Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

vemumise.dll pop-ups and slow performance


  • This topic is locked This topic is locked
17 replies to this topic

#1 Dholy

Dholy

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:56 PM

Posted 28 April 2009 - 09:22 PM

Hi, I have windows xp, I keep getting this alert on my computer(System32/vemumise.dll/ bad image/). I think it is within systems 32, but I don't know. My computer is running slow and it seems to be processing alot of programs at once. I installed Regcure and it helped a little. What can I do? Thank you

DDS (Ver_09-03-16.01) - NTFSx86
Run by Junior at 19:06:31.31 on Tue 04/28/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.191.41 [GMT -7:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Prevx\prevx.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\Documents and Settings\Junior\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {59879fa4-4790-461c-a1cc-4ec4de4ca483} - RXResultTracker Class
BHO: UberButton Class: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: YahooTaggedBM Class: {65d886a2-7ca7-479b-bb95-14d1efb7946a} - c:\program files\yahoo!\common\YIeTagBm.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [YBrowser] c:\progra~1\yahoo!\browser\ybrwicon.exe
mRun: [EPSON Stylus Photo R200 Series] c:\windows\system32\spool\drivers\w32x86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O5 "LPT1:" /M "Stylus Photo R200"
mRun: [EPSON Stylus Photo R200 Series (Copy 1)] c:\windows\system32\spool\drivers\w32x86\3\E_S4I2H1.EXE /P39 "EPSON Stylus Photo R200 Series (Copy 1)" /O6 "USB001" /M "Stylus Photo R200"
mRun: [CPMbfe4f11b] Rundll32.exe "c:\windows\system32\ririzaki.dll",a
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZCxdm492NYUS
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-3/CursorManiaFWBInitialSetup1.0.1.0.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper20073151.dll
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1127779937468
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1127779925359
DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - hxxp://mediaplayer.walmart.com/installer/install.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
AppInit_DLLs: c:\windows\system32\vemumise.dll c:\windows\system32\ririzaki.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} -
STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4}: STS
LSA: Notification Packages = c:\windows\system32\vemumise.dll scecli

============= SERVICES / DRIVERS ===============

S3 ICDUSB2;Sony IC Recorder (ST);c:\windows\system32\drivers\IcdUsb2.sys [2007-4-14 39048]

=============== Created Last 30 ================

2009-04-26 20:29 <DIR> --d----- c:\program files\Exterminate It!
2009-04-26 20:23 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2009-04-26 20:23 333,952 -------- c:\windows\system32\dllcache\srv.sys
2009-04-26 20:21 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
2009-04-26 20:17 <DIR> --d----- c:\windows\system32\CatRoot_bak
2009-04-26 18:38 27,656 a------- c:\windows\system32\drivers\pxsec.sys
2009-04-26 18:38 22,024 a------- c:\windows\system32\drivers\pxscan.sys
2009-04-26 18:38 <DIR> --d----- c:\program files\Prevx
2009-04-26 18:37 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PrevxCSI
2009-04-26 18:37 65 a------- c:\windows\wininit.ini
2009-04-26 18:16 <DIR> --d----- c:\windows\ServicePackFiles
2009-04-26 16:34 <DIR> --d----- c:\program files\Windows Live Safety CenterRebootActions
2009-04-26 08:18 1,407,002 ---sh--- c:\windows\system32\ulihovim.ini
2009-04-25 09:49 <DIR> --d----- c:\windows\system32\scripting
2009-04-25 09:49 <DIR> --d----- c:\windows\l2schemas
2009-04-25 09:48 <DIR> --d----- c:\windows\system32\en
2009-04-25 09:48 <DIR> --d----- c:\windows\system32\bits
2009-04-25 09:11 617,472 a------- c:\windows\system32\advapi32.dll
2009-04-25 09:10 <DIR> --d----- c:\windows\EHome
2009-04-22 22:36 <DIR> --d----- c:\program files\Illustrate
2009-04-22 22:35 <DIR> --d----- c:\program files\Bonjour
2009-04-22 22:30 <DIR> --d----- c:\windows\LastGood(2)
2009-04-21 22:57 <DIR> --d----- C:\6eb71efb1748be66e578615e46d88f
2009-04-21 22:33 <DIR> -cd----- c:\windows\ie8
2009-04-21 22:30 <DIR> --d----- C:\9a8c15e3b814b6817cbda9
2009-04-18 21:39 <DIR> --d----- C:\ProgramData
2009-04-16 17:26 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-16 17:26 215,552 -------- c:\windows\system32\dllcache\wordpad.exe

