 ----A---- C:\WINDOWS\system32\wuaueng.dll
2009-01-17 01:45:20 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2009-01-17 01:45:20 ----A---- C:\WINDOWS\system32\wuauclt.exe
2009-01-17 01:45:20 ----A---- C:\WINDOWS\system32\wuapi.dll
2009-01-17 01:45:19 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2009-01-17 01:45:19 ----A---- C:\WINDOWS\system32\qmgr.dll
2009-01-17 01:45:19 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2009-01-17 01:45:19 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2009-01-17 01:45:08 ----D---- C:\Program Files\Movie Maker
2009-01-17 01:45:02 ----A---- C:\WINDOWS\system32\safrslv.dll
2009-01-17 01:45:02 ----A---- C:\WINDOWS\system32\safrdm.dll
2009-01-17 01:45:02 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2009-01-17 01:45:02 ----A---- C:\WINDOWS\system32\racpldlg.dll
2009-01-17 01:44:58 ----A---- C:\WINDOWS\system32\fltmc.exe
2009-01-17 01:44:58 ----A---- C:\WINDOWS\system32\fltlib.dll
2009-01-17 01:44:57 ----D---- C:\WINDOWS\system32\Restore
2009-01-17 01:44:57 ----A---- C:\WINDOWS\system32\srsvc.dll
2009-01-17 01:44:57 ----A---- C:\WINDOWS\system32\srrstr.dll
2009-01-17 01:44:57 ----A---- C:\WINDOWS\system32\srclient.dll
2009-01-17 01:44:55 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2009-01-17 01:44:55 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2009-01-17 01:44:55 ----A---- C:\WINDOWS\system32\mnmdd.dll
2009-01-17 01:44:55 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2009-01-17 01:44:55 ----A---- C:\WINDOWS\system32\ils.dll
2009-01-17 01:44:54 ----A---- C:\WINDOWS\system32\msconf.dll
2009-01-17 01:44:52 ----D---- C:\Program Files\NetMeeting
2009-01-17 01:44:51 ----A---- C:\WINDOWS\system32\msoert2.dll
2009-01-17 01:44:51 ----A---- C:\WINDOWS\system32\msoeacct.dll
2009-01-17 01:44:50 ----A---- C:\WINDOWS\system32\inetres.dll
2009-01-17 01:44:49 ----A---- C:\WINDOWS\system32\inetcomm.dll
2009-01-17 01:44:47 ----D---- C:\Program Files\Outlook Express
2009-01-17 01:44:47 ----A---- C:\WINDOWS\system32\schedsvc.dll
2009-01-17 01:44:45 ----A---- C:\WINDOWS\system32\mstinit.exe
2009-01-17 01:44:45 ----A---- C:\WINDOWS\system32\mstask.dll
2009-01-17 01:44:44 ----A---- C:\WINDOWS\system32\isign32.dll
2009-01-17 01:44:44 ----A---- C:\WINDOWS\system32\icwphbk.dll
2009-01-17 01:44:44 ----A---- C:\WINDOWS\system32\icwdial.dll
2009-01-17 01:44:43 ----A---- C:\WINDOWS\system32\inetcfg.dll
2009-01-17 01:44:35 ----D---- C:\Program Files\Common Files\System
2009-01-17 01:44:32 ----D---- C:\Program Files\Internet Explorer
2009-01-17 01:44:19 ----D---- C:\Program Files\ComPlus Applications
2009-01-17 01:44:17 ----A---- C:\WINDOWS\vbaddin.ini
2009-01-17 01:44:17 ----A---- C:\WINDOWS\vb.ini
2009-01-17 01:44:12 ----D---- C:\WINDOWS\Registration
2009-01-17 01:43:38 ----D---- C:\Program Files\Windows Media Player
2009-01-17 01:43:38 ----D---- C:\Program Files\Online Services
2009-01-17 01:43:33 ----D---- C:\Program Files\Messenger
2009-01-17 01:43:30 ----D---- C:\Program Files\MSN Gaming Zone
2009-01-17 01:43:30 ----A---- C:\WINDOWS\system32\write.exe
2009-01-17 01:43:22 ----A---- C:\WINDOWS\system32\sndvol32.exe
2009-01-17 01:43:22 ----A---- C:\WINDOWS\system32\hticons.dll
2009-01-17 01:43:22 ----A---- C:\WINDOWS\system32\avwav.dll
2009-01-17 01:43:22 ----A---- C:\WINDOWS\system32\avtapi.dll
2009-01-17 01:43:22 ----A---- C:\WINDOWS\system32\avmeter.dll
2009-01-17 01:43:21 ----A---- C:\WINDOWS\system32\winchat.exe
2009-01-17 01:43:16 ----A---- C:\WINDOWS\system32\getuname.dll
2009-01-17 01:43:16 ----A---- C:\WINDOWS\system32\charmap.exe
2009-01-17 01:43:16 ----A---- C:\WINDOWS\system32\calc.exe
2009-01-17 01:43:15 ----A---- C:\WINDOWS\system32\winmine.exe
2009-01-17 01:43:15 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2009-01-17 01:43:15 ----A---- C:\WINDOWS\system32\sol.exe
2009-01-17 01:43:15 ----A---- C:\WINDOWS\system32\reset.exe
2009-01-17 01:43:15 ----A---- C:\WINDOWS\system32\mshearts.exe
2009-01-17 01:43:15 ----A---- C:\WINDOWS\system32\freecell.exe
2009-01-17 01:43:14 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2009-01-17 01:43:14 ----A---- C:\WINDOWS\system32\tslabels.ini
2009-01-17 01:43:14 ----A---- C:\WINDOWS\system32\tskill.exe