==================== Find3M ====================

2009-04-26 18:33 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-03-21 07:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll
2009-03-06 07:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-06 07:22 284,160 -------- c:\windows\system32\dllcache\pdh.dll
2009-03-02 17:18 826,368 a------- c:\windows\system32\wininet.dll
2009-03-02 17:18 826,368 a------- c:\windows\system32\wininet(2).dll
2009-03-02 17:18 826,368 a------- c:\windows\system32\dllcache\wininet.dll
2009-02-27 21:54 636,072 a------- c:\windows\system32\dllcache\iexplore.exe
2009-02-20 03:20 70,656 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 03:20 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-02-19 22:14 161,792 a------- c:\windows\system32\dllcache\ieakui.dll
2009-02-09 05:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 05:10 729,088 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-02-09 05:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 05:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 05:10 714,752 -------- c:\windows\system32\dllcache\ntdll.dll
2009-02-09 05:10 617,472 -------- c:\windows\system32\dllcache\advapi32.dll
2009-02-09 05:10 473,600 -------- c:\windows\system32\dllcache\fastprox.dll
2009-02-09 05:10 453,120 -------- c:\windows\system32\dllcache\wmiprvsd.dll
2009-02-09 05:10 401,408 -------- c:\windows\system32\dllcache\rpcss.dll
2009-02-09 04:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-09 04:13 1,846,784 -------- c:\windows\system32\dllcache\win32k.sys
2009-02-07 19:02 2,066,048 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-07 19:02 2,066,048 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-06 04:11 110,592 a------- c:\windows\system32\services.exe
2009-02-06 04:11 110,592 -------- c:\windows\system32\dllcache\services.exe
2009-02-06 04:08 2,189,056 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 04:08 2,189,056 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-06 04:06 2,145,280 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-06 03:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-06 03:39 35,328 a------- c:\windows\system32\dllcache\sc.exe
2009-02-06 03:32 2,023,936 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-06 03:10 227,840 -------- c:\windows\system32\dllcache\wmiprvse.exe
2009-02-03 12:59 56,832 a------- c:\windows\system32\secur32.dll
2009-02-03 12:59 56,832 -------- c:\windows\system32\dllcache\secur32.dll
2007-01-08 17:08 836 ac------ c:\docume~1\junior\applic~1\ViewerApp.dat
2009-01-26 08:18 0 a--sh--- c:\windows\system32\lomitete.dll
2009-01-26 08:18 0 a--sh--- c:\windows\system32\vemumise.dll
2009-01-26 08:18 0 a--sh--- c:\windows\system32\yegusaso.dll

============= FINISH: 19:12:31.81 ===============

BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:56 PM

Posted 29 April 2009 - 03:22 AM

Hello, my name is fenzodahl512 and welcome to Bleeping Computer.. Please do the following....



Please download The Comedian.exe to your desktop
  • Double click the program to run it. It will only take around several minutes to run.
  • It will do a series of tasks and tell you when each one is finished.
  • You will be prompted to press any key after each step
  • When it is done it will close and exit itself automatically.
  • You can delete The_Comedian.exe once it is finished


NEXT


Please download Norman Malware Cleaner and save it to your Desktop.
  • Reboot your computer into Safe Mode.
  • Double-click Norman Malware Cleaner >> click Accept >> click Start scan
  • Let it finish it scan. A log will be created on your Desktop. Post the log in your next reply


NEXT


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.


NEXT


Please download GMER and unzip it to your Desktop. <<mirror>>
If you see "random" name, just leave it.. If you see "GMER", please rename GMER into GAMERS
  • Open the renamed program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.
IMPORTANT: Do NOT run any program while you are doing these scans as it may interfere with the output results



Post me these logs in your next reply.. Post each log in separate post..

1. Norman Malware Cleaner
2. RSIT log.txt
3. RSIT info.txt
4. Attach GMER result..

Edited by fenzodahl512, 29 April 2009 - 03:55 AM.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 Dholy

Dholy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:56 PM

Posted 29 April 2009 - 11:11 PM

Installed Norman and rebooted in safe mode. Then ran Norman and incountered this error, Unable to initialize scanner engine error (0x00010015). What's next?

Edited by Dholy, 29 April 2009 - 11:11 PM.


#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:56 PM

Posted 30 April 2009 - 05:07 AM

Proceed with next steps then post the logs here

Edited by fenzodahl512, 30 April 2009 - 05:07 AM.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 Dholy

Dholy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:56 PM

Posted 30 April 2009 - 09:16 PM

Logfile of random's system information tool 1.06 (written by random/random)
Run by Junior at 2009-04-30 19:13:56
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 23 GB (60%) free of 38 GB
Total RAM: 191 MB (12% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:14:24 PM, on 4/30/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\Yahoo!\browser\YBrowser.exe
C:\Documents and Settings\Junior\Desktop\RSIT.exe
C:\Program Files\trend micro\Junior.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: 82.98.231.89 url.adtrgt.com
O1 - Hosts: 82.98.231.89 googleads2.gdoubleclick.net
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - (no file)
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\common\YIeTagBm.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P39 "EPSON Stylus Photo R200 Series (Copy 1)" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZCxdm492NYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...etup1.0.1.0.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1127779937468
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1127779925359
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O20 - AppInit_DLLs: C:\WINDOWS\system32\vemumise.dll c:\windows\system32\ririzaki.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - (no file)
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - (no file)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