2009-01-17 01:43:14 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2009-01-17 01:43:14 ----A---- C:\WINDOWS\system32\tscon.exe
2009-01-17 01:43:14 ----A---- C:\WINDOWS\system32\shadow.exe
2009-01-17 01:43:14 ----A---- C:\WINDOWS\system32\rwinsta.exe
2009-01-17 01:43:14 ----A---- C:\WINDOWS\system32\regini.exe
2009-01-17 01:43:14 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2009-01-17 01:43:14 ----A---- C:\WINDOWS\system32\qwinsta.exe
2009-01-17 01:43:14 ----A---- C:\WINDOWS\system32\qappsrv.exe
2009-01-17 01:43:14 ----A---- C:\WINDOWS\system32\msg.exe
2009-01-17 01:43:14 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2009-01-17 01:43:14 ----A---- C:\WINDOWS\system32\logoff.exe
2009-01-17 01:43:14 ----A---- C:\WINDOWS\system32\cdmodem.dll
2009-01-17 01:43:13 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2009-01-17 01:43:13 ----A---- C:\WINDOWS\system32\mtxex.dll
2009-01-17 01:43:13 ----A---- C:\WINDOWS\system32\mtxdm.dll
2009-01-17 01:43:13 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2009-01-17 01:43:13 ----A---- C:\WINDOWS\system32\comrepl.dll
2009-01-17 01:43:13 ----A---- C:\WINDOWS\system32\comaddin.dll
2009-01-17 01:43:12 ----A---- C:\WINDOWS\system32\stclient.dll
2009-01-17 01:43:12 ----A---- C:\WINDOWS\system32\comsnap.dll
2009-01-17 01:43:08 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2009-01-17 01:42:58 ----D---- C:\Program Files\MSN
2009-01-17 01:42:57 ----A---- C:\WINDOWS\system32\sndrec32.exe
2009-01-17 01:42:57 ----A---- C:\WINDOWS\system32\mplay32.exe
2009-01-17 01:42:57 ----A---- C:\WINDOWS\system32\accwiz.exe
2009-01-17 01:42:56 ----D---- C:\Program Files\Windows NT
2009-01-17 01:42:56 ----A---- C:\WINDOWS\system32\mspaint.exe
2009-01-17 01:42:56 ----A---- C:\WINDOWS\system32\hypertrm.dll
2009-01-17 01:42:56 ----A---- C:\WINDOWS\system32\clipbrd.exe
2009-01-17 01:42:55 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2009-01-17 01:42:55 ----A---- C:\WINDOWS\system32\spider.exe
2009-01-17 01:42:55 ----A---- C:\WINDOWS\system32\mstscax.dll
2009-01-17 01:42:54 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2009-01-17 01:42:54 ----A---- C:\WINDOWS\system32\termsrv.dll
2009-01-17 01:42:54 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-01-17 01:42:54 ----A---- C:\WINDOWS\system32\remotepg.dll
2009-01-17 01:42:54 ----A---- C:\WINDOWS\system32\rdshost.exe
2009-01-17 01:42:54 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2009-01-17 01:42:54 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2009-01-17 01:42:54 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2009-01-17 01:42:54 ----A---- C:\WINDOWS\system32\rdpclip.exe
2009-01-17 01:42:54 ----A---- C:\WINDOWS\system32\rdchost.dll
2009-01-17 01:42:54 ----A---- C:\WINDOWS\system32\qprocess.exe
2009-01-17 01:42:54 ----A---- C:\WINDOWS\system32\mstsc.exe
2009-01-17 01:42:53 ----D---- C:\WINDOWS\system32\MsDtc
2009-01-17 01:42:53 ----A---- C:\WINDOWS\system32\mtxoci.dll
2009-01-17 01:42:53 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2009-01-17 01:42:53 ----A---- C:\WINDOWS\system32\msdtctm.dll
2009-01-17 01:42:53 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2009-01-17 01:42:53 ----A---- C:\WINDOWS\system32\icaapi.dll
2009-01-17 01:42:53 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2009-01-17 01:42:52 ----D---- C:\WINDOWS\system32\Com
2009-01-17 01:42:52 ----A---- C:\WINDOWS\system32\xolehlp.dll
2009-01-17 01:42:52 ----A---- C:\WINDOWS\system32\msdtclog.dll
2009-01-17 01:42:52 ----A---- C:\WINDOWS\system32\msdtc.exe
2009-01-17 01:42:52 ----A---- C:\WINDOWS\system32\colbact.dll
2009-01-17 01:42:52 ----A---- C:\WINDOWS\system32\catsrvps.dll
2009-01-17 01:42:51 ----A---- C:\WINDOWS\system32\comsvcs.dll
2009-01-17 01:42:51 ----A---- C:\WINDOWS\system32\clbcatex.dll
2009-01-17 01:42:51 ----A---- C:\WINDOWS\system32\catsrvut.dll
2009-01-17 01:42:51 ----A---- C:\WINDOWS\system32\catsrv.dll
2009-01-17 01:42:50 ----A---- C:\WINDOWS\system32\comuid.dll
2009-01-17 01:42:50 ----A---- C:\WINDOWS\system32\clbcatq.dll
2009-01-17 01:42:46 ----A---- C:\WINDOWS\system32\servdeps.dll
2009-01-17 01:42:46 ----A---- C:\WINDOWS\system32\mmfutil.dll
2009-01-17 01:42:46 ----A---- C:\WINDOWS\system32\licwmi.dll
2009-01-17 01:42:46 ----A---- C:\WINDOWS\system32\cmprops.dll

======List of files/folders modified in the last 3 months======

2009-04-16 22:25:57 ----RD---- C:\Program Files
2009-04-16 22:20:52 ----D---- C:\WINDOWS\system32\drivers
2009-04-16 22:20:52 ----D---- C:\WINDOWS\system32
2009-04-16 21:40:51 ----D---- C:\WINDOWS\Temp
2009-04-15 21:17:49 ----SH---- C:\boot.ini
2009-04-15 21:17:49 ----A---- C:\WINDOWS\win.ini
2009-04-15 21:17:49 ----A---- C:\WINDOWS\system.ini
2009-04-14 07:52:57 ----SHD---- C:\System Volume Information
2009-04-14 07:30:01 ----D---- C:\WINDOWS
2009-04-13 19:41:03 ----HD---- C:\WINDOWS\inf
2009-04-13 19:40:46 ----D---- C:\WINDOWS\system32\CatRoot2
2009-04-13 19:29:38 ----ASH---- C:\WINDOWS\system32\pulovuwi.exe
2009-04-13 07:14:27 ----ASH---- C:\WINDOWS\system32\wumugaka.exe
2009-04-12 22:04:32 ----D---- C:\WINDOWS\Media
2009-04-12 19:14:14 ----ASH---- C:\WINDOWS\system32\gutenadu.exe
2009-04-12 19:14:06 ----ASH---- C:\WINDOWS\system32\pikumivu.dll
2009-04-12 11:37:12 ----SHD---- C:\WINDOWS\Installer
2009-04-12 07:14:01 ----ASH---- C:\WINDOWS\system32\dilevuso.dll
2009-04-10 21:51:04 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-04-10 21:48:59 ----ASH---- C:\WINDOWS\system32\vumeburi.dll
2009-04-10 21:48:54 ----ASH---- C:\WINDOWS\system32\kuzeyogi.exe
2009-03-11 00:03:01 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-03-11 00:02:55 ----A---- C:\WINDOWS\imsins.BAK
2009-03-11 00:02:52 ----D---- C:\WINDOWS\WinSxS
2009-03-09 19:52:57 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-02-27 01:02:23 ----D---- C:\WINDOWS\system32\CatRoot
2009-02-12 01:07:22 ----D---- C:\Program Files\Common Files
2009-01-23 16:21:10 ----D---- C:\WINDOWS\Help
2009-01-21 00:26:55 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-01-19 19:36:30 ----A---- C:\WINDOWS\setuplog.txt
2009-01-19 19:35:55 ----D---- C:\WINDOWS\system32\Setup
2009-01-19 19:35:55 ----D---- C:\WINDOWS\AppPatch
2009-01-19 19:35:54 ----D---- C:\WINDOWS\system32\wbem
2009-01-19 19:35:53 ----RSD---- C:\WINDOWS\Fonts
2009-01-19 19:35:15 ----D---- C:\WINDOWS\security
2009-01-19 19:26:53 ----D---- C:\WINDOWS\ime
2009-01-19 19:26:37 ----D---- C:\WINDOWS\system32\usmt
2009-01-19 19:26:34 ----D---- C:\WINDOWS\PeerNet
2009-01-19 19:22:49 ----D---- C:\WINDOWS\system32\npp
2009-01-19 19:22:48 ----D---- C:\WINDOWS\msagent
2009-01-19 19:22:17 ----D---- C:\WINDOWS\system32\oobe
2009-01-19 19:22:15 ----D---- C:\WINDOWS\system
2009-01-17 20:46:42 ----D---- C:\WINDOWS\Debug
2009-01-17 16:54:46 ----D---- C:\WINDOWS\system32\config
2009-01-17 14:47:45 ----D---- C:\WINDOWS\pchealth
2009-01-17 01:52:16 ----D---- C:\Documents and Settings
2009-01-17 01:48:51 ----D---- C:\WINDOWS\repair
2009-01-17 01:48:00 ----A---- C:\WINDOWS\ODBCINST.INI
2009-01-17 01:47:47 ----D---- C:\WINDOWS\system32\ias
2009-01-17 01:47:05 ----RD---- C:\WINDOWS\Web
2009-01-17 01:43:27 ----D---- C:\WINDOWS\Cursors
2009-01-17 01:42:19 ----D---- C:\WINDOWS\system32\spool

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-01-31 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-01-31 27656]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-01-31 107272]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-11-18 5660]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-11-18 22684]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 OMCI;OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-11-07 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-11-07 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-11-07 86652]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-11-07 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-11-07 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-11-07 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-11-07 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2003-06-30 43136]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-07-02 1063936]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-07-02 202368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-06-22 807998]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2002-12-19 539008]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-07-02 631680]
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys [2004-04-12 16509]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-01-31 903960]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-01-31 298264]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-20 152984]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-19 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

#5 Chessca

Chessca
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 16 April 2009 - 10:07 PM