--
End of file - 6148 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Disk Cleanup.job
C:\WINDOWS\tasks\ErrorRepairTool Scheduled Scan.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\RegCure Program Check.job
C:\WINDOWS\tasks\RegCure.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59879FA4-4790-461c-A1CC-4EC4DE4CA483}]
RXResultTracker Class

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
UberButton Class - C:\Program Files\Yahoo!\common\yiesrvc.dll [2005-05-26 181352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{65D886A2-7CA7-479B-BB95-14D1EFB7946A}]
YahooTaggedBM Class - C:\Program Files\Yahoo!\common\YIeTagBm.dll [2005-01-24 115832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2008-11-14 657904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D}]
SidebarAutoLaunch Class - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll [2005-02-03 124032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2005-08-01 342600]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"YBrowser"=C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe [2003-12-09 57344]
"EPSON Stylus Photo R200 Series (Copy 1)"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE [2003-07-08 99840]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPMbfe4f11b]
c:\windows\system32\ririzaki.dll,a []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX3800 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE [2005-02-08 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo R200 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE [2003-07-08 99840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe [2005-08-15 3092480]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE

C:\Documents and Settings\Junior\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINDOWS\system32\vemumise.dll c:\windows\system32\ririzaki.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=C:\WINDOWS\system32\vemumise.dll
scecli

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=91000000
"NoDriveAutoRun"=4294967295

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE"="C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE:*:Enabled:SAgent4"
"C:\Program Files\Yahoo!\Messenger\YPager.exe"="C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Kazaa\kazaa.exe"="C:\Program Files\Kazaa\kazaa.exe:*:Enabled:Kazaa"
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\Program Files\Yahoo!\browser\ybrowser.exe"="C:\Program Files\Yahoo!\browser\ybrowser.exe:*:Enabled:Yahoo! Browser"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe"="C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{853ec73f-5d6b-11da-a4a3-00142abc848e}]
shell\AutoRun\command - winshell110.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ee798af3-6533-11da-bf39-00142ad3bebc}]
shell\AutoRun\command - winshell110.exe