RSIT info

info.txt logfile of random's system information tool 1.06 2009-04-16 22:26:27

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 6.0.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
AIM 6-->C:\Program Files\AIM6\uninst.exe
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Broadcom 440x 10/100 Integrated Controller-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{52504CE6-E909-4113-B232-4AFEC6543A61} /l1033
Broadcom Advanced Control Suite-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{468190DA-FB4C-45BA-8E40-4B165FF1A939} /l1033
Broadcom Driver Installer-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{BE6890C7-31EF-478C-812E-1E2899ABFCA9} /l1033
Canon i320-->C:\WINDOWS\system32\CNMCP47.exe "-PRINTERNAMECanon i320" "-HELPERDLLC:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i320 Installer\Inst2\cnmis.dll" "-RCDLLcnmi0409.dll"
Cobian Backup 8-->C:\Program Files\Cobian Backup 8\cbUninstall.exe
Conexant SmartHSFi V.9x 56K DF PCI Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2702\HXFSETUP.EXE -U -IDel8d8xk.INF
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Dell Digital Jukebox Driver-->C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Media Experience-->MsiExec.exe /I{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}
Dell Movie Studio Diagnostics-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\8\INTEL3~1\IDriver.exe /M{9ED6519B-324A-4C66-98EE-E3F54281BA78}
Dell ResourceCD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
Dell62402-67077_Patch-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{918E5D0B-ACF9-438D-BFC4-697863CB0528}\Setup.exe" -l0x9 -L0x9
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Intel® Extreme Graphics Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Java™ 6 Update 12-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROR /dll OSETUP.DLL
Microsoft Office Professional 2007-->MsiExec.exe /X{91120000-0014-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
Palm Desktop-->MsiExec.exe /X{F1E906E7-1120-428D-A124-4938C306427E}
PowerDVD 5.9-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Roxio DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Roxio MyDVD LE-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Roxio RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Roxio RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Roxio RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb962871)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {297857BF-4011-449B-BD74-DB64D182821C}
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Winamp Remote-->"C:\Program Files\Winamp Remote\uninstall.exe"
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Mail Advisor-->C:\PROGRA~1\Yahoo!\Common\UNINST~1.EXE
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Software Update-->C:\PROGRA~1\Yahoo!\SOFTWA~1\UNINST~1.EXE
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: AVG Anti-Virus Free

======System event log======

Computer Name: CHESSCA
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 1528
Source Name: Service Control Manager
Time Written: 20090212223341.000000-300
Event Type: error
User:

Computer Name: CHESSCA
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 1525
Source Name: Service Control Manager
Time Written: 20090212223341.000000-300
Event Type: error
User:

Computer Name: CHESSCA
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 1522
Source Name: Service Control Manager
Time Written: 20090212223341.000000-300
Event Type: error
User:

Computer Name: CHESSCA
Event Code: 10010
Message: The server {FFF2D28F-E4EE-44D9-8104-8E71556757F6} did not register with DCOM within the required timeout.

Record Number: 1463
Source Name: DCOM
Time Written: 20090211201139.000000-300
Event Type: error
User: CHESSCA\Owner

Computer Name: CHESSCA
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 877
Source Name: Tcpip
Time Written: 20090121181144.000000-300
Event Type: warning
User:

=====Application event log=====

Computer Name: CHESSCA
Event Code: 1002
Message: Hanging application TeaTimer.exe, version 1.6.3.25, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 743
Source Name: Application Hang
Time Written: 20090413070303.000000-240
Event Type: error
User:

Computer Name: CHESSCA
Event Code: 1000
Message: Faulting application iexplore.exe, version 7.0.6000.16791, faulting module yt.dll, version 2009.3.13.2, fault address 0x00086350.

Record Number: 741
Source Name: Application Error
Time Written: 20090412220700.000000-240
Event Type: error
User:

Computer Name: CHESSCA
Event Code: 1000
Message: Faulting application iexplore.exe, version 7.0.6000.16791, faulting module yt.dll, version 2009.3.13.2, fault address 0x00086350.

Record Number: 739
Source Name: Application Error
Time Written: 20090412220442.000000-240
Event Type: error
User:

Computer Name: CHESSCA
Event Code: 1002
Message: Hanging application avgtray.exe, version 8.0.0.223, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 730
Source Name: Application Hang
Time Written: 20090412213143.000000-240
Event Type: error
User:

Computer Name: CHESSCA
Event Code: 1002
Message: Hanging application avgtray.exe, version 8.0.0.223, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 729
Source Name: Application Hang
Time Written: 20090412213140.000000-240
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;;C:\Program Files\Sonic\MyDVD;
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=0207
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\

-----------------EOF-----------------

#6 Chessca

Chessca
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 16 April 2009 - 10:09 PM

Here are the GMER results:

Attached Files



#7 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:12:34 AM

Posted 16 April 2009 - 10:42 PM

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.Link 1
Link 2
Link 3
Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#8 Chessca

Chessca
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 17 April 2009 - 05:57 PM

I think I may have been a bit confused but let's see if I did this correctly....

ComboFix Log:

ComboFix 09-04-18.01 - Owner 04/17/2009 18:37.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.766.404 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\dilevuso.dll
c:\windows\system32\drivers\fad.sys

.
((((((((((((((((((((((((( Files Created from 2009-03-17 to 2009-04-17 )))))))))))))))))))))))))))))))
.