======List of files/folders created in the last 3 months======

2009-04-30 19:14:02 ----D---- C:\Program Files\trend micro
2009-04-30 19:13:56 ----D---- C:\rsit
2009-04-29 17:42:55 ----A---- C:\WINDOWS\ntbtlog.txt
2009-04-29 17:26:32 ----D---- C:\WINDOWS\ERDNT
2009-04-29 17:26:03 ----D---- C:\Program Files\ERUNT
2009-04-26 20:29:56 ----D---- C:\Program Files\Exterminate It!
2009-04-26 20:17:55 ----D---- C:\WINDOWS\system32\CatRoot_bak
2009-04-26 20:02:38 ----D---- C:\WINDOWS\Prefetch
2009-04-26 19:21:39 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-04-26 19:18:04 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-04-26 19:14:29 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-04-26 19:10:47 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-04-26 19:08:02 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-04-26 19:06:26 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-04-26 19:06:02 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2009-04-26 19:03:18 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-04-26 19:01:00 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-04-26 19:00:30 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-04-26 18:58:27 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-04-26 18:56:13 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2009-04-26 18:52:15 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-04-26 18:37:36 ----A---- C:\WINDOWS\wininit.ini
2009-04-26 18:16:22 ----D---- C:\WINDOWS\ServicePackFiles
2009-04-26 17:53:51 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-04-26 17:27:36 ----A---- C:\WINDOWS\system32\MRT.exe
2009-04-26 16:34:45 ----D---- C:\Program Files\Windows Live Safety CenterRebootActions
2009-04-26 14:33:49 ----D---- C:\Program Files\Windows Live Safety Center
2009-04-26 08:18:36 ----SH---- C:\WINDOWS\system32\ulihovim.ini
2009-04-25 19:23:45 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-04-25 19:23:31 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-04-25 19:22:49 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-04-25 09:49:27 ----D---- C:\WINDOWS\system32\scripting
2009-04-25 09:49:04 ----D---- C:\WINDOWS\l2schemas
2009-04-25 09:48:59 ----D---- C:\WINDOWS\system32\en
2009-04-25 09:48:57 ----D---- C:\WINDOWS\system32\bits
2009-04-25 09:16:50 ----A---- C:\WINDOWS\system32\xpsp2res.dll
2009-04-25 09:16:40 ----A---- C:\WINDOWS\system32\qmgr.dll
2009-04-25 09:11:54 ----A---- C:\WINDOWS\system32\advapi32.dll
2009-04-25 09:11:53 ----A---- C:\WINDOWS\system32\csrsrv.dll
2009-04-25 09:11:53 ----A---- C:\WINDOWS\system32\comdlg32.dll
2009-04-25 09:11:53 ----A---- C:\WINDOWS\system32\comctl32.dll
2009-04-25 09:11:53 ----A---- C:\WINDOWS\system32\cmd.exe
2009-04-25 09:11:53 ----A---- C:\WINDOWS\system32\cacls.exe
2009-04-25 09:11:53 ----A---- C:\WINDOWS\system32\autoconv.exe
2009-04-25 09:11:53 ----A---- C:\WINDOWS\system32\autochk.exe
2009-04-25 09:11:52 ----A---- C:\WINDOWS\system32\locator.exe
2009-04-25 09:11:52 ----A---- C:\WINDOWS\system32\localspl.dll
2009-04-25 09:11:52 ----A---- C:\WINDOWS\system32\lmhsvc.dll
2009-04-25 09:11:52 ----A---- C:\WINDOWS\system32\kernel32.dll
2009-04-25 09:11:52 ----A---- C:\WINDOWS\system32\imagehlp.dll
2009-04-25 09:11:52 ----A---- C:\WINDOWS\system32\ftp.exe
2009-04-25 09:11:52 ----A---- C:\WINDOWS\system32\format.com
2009-04-25 09:11:52 ----A---- C:\WINDOWS\system32\dhcpcsvc.dll
2009-04-25 09:11:51 ----A---- C:\WINDOWS\system32\nwprovau.dll
2009-04-25 09:11:51 ----A---- C:\WINDOWS\system32\ntvdm.exe
2009-04-25 09:11:51 ----A---- C:\WINDOWS\system32\ntprint.dll
2009-04-25 09:11:51 ----A---- C:\WINDOWS\system32\ntlsapi.dll
2009-04-25 09:11:51 ----A---- C:\WINDOWS\system32\ntdll.dll
2009-04-25 09:11:51 ----A---- C:\WINDOWS\system32\nslookup.exe
2009-04-25 09:11:51 ----A---- C:\WINDOWS\system32\msv1_0.dll
2009-04-25 09:11:51 ----A---- C:\WINDOWS\system32\msgsvc.dll
2009-04-25 09:11:51 ----A---- C:\WINDOWS\system32\mgmtapi.dll
2009-04-25 09:11:51 ----A---- C:\WINDOWS\system32\lsasrv.dll
2009-04-25 09:11:51 ----A---- C:\WINDOWS\system32\lpdsvc.dll
2009-04-25 09:11:50 ----A---- C:\WINDOWS\system32\samsrv.dll
2009-04-25 09:11:50 ----A---- C:\WINDOWS\system32\samlib.dll
2009-04-25 09:11:50 ----A---- C:\WINDOWS\system32\rshx32.dll
2009-04-25 09:11:50 ----A---- C:\WINDOWS\system32\rastapi.dll
2009-04-25 09:11:50 ----A---- C:\WINDOWS\system32\rasman.dll
2009-04-25 09:11:50 ----A---- C:\WINDOWS\system32\rasdlg.dll
2009-04-25 09:11:50 ----A---- C:\WINDOWS\system32\rasauto.dll
2009-04-25 09:11:50 ----A---- C:\WINDOWS\system32\rasapi32.dll
2009-04-25 09:11:50 ----A---- C:\WINDOWS\system32\printui.dll
2009-04-25 09:11:50 ----A---- C:\WINDOWS\system32\perfctrs.dll
2009-04-25 09:11:50 ----A---- C:\WINDOWS\system32\olecnv32.dll
2009-04-25 09:11:50 ----A---- C:\WINDOWS\system32\oleaut32.dll
2009-04-25 09:11:49 ----A---- C:\WINDOWS\system32\smss.exe
2009-04-25 09:11:49 ----A---- C:\WINDOWS\system32\setupapi.dll
2009-04-25 09:11:49 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-04-25 09:11:49 ----A---- C:\WINDOWS\system32\services.exe
2009-04-25 09:11:49 ----A---- C:\WINDOWS\system32\schannel.dll
2009-04-25 09:11:49 ----A---- C:\WINDOWS\system32\scardsvr.exe
2009-04-25 09:11:49 ----A---- C:\WINDOWS\system32\savedump.exe
2009-04-25 09:11:48 ----A---- C:\WINDOWS\system32\tcpmonui.dll
2009-04-25 09:11:48 ----A---- C:\WINDOWS\system32\syssetup.dll
2009-04-25 09:11:48 ----A---- C:\WINDOWS\system32\srvsvc.dll
2009-04-25 09:11:47 ----A---- C:\WINDOWS\system32\wkssvc.dll
2009-04-25 09:11:47 ----A---- C:\WINDOWS\system32\win32spl.dll
2009-04-25 09:11:47 ----A---- C:\WINDOWS\system32\userinit.exe
2009-04-25 09:11:47 ----A---- C:\WINDOWS\system32\untfs.dll
2009-04-25 09:11:47 ----A---- C:\WINDOWS\system32\ulib.dll
2009-04-25 09:11:39 ----A---- C:\WINDOWS\system32\HAL.DLL
2009-04-25 09:11:37 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2009-04-25 09:11:37 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe
2009-04-25 09:10:42 ----D---- C:\WINDOWS\EHome
2009-04-24 12:42:25 ----D---- C:\Program Files\RegCure
2009-04-22 22:36:31 ----D---- C:\Program Files\Illustrate
2009-04-22 22:35:39 ----D---- C:\Program Files\Apple Software Update
2009-04-22 22:35:36 ----D---- C:\Program Files\Bonjour
2009-04-22 22:35:29 ----D---- C:\Program Files\Common Files\Apple
2009-04-22 22:34:00 ----HD---- C:\WINDOWS\ie7
2009-04-22 22:30:04 ----D---- C:\WINDOWS\LastGood(2)
2009-04-21 22:57:36 ----D---- C:\6eb71efb1748be66e578615e46d88f
2009-04-21 22:33:06 ----DC---- C:\WINDOWS\ie8
2009-04-21 22:30:59 ----D---- C:\9a8c15e3b814b6817cbda9
2009-04-21 22:17:32 ----D---- C:\Program Files\Windows Defender
2009-04-18 21:39:45 ----D---- C:\ProgramData
2009-04-17 22:06:24 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-04-17 22:05:16 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-04-17 21:59:27 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-04-17 21:58:14 ----HDC---- C:\WINDOWS\$NtUninstallKB952004_0$
2009-04-17 21:57:44 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-04-17 21:56:52 ----HDC---- C:\WINDOWS\$NtUninstallKB923561_0$
2009-04-16 17:26:55 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2009-03-10 20:45:51 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-03-10 20:44:47 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-03-10 20:42:31 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
2009-02-24 21:50:11 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-02-22 20:47:54 ----D---- C:\Documents and Settings\Junior\Application Data\Libronix DLS
2009-02-22 20:47:54 ----D---- C:\Documents and Settings\All Users\Application Data\Libronix DLS
2009-02-22 20:47:28 ----D---- C:\Program Files\Libronix DLS
2009-02-11 18:54:01 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$