2009-04-17 11:20 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-17 11:20 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-17 11:20 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-17 11:20 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-17 11:20 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-17 11:20 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-17 11:20 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-17 11:20 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-17 11:20 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-17 11:19 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-17 11:19 . 2009-03-27 06:58 1203922 -c----w c:\windows\system32\dllcache\sysmain.sdb
2009-04-17 11:19 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-17 02:25 . 2009-04-17 02:26 -------- d-----w C:\rsit
2009-04-17 01:45 . 2009-04-17 01:45 -------- d-----w c:\documents and settings\Owner\Application Data\Malwarebytes
2009-04-17 01:45 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-17 01:45 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-17 01:45 . 2009-04-17 01:45 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-10 03:19 . 2009-04-10 13:18 -------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-03-21 14:06 . 2009-03-21 14:06 989696 -c----w c:\windows\system32\dllcache\kernel32.dll
2009-03-21 00:03 . 2009-03-21 00:03 73728 ----a-w c:\windows\system32\javacpl.cpl

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-17 11:43 . 2009-01-17 20:46 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-04-17 02:26 . 2009-04-17 02:25 -------- d-----w c:\program files\trend micro
2009-04-17 02:22 . 2009-01-19 02:44 -------- d-----w c:\program files\Winamp Remote
2009-04-17 01:45 . 2009-04-17 01:45 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-14 23:13 . 2009-04-14 23:08 -------- d-----w c:\program files\Cobian Backup 5
2009-04-14 23:11 . 2009-04-14 23:11 -------- d-----w c:\program files\Cobian Backup 8
2009-04-14 11:17 . 2009-01-17 19:08 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-04-14 11:08 . 2009-04-13 02:09 -------- d-----w c:\program files\Windows Live Safety Center
2009-04-14 04:15 . 2009-04-13 10:20 -------- d-----w c:\program files\Common
2009-04-13 23:29 . 2009-01-13 23:29 64000 --sha-w c:\windows\system32\pulovuwi.exe
2009-04-13 12:20 . 2009-01-17 19:20 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-13 12:11 . 2009-01-17 19:20 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-13 11:14 . 2009-01-13 11:14 63488 --sha-w c:\windows\system32\wumugaka.exe
2009-04-12 23:14 . 2009-01-12 23:14 64000 --sha-w c:\windows\system32\gutenadu.exe
2009-04-12 23:14 . 2009-01-12 23:14 109056 --sha-w c:\windows\system32\pikumivu.dll
2009-04-11 01:48 . 2009-01-11 01:48 100864 --sha-w c:\windows\system32\vumeburi.dll
2009-04-11 01:48 . 2009-01-11 01:48 61952 --sha-w c:\windows\system32\kuzeyogi.exe
2009-04-10 03:20 . 2009-01-17 19:19 -------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2009-04-10 03:20 . 2009-01-17 19:19 -------- d-----w c:\program files\Yahoo!
2009-03-21 00:03 . 2009-01-19 00:08 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-21 00:03 . 2009-03-21 00:03 -------- d-----w c:\program files\Java
2009-03-17 23:26 . 2009-03-17 23:26 -------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-03-11 03:57 . 2009-01-17 17:48 -------- d-----w c:\documents and settings\Owner\Application Data\AdobeUM
2009-03-06 14:22 . 2004-08-04 10:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2006-03-04 03:33 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2004-08-04 10:00 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-18 04:10 . 2009-01-19 00:08 -------- d-----w c:\documents and settings\Owner\Application Data\LimeWire
2009-02-09 12:10 . 2004-08-04 10:00 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2004-08-04 10:00 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2004-08-04 10:00 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2004-08-04 10:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 11:13 . 2004-08-04 10:00 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-07 23:02 . 2005-03-30 01:01 2066048 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-06 11:11 . 2004-08-04 10:00 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:08 . 2005-03-30 01:23 2189056 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2004-08-04 10:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 19:59 . 2004-08-04 10:00 56832 ----a-w c:\windows\system32\secur32.dll
2009-02-01 02:43 . 2009-01-17 19:09 10520 ----a-w c:\windows\system32\avgrsstx.dll
2009-01-26 02:03 . 2009-01-17 05:53 75424 ----a-w c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-01-19 23:19 . 2004-08-04 10:00 250048 --sha-r C:\ntldr
2009-01-19 22:49 . 2009-01-19 22:49 128 ----a-w c:\documents and settings\Owner\Local Settings\Application Data\fusioncache.dat
2009-01-19 05:44 . 2009-01-17 06:04 677 ---ha-w C:\IPH.PH
2009-01-11 01:43 . 2009-01-11 01:43 69120 --sha-w c:\windows\system32\batiweja.dll.tmp
2009-01-11 01:43 . 2009-01-11 01:43 69120 --sha-w c:\windows\system32\wuholove.dll.tmp
2009-01-11 01:43 . 2009-01-11 01:43 69120 --sha-w c:\windows\system32\zetoyago.dll.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-22 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-22 126976]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-11-07 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-28 81920]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-11-01 94208]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2006-04-06 49152]
"YMailAdvisor"="c:\program files\Yahoo!\Common\YMailAdvisor.exe" [2008-06-05 125208]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\program files\palmOne\HOTSYNC.EXE [2004-4-12 299008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-01 02:43 10520 ----a-w c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Forget-Me-Not Flowerpot.lnk]
backup=c:\windows\pss\Forget-Me-Not Flowerpot.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zuzosifofu

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
2008-10-21 17:09 50472 ----a-w c:\program files\AIM6\aim6.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=

S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-02-01 325128]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-02-01 107272]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-02-01 903960]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-01 298264]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S2 YahooAUService;Yahoo! Updater;c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]