======List of files/folders modified in the last 3 months======

2009-04-30 19:14:02 ----RD---- C:\Program Files
2009-04-30 19:11:17 ----D---- C:\WINDOWS\Temp
2009-04-29 21:39:41 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-04-29 17:42:55 ----D---- C:\WINDOWS
2009-04-29 17:28:36 ----D---- C:\WINDOWS\system32\config
2009-04-28 20:23:08 ----D---- C:\WINDOWS\system32\drivers
2009-04-28 20:22:18 ----RASH---- C:\boot.ini
2009-04-28 20:22:18 ----A---- C:\WINDOWS\win.ini
2009-04-28 20:22:18 ----A---- C:\WINDOWS\system.ini
2009-04-28 20:17:48 ----D---- C:\WINDOWS\pss
2009-04-28 18:55:16 ----D---- C:\WINDOWS\system32
2009-04-28 18:55:15 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-04-28 18:42:05 ----D---- C:\WINDOWS\system32\wbem
2009-04-28 18:36:21 ----D---- C:\WINDOWS\system32\CatRoot
2009-04-28 18:35:17 ----HD---- C:\WINDOWS\inf
2009-04-28 18:35:09 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-04-28 18:34:15 ----D---- C:\WINDOWS\system32\CatRoot2
2009-04-28 18:33:44 ----A---- C:\WINDOWS\imsins.BAK
2009-04-26 20:04:06 ----AC---- C:\WINDOWS\setuplog.txt
2009-04-26 20:01:44 ----D---- C:\WINDOWS\system32\Setup
2009-04-26 20:01:44 ----D---- C:\WINDOWS\AppPatch
2009-04-26 20:01:41 ----RSD---- C:\WINDOWS\Fonts
2009-04-26 18:58:33 ----D---- C:\Program Files\Messenger
2009-04-26 18:51:56 ----D---- C:\WINDOWS\security
2009-04-26 18:25:43 ----D---- C:\WINDOWS\WinSxS
2009-04-26 18:24:56 ----D---- C:\WINDOWS\network diagnostic
2009-04-26 18:24:56 ----D---- C:\WINDOWS\ime
2009-04-26 18:24:55 ----D---- C:\WINDOWS\Help
2009-04-26 18:24:21 ----D---- C:\WINDOWS\system32\usmt
2009-04-26 18:24:21 ----D---- C:\WINDOWS\system32\en-US
2009-04-26 18:24:01 ----D---- C:\WINDOWS\PeerNet
2009-04-26 18:23:59 ----D---- C:\Program Files\Movie Maker
2009-04-26 18:16:00 ----D---- C:\WINDOWS\system32\Restore
2009-04-26 18:16:00 ----D---- C:\WINDOWS\system32\npp
2009-04-26 18:15:55 ----D---- C:\WINDOWS\msagent
2009-04-26 18:15:50 ----D---- C:\WINDOWS\srchasst
2009-04-26 18:15:38 ----D---- C:\Program Files\NetMeeting
2009-04-26 18:15:36 ----D---- C:\WINDOWS\system32\Com
2009-04-26 18:15:32 ----D---- C:\Program Files\Windows Media Player
2009-04-26 18:15:31 ----D---- C:\Program Files\Windows NT
2009-04-26 18:15:31 ----D---- C:\Program Files\Outlook Express
2009-04-26 18:15:25 ----D---- C:\Program Files\Common Files\System
2009-04-26 18:14:40 ----D---- C:\WINDOWS\system32\oobe
2009-04-26 18:14:36 ----D---- C:\WINDOWS\system
2009-04-26 18:04:39 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-04-26 14:33:52 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-04-26 14:26:13 ----SHD---- C:\WINDOWS\Installer
2009-04-26 13:44:38 ----SD---- C:\WINDOWS\Tasks
2009-04-25 13:28:04 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-04-25 12:44:55 ----AC---- C:\WINDOWS\OEWABLog.txt
2009-04-25 11:37:40 ----HD---- C:\WINDOWS\$hf_mig$
2009-04-25 07:35:26 ----D---- C:\Config.Msi
2009-04-24 16:12:09 ----D---- C:\WINDOWS\pchealth
2009-04-24 16:12:09 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-04-23 08:53:02 ----D---- C:\Program Files\Internet Explorer
2009-04-22 22:38:59 ----D---- C:\WINDOWS\Registration
2009-04-22 22:35:29 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-04-22 22:35:29 ----D---- C:\Program Files\Common Files
2009-04-22 22:35:13 ----D---- C:\WINDOWS\WBEM
2009-04-22 22:34:54 ----D---- C:\WINDOWS\ie7updates
2009-04-22 22:34:12 ----HD---- C:\Program Files\InstallShield Installation Information
2009-04-22 22:34:12 ----D---- C:\Program Files\VIA
2009-04-22 21:54:35 ----D---- C:\WINDOWS\Media
2009-04-21 22:17:32 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-03-06 07:22:18 ----A---- C:\WINDOWS\system32\pdh.dll
2009-03-02 17:18:25 ----A---- C:\WINDOWS\system32\wininet.dll
2009-03-02 17:18:25 ----A---- C:\WINDOWS\system32\wininet(2).dll
2009-02-20 11:09:38 ----A---- C:\WINDOWS\system32\webcheck.dll
2009-02-20 11:09:38 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-02-20 11:09:38 ----A---- C:\WINDOWS\system32\urlmon(2).dll
2009-02-20 11:09:38 ----A---- C:\WINDOWS\system32\url.dll
2009-02-20 11:09:38 ----A---- C:\WINDOWS\system32\pngfilt.dll
2009-02-20 11:09:38 ----A---- C:\WINDOWS\system32\occache.dll
2009-02-20 11:09:38 ----A---- C:\WINDOWS\system32\mstime.dll
2009-02-20 11:09:38 ----A---- C:\WINDOWS\system32\msrating.dll
2009-02-20 11:09:38 ----A---- C:\WINDOWS\system32\mshtmled.dll
2009-02-20 11:09:38 ----A---- C:\WINDOWS\system32\ieencode.dll
2009-02-20 11:09:37 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-02-20 11:09:37 ----A---- C:\WINDOWS\system32\mshtml(2).dll
2009-02-20 11:09:37 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2009-02-20 11:09:37 ----A---- C:\WINDOWS\system32\msfeeds.dll
2009-02-20 11:09:37 ----A---- C:\WINDOWS\system32\jsproxy.dll
2009-02-20 11:09:37 ----A---- C:\WINDOWS\system32\iertutil.dll
2009-02-20 11:09:37 ----A---- C:\WINDOWS\system32\iernonce.dll
2009-02-20 11:09:36 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-02-20 11:09:36 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2009-02-20 11:09:36 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2009-02-20 11:09:36 ----A---- C:\WINDOWS\system32\ieaksie.dll
2009-02-20 11:09:36 ----A---- C:\WINDOWS\system32\ieakeng.dll
2009-02-20 11:09:36 ----A---- C:\WINDOWS\system32\icardie.dll
2009-02-20 11:09:36 ----A---- C:\WINDOWS\system32\extmgr.dll
2009-02-20 11:09:36 ----A---- C:\WINDOWS\system32\dxtrans.dll
2009-02-20 11:09:35 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2009-02-20 11:09:35 ----A---- C:\WINDOWS\system32\advpack.dll
2009-02-20 03:20:49 ----A---- C:\WINDOWS\system32\ieudinit.exe
2009-02-20 03:20:49 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2009-02-19 22:14:12 ----A---- C:\WINDOWS\system32\ieakui.dll
2009-02-09 05:10:48 ----A---- C:\WINDOWS\system32\rpcss.dll
2009-02-06 12:35:56 ----A---- C:\WINDOWS\system32\LegitCheckControl.DLL
2009-02-06 03:39:08 ----A---- C:\WINDOWS\system32\sc.exe
2009-02-03 12:59:07 ----A---- C:\WINDOWS\system32\secur32.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2004-08-11 39424]
R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2004-03-08 13567]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.1.6.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2005-09-26 17119]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-12-20 1271463]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-02-23 2311680]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2004-12-15 42496]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2005-09-26 6912]
R3 RT2500;RT2500 Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT2500.sys [2005-02-23 228992]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2004-11-19 186240]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 viagfx;viagfx; C:\WINDOWS\system32\DRIVERS\vtmini.sys [2005-02-15 172416]
S1 cdrbsvsd;cdrbsvsd; C:\WINDOWS\system32\drivers\cdrbsvsd.sys []
S1 nbuvjxzs;nbuvjxzs; \??\C:\WINDOWS\system32\drivers\nbuvjxzs.sys []
S3 EagleNT;EagleNT; C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 ICDUSB2;Sony IC Recorder (ST); C:\WINDOWS\System32\Drivers\ICDUSB2.sys [2002-11-28 39048]
S3 NCHSSVAD;SoundTap Recorder; C:\WINDOWS\system32\drivers\nchssvad.sys [2007-01-14 21120]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-14 168432]
R2 SNMP;SNMP Service; C:\WINDOWS\System32\snmp.exe [2008-04-13 33280]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 Boonty Games;Boonty Games; C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe [2007-06-23 69120]
S3 LPDSVC;TCP/IP Print Server; C:\WINDOWS\system32\tcpsvcs.exe [2004-08-04 19456]
S3 SNMPTRAP;SNMP Trap Service; C:\WINDOWS\System32\snmptrap.exe [2008-04-13 8704]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------