.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-5c875ff2 - c:\windows\system32\senozama.dll
MSConfigStartUp-CPM5fb46c6e - c:\windows\system32\feyimupa.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-17 18:42
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\program files\Winamp Remote\bin\Orb.exe
.
**************************************************************************
.
Completion time: 2009-04-17 18:45 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-17 22:45

Pre-Run: 46,610,157,568 bytes free
Post-Run: 46,562,627,584 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

167 --- E O F --- 2009-04-17 11:46





DDS Log:



DDS (Ver_09-03-16.01) - NTFSx86
Run by Owner at 18:52:23.87 on Fri 04/17/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.766.393 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\Winamp Remote\bin\Orb.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\ZMG5BB4R\dds[1].scr

============== Pseudo HJT Report ===============

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [Orb] "c:\program files\winamp remote\bin\OrbTray.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [YMailAdvisor] "c:\program files\yahoo!\common\YMailAdvisor.exe"
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palmone\HOTSYNC.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1232405805875
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-17 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-1-17 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-1-17 107272]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-1-17 903960]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-1-17 298264]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-1-19 24652]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]

=============== Created Last 30 ================

2009-04-17 18:37 <DIR> a-dshr-- C:\cmdcons
2009-04-17 18:35 161,792 a------- c:\windows\SWREG.exe
2009-04-17 18:35 98,816 a------- c:\windows\sed.exe
2009-04-17 07:20 401,408 -c------ c:\windows\system32\dllcache\rpcss.dll
2009-04-17 07:20 284,160 -c------ c:\windows\system32\dllcache\pdh.dll
2009-04-17 07:20 110,592 -c------ c:\windows\system32\dllcache\services.exe
2009-04-17 07:20 729,088 -c------ c:\windows\system32\dllcache\lsasrv.dll
2009-04-17 07:20 473,600 -c------ c:\windows\system32\dllcache\fastprox.dll
2009-04-17 07:20 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-17 07:20 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe
2009-04-17 07:20 714,752 -c------ c:\windows\system32\dllcache\ntdll.dll
2009-04-17 07:20 617,472 -c------ c:\windows\system32\dllcache\advapi32.dll
2009-04-17 07:19 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-17 07:19 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-04-17 07:19 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-04-16 22:25 <DIR> --d----- c:\program files\trend micro
2009-04-16 21:45 <DIR> --d----- c:\docume~1\owner\applic~1\Malwarebytes
2009-04-16 21:45 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-16 21:45 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-16 21:45 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-16 21:45 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-14 19:11 <DIR> --d----- c:\program files\Cobian Backup 8
2009-04-14 19:08 <DIR> --d----- c:\program files\Cobian Backup 5
2009-04-13 06:20 <DIR> --d----- c:\program files\Common
2009-03-21 10:06 989,696 -c------ c:\windows\system32\dllcache\kernel32.dll
2009-03-20 20:03 73,728 a------- c:\windows\system32\javacpl.cpl

==================== Find3M ====================

2009-04-13 19:29 64,000 a--sh--- c:\windows\system32\pulovuwi.exe
2009-04-13 07:14 63,488 a--sh--- c:\windows\system32\wumugaka.exe
2009-04-12 19:14 64,000 a--sh--- c:\windows\system32\gutenadu.exe
2009-04-12 19:14 109,056 a--sh--- c:\windows\system32\pikumivu.dll
2009-04-10 21:48 100,864 a--sh--- c:\windows\system32\vumeburi.dll
2009-04-10 21:48 61,952 a--sh--- c:\windows\system32\kuzeyogi.exe
2009-03-20 20:03 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-06 10:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-02 20:18 826,368 a------- c:\windows\system32\wininet.dll
2009-02-20 14:09 78,336 a------- c:\windows\system32\ieencode.dll
2009-02-09 08:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 08:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 08:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 08:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-07 19:02 2,066,048 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-06 07:11 110,592 a------- c:\windows\system32\services.exe
2009-02-06 07:08 2,189,056 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 06:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-03 15:59 56,832 a------- c:\windows\system32\secur32.dll
2009-01-31 22:43 10,520 a------- c:\windows\system32\avgrsstx.dll

============= FINISH: 18:52:48.17 ===============

Attached Files



#9 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:12:34 AM

Posted 17 April 2009 - 09:16 PM

1. Please open Notepad
  • If you don't know how, just go to Start >> Run >> copy/paste notepad.exe >> Enter
2. Now copy/paste the entire content of the codebox below into the Notepad window:

http://www.bleepingcomputer.com/forums/index.php?showtopic=219469&view=findpost&p=1227737

KillAll::

Collect::
c:\windows\system32\pulovuwi.exe
c:\windows\system32\wumugaka.exe
c:\windows\system32\gutenadu.exe
c:\windows\system32\pikumivu.dll
c:\windows\system32\vumeburi.dll
c:\windows\system32\kuzeyogi.exe
c:\windows\system32\batiweja.dll.tmp
c:\windows\system32\wuholove.dll.tmp
c:\windows\system32\zetoyago.dll.tmp

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.


**Note**

When ComboFix finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.
  • Simply follow the instructions to copy/paste/send the requested file.
Note::
If Combofix fails to upload the file, please find C:\Qoobox\Quarantined Files\Submit(Time and date here).zip and upload it at this site

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#10 Chessca

Chessca
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 18 April 2009 - 12:40 AM

I submitted the requested folder seperately.