#6 Dholy

Dholy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:56 PM

Posted 30 April 2009 - 09:17 PM

info.txt logfile of random's system information tool 1.06 2009-04-30 19:14:32

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\SBC LightSpeed Self Support Tool\CustomUninstall.exe SBC
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{510582B9-2633-11D4-99DC-0000F49094C7}\Setup.exe" UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Amazon MP3 Downloader 1.0.3-->C:\Program Files\Amazon\MP3 Downloader\Uninstall.exe
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Athlon 64 Processor Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Macromedia Flash Player 8-->MsiExec.exe /X{0A28C610-EE06-4A33-BB56-A2155B524916}
Matrox Imaging Products-->C:\WINDOWS\UnInstallMIP.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 SR-1 Disc 2-->MsiExec.exe /I{00040409-78E1-11D2-B60F-006097C998E7}
Microsoft Office 2000 SR-1 Professional-->MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
RegCure 1.5.2.7-->C:\Program Files\RegCure\uninst.exe
RT2500 Wireless LAN Card-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28CF2681-0428-4F9B-A20E-9FA3BC80C9E8}\setup.exe" -l0x9 -removeonly
SBC Self Support Tool-->C:\WINDOWS\Motive\SBC\MCCUninst.exe
SBC Yahoo! Applications-->C:\PROGRA~1\Yahoo!\common\uninstall.exe
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Sony USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
URGE-->MsiExec.exe /I{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}
USB Disk Win98 Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BF5EE349-90CD-4422-A43B-661778180173}\Setup.exe"
VIA Rhine-Family Fast Ethernet Adapter-->Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
VIA/S3G Display Driver-->C:\PROGRA~1\VIA\UChromeP\s3minset.exe /u C:\PROGRA~1\VIA\UChromeP\UChromeP.uns
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

======Hosts File======

127.0.0.1 localhost
82.98.231.89 url.adtrgt.com
82.98.231.89 googleads2.gdoubleclick.net

======System event log======

Computer Name: HOLYCROSS
Event Code: 3004
Message:
Record Number: 64929
Source Name: WinDefend
Time Written: 20090422220405.000000-420
Event Type: warning
User:

Computer Name: HOLYCROSS
Event Code: 3004
Message:
Record Number: 64927
Source Name: WinDefend
Time Written: 20090422220405.000000-420
Event Type: warning
User:

Computer Name: HOLYCROSS
Event Code: 3004
Message:
Record Number: 64925
Source Name: WinDefend
Time Written: 20090422220402.000000-420
Event Type: warning
User:

Computer Name: HOLYCROSS
Event Code: 3004
Message:
Record Number: 64923
Source Name: WinDefend
Time Written: 20090422220357.000000-420
Event Type: warning
User:

Computer Name: HOLYCROSS
Event Code: 3004
Message:
Record Number: 64921
Source Name: WinDefend
Time Written: 20090422220357.000000-420
Event Type: warning
User:

=====Application event log=====

Computer Name: HOLYCROSS
Event Code: 1015
Message: TraceLevel parameter not located in registry;
Default trace level used is 32.