ComboFix 09-04-18.03 - Owner 04/18/2009 1:18.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.766.374 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\gutenadu.exe
c:\windows\system32\kuzeyogi.exe
c:\windows\system32\pikumivu.dll
c:\windows\system32\pulovuwi.exe
c:\windows\system32\vumeburi.dll
c:\windows\system32\wuholove.dll.tmp
c:\windows\system32\wumugaka.exe
c:\windows\system32\zetoyago.dll.tmp

.
((((((((((((((((((((((((( Files Created from 2009-03-18 to 2009-04-18 )))))))))))))))))))))))))))))))
.

2009-04-17 11:20 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-17 11:20 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-17 11:20 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-17 11:20 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-17 11:20 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-17 11:20 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-17 11:20 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-17 11:20 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-17 11:20 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-17 11:19 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-17 11:19 . 2009-03-27 06:58 1203922 -c----w c:\windows\system32\dllcache\sysmain.sdb
2009-04-17 11:19 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-17 02:25 . 2009-04-17 02:26 -------- d-----w C:\rsit
2009-04-17 01:45 . 2009-04-17 01:45 -------- d-----w c:\documents and settings\Owner\Application Data\Malwarebytes
2009-04-17 01:45 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-17 01:45 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-17 01:45 . 2009-04-17 01:45 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-10 03:19 . 2009-04-10 13:18 -------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-03-21 14:06 . 2009-03-21 14:06 989696 -c----w c:\windows\system32\dllcache\kernel32.dll
2009-03-21 00:03 . 2009-03-21 00:03 73728 ----a-w c:\windows\system32\javacpl.cpl

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-17 11:43 . 2009-01-17 20:46 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-04-17 02:26 . 2009-04-17 02:25 -------- d-----w c:\program files\trend micro
2009-04-17 02:22 . 2009-01-19 02:44 -------- d-----w c:\program files\Winamp Remote
2009-04-17 01:45 . 2009-04-17 01:45 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-14 23:13 . 2009-04-14 23:08 -------- d-----w c:\program files\Cobian Backup 5
2009-04-14 23:11 . 2009-04-14 23:11 -------- d-----w c:\program files\Cobian Backup 8
2009-04-14 11:17 . 2009-01-17 19:08 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-04-14 11:08 . 2009-04-13 02:09 -------- d-----w c:\program files\Windows Live Safety Center
2009-04-14 04:15 . 2009-04-13 10:20 -------- d-----w c:\program files\Common
2009-04-13 12:20 . 2009-01-17 19:20 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-13 12:11 . 2009-01-17 19:20 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-10 03:20 . 2009-01-17 19:19 -------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2009-04-10 03:20 . 2009-01-17 19:19 -------- d-----w c:\program files\Yahoo!
2009-03-21 00:03 . 2009-01-19 00:08 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-21 00:03 . 2009-03-21 00:03 -------- d-----w c:\program files\Java
2009-03-17 23:26 . 2009-03-17 23:26 -------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-03-11 03:57 . 2009-01-17 17:48 -------- d-----w c:\documents and settings\Owner\Application Data\AdobeUM
2009-03-06 14:22 . 2004-08-04 10:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2006-03-04 03:33 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2004-08-04 10:00 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-18 04:10 . 2009-01-19 00:08 -------- d-----w c:\documents and settings\Owner\Application Data\LimeWire
2009-02-09 12:10 . 2004-08-04 10:00 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2004-08-04 10:00 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2004-08-04 10:00 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2004-08-04 10:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 11:13 . 2004-08-04 10:00 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-07 23:02 . 2005-03-30 01:01 2066048 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-06 11:11 . 2004-08-04 10:00 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:08 . 2005-03-30 01:23 2189056 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2004-08-04 10:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 19:59 . 2004-08-04 10:00 56832 ----a-w c:\windows\system32\secur32.dll
2009-02-01 02:43 . 2009-01-17 19:09 10520 ----a-w c:\windows\system32\avgrsstx.dll
2009-01-26 02:03 . 2009-01-17 05:53 75424 ----a-w c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-01-19 23:19 . 2004-08-04 10:00 250048 --sha-r C:\ntldr
2009-01-19 22:49 . 2009-01-19 22:49 128 ----a-w c:\documents and settings\Owner\Local Settings\Application Data\fusioncache.dat
2009-01-19 05:44 . 2009-01-17 06:04 677 ---ha-w C:\IPH.PH
.

((((((((((((((((((((((((((((( SnapShot@2009-04-17_22.42.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-18 05:23 . 2009-04-18 05:23 16384 c:\windows\temp\Perflib_Perfdata_7c8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-22 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-22 126976]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-11-07 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-28 81920]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-11-01 94208]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2006-04-06 49152]
"YMailAdvisor"="c:\program files\Yahoo!\Common\YMailAdvisor.exe" [2008-06-05 125208]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\program files\palmOne\HOTSYNC.EXE [2004-4-12 299008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-01 02:43 10520 ----a-w c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Forget-Me-Not Flowerpot.lnk]
backup=c:\windows\pss\Forget-Me-Not Flowerpot.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
2008-10-21 17:09 50472 ----a-w c:\program files\AIM6\aim6.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=

S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-02-01 325128]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-02-01 107272]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-02-01 903960]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-01 298264]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S2 YahooAUService;Yahoo! Updater;c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-18 01:23
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\program files\Winamp Remote\bin\Orb.exe
.
**************************************************************************
.
Completion time: 2009-04-18 1:27 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-18 05:27
ComboFix2.txt 2009-04-17 22:45

Pre-Run: 46,565,101,568 bytes free
Post-Run: 46,569,586,688 bytes free

158 --- E O F --- 2009-04-17 11:46




DDS Log:


DDS (Ver_09-03-16.01) - NTFSx86
Run by Owner at 1:36:06.89 on Sat 04/18/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.766.246 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\Winamp Remote\bin\Orb.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\CV0E9K97\dds[1].scr

============== Pseudo HJT Report ===============

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [Orb] "c:\program files\winamp remote\bin\OrbTray.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [YMailAdvisor] "c:\program files\yahoo!\common\YMailAdvisor.exe"
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palmone\HOTSYNC.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1232405805875
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-17 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-1-17 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-1-17 107272]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-1-17 903960]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-1-17 298264]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-1-19 24652]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]

=============== Created Last 30 ================

2009-04-17 18:37 <DIR> a-dshr-- C:\cmdcons
2009-04-17 18:35 161,792 a------- c:\windows\SWREG.exe
2009-04-17 18:35 98,816 a------- c:\windows\sed.exe
2009-04-17 07:20 401,408 -c------ c:\windows\system32\dllcache\rpcss.dll
2009-04-17 07:20 284,160 -c------ c:\windows\system32\dllcache\pdh.dll
2009-04-17 07:20 110,592 -c------ c:\windows\system32\dllcache\services.exe
2009-04-17 07:20 729,088 -c------ c:\windows\system32\dllcache\lsasrv.dll
2009-04-17 07:20 473,600 -c------ c:\windows\system32\dllcache\fastprox.dll
2009-04-17 07:20 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-17 07:20 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe
2009-04-17 07:20 714,752 -c------ c:\windows\system32\dllcache\ntdll.dll
2009-04-17 07:20 617,472 -c------ c:\windows\system32\dllcache\advapi32.dll
2009-04-17 07:19 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-17 07:19 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-04-17 07:19 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-04-16 22:25 <DIR> --d----- c:\program files\trend micro
2009-04-16 21:45 <DIR> --d----- c:\docume~1\owner\applic~1\Malwarebytes
2009-04-16 21:45 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-16 21:45 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-16 21:45 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-16 21:45 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-14 19:11 <DIR> --d----- c:\program files\Cobian Backup 8
2009-04-14 19:08 <DIR> --d----- c:\program files\Cobian Backup 5
2009-04-13 06:20 <DIR> --d----- c:\program files\Common
2009-03-21 10:06 989,696 -c------ c:\windows\system32\dllcache\kernel32.dll
2009-03-20 20:03 73,728 a------- c:\windows\system32\javacpl.cpl

==================== Find3M ====================

2009-03-20 20:03 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-06 10:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-02 20:18 826,368 a------- c:\windows\system32\wininet.dll
2009-02-20 14:09 78,336 a------- c:\windows\system32\ieencode.dll
2009-02-09 08:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 08:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 08:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 08:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-07 19:02 2,066,048 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-06 07:11 110,592 a------- c:\windows\system32\services.exe
2009-02-06 07:08 2,189,056 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 06:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-03 15:59 56,832 a------- c:\windows\system32\secur32.dll
2009-01-31 22:43 10,520 a------- c:\windows\system32\avgrsstx.dll

============= FINISH: 1:36:47.00 ===============

Attached Files



#11 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:12:34 AM

Posted 18 April 2009 - 03:52 AM

Please do this step before you sleep or when you don't use the computer as it will take quite a while..

Please run the Kaspersky Online Scanner

In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command. From the Desktop right click the icon to open the browser and choose Run as Administrator.

  • Click on SCAN NOW
  • Click Accept.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded locate the Scan Settings and have it scan My Computer.
  • The scan will take a while, so be patient and let it finish.

When the scan is done, in the Scan is complete window, any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.

To obtain the report:
Click on: Save Report As
  • Next, in the Save as prompt, Save in area, select: Desktop.
  • In the File name area use KScan, or something similar.
  • In Save as type: click the drop arrow and select: Text file [*.txt]
  • Then, click: Save
Posted Image

Copy and paste the Kaspersky Online Scanner Report in your next reply.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.


How's the computer now? :thumbup2:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#12 Chessca

Chessca
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 18 April 2009 - 12:45 PM

The computer is doing so much better! I haven't seen any pop-ups or error messages.


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Saturday, April 18, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Saturday, April 18, 2009 17:38:01
Records in database: 2058754
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Files scanned: 38926
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 01:15:17


File name / Threat name / Threats count
C:\Qoobox\Quarantine\[4]-Submit_2009-04-18@1.18.zip Infected: Trojan-Downloader.Win32.FraudLoad.edk 1

The selected area was scanned.

#13 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:12:34 AM

Posted 18 April 2009 - 01:59 PM

Looks good to me.. Lets do some cleanup...


Please download OTCleanIt and save it to Desktop.
  • Make sure you have internet connection..
  • Double-click OTCleanIt.exe
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes


Please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware



Read these links about safe internet surfing..

http://www.pcpitstop.com/spycheck/safesurfing.asp
http://bluefive.pair.com/practice_safe_surfing.htm



Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :thumbup2:



Have a safe and happy computing day!


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#14 Chessca

Chessca
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 18 April 2009 - 07:46 PM

My computer is running great! I don't see any problems. Web pages are loading quickly and properly and all seems to be in order. Thanks a lot for all your help. It is very much appreciated!

Thanks again,
Chessca :thumbup2:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users