Record Number: 7644
Source Name: EvntAgnt
Time Written: 20080729193156.000000-420
Event Type: warning
User:

Computer Name: HOLYCROSS
Event Code: 1003
Message: TraceFileName parameter not located in registry;
Default trace file used is .

Record Number: 7643
Source Name: EvntAgnt
Time Written: 20080729193156.000000-420
Event Type: warning
User:

Computer Name: HOLYCROSS
Event Code: 1517
Message: Windows saved user HOLYCROSS\Junior registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 7640
Source Name: Userenv
Time Written: 20080728215347.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: HOLYCROSS
Event Code: 1015
Message: TraceLevel parameter not located in registry;
Default trace level used is 32.

Record Number: 7635
Source Name: EvntAgnt
Time Written: 20080728184816.000000-420
Event Type: warning
User:

Computer Name: HOLYCROSS
Event Code: 1003
Message: TraceFileName parameter not located in registry;
Default trace file used is .

Record Number: 7634
Source Name: EvntAgnt
Time Written: 20080728184816.000000-420
Event Type: warning
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 44 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2c02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"VGAVCF"=c:\Program Files\Matrox Imaging\drivers\vga\vcf

-----------------EOF-----------------

#7 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:56 PM

Posted 30 April 2009 - 11:17 PM

GMER log please? :thumbup2:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#8 Dholy

Dholy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:56 PM

Posted 01 May 2009 - 01:16 AM

Ran Gmer went to copy and paste report, computer stopped processing. Tried second time computer restarted automaticlly? Should I try a thrid time?

Edited by Dholy, 01 May 2009 - 01:23 AM.


#9 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:56 PM

Posted 01 May 2009 - 03:14 AM

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from HERE or HERE or HERE and save it to your Desktop.

During the download, rename Combofix to Combo-Fix as follows:

Posted Image

Posted Image


It is important you rename Combofix during the download, but not after.

**NOTE: If you are using Firefox, make sure that your download settings are as follows:
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".

After that, double-click and run Combo-Fix. Let it finish its job and post the log here

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#10 Dholy

Dholy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:56 PM

Posted 01 May 2009 - 09:20 PM

ComboFix 09-05-02.4 - Junior 05/01/2009 18:52.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.191.57 [GMT -7:00]
Running from: c:\documents and settings\Junior\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Need2Find
c:\program files\Need2Find\bar\History\search
c:\windows\Fonts\acrsecB.fon
c:\windows\Fonts\acrsecI.fon
c:\windows\smdat32a.sys
c:\windows\smdat32m.sys
c:\windows\system32\lomitete.dll
c:\windows\system32\ulihovim.ini
c:\windows\system32\vemumise.dll
c:\windows\system32\yegusaso.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BOONTY_GAMES
-------\Service_Boonty Games


((((((((((((((((((((((((( Files Created from 2009-04-02 to 2009-05-02 )))))))))))))))))))))))))))))))
.

2009-05-01 02:14 . 2009-05-01 02:14 -------- d-----w c:\program files\trend micro
2009-05-01 02:13 . 2009-05-01 02:14 -------- d-----w C:\rsit
2009-04-30 00:26 . 2009-04-30 00:26 -------- d-----w c:\program files\ERUNT
2009-04-27 03:29 . 2009-04-27 03:32 -------- d-----w c:\program files\Exterminate It!
2009-04-27 03:23 . 2008-10-24 11:21 455296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2009-04-27 03:23 . 2008-12-11 10:57 333952 ------w c:\windows\system32\dllcache\srv.sys
2009-04-27 03:21 . 2008-10-15 16:34 337408 ------w c:\windows\system32\dllcache\netapi32.dll
2009-04-27 03:17 . 2009-04-27 03:17 -------- d-----w c:\windows\system32\CatRoot_bak
2009-04-27 01:16 . 2009-04-27 01:25 -------- d-----w c:\windows\ServicePackFiles
2009-04-26 23:34 . 2009-04-27 03:01 -------- d-----w c:\program files\Windows Live Safety CenterRebootActions
2009-04-26 21:33 . 2009-04-26 21:38 -------- d-----w c:\program files\Windows Live Safety Center
2009-04-25 16:49 . 2009-04-27 01:24 -------- d-----w c:\windows\system32\scripting
2009-04-25 16:49 . 2009-04-27 01:24 -------- d-----w c:\windows\l2schemas
2009-04-25 16:48 . 2009-04-27 01:24 -------- d-----w c:\windows\system32\en
2009-04-25 16:48 . 2009-04-27 01:24 -------- d-----w c:\windows\system32\bits
2009-04-25 16:11 . 2009-02-09 12:10 617472 ----a-w c:\windows\system32\advapi32.dll
2009-04-25 16:10 . 2009-04-27 00:53 -------- d-----w c:\windows\EHome
2009-04-24 19:42 . 2009-04-24 22:07 -------- d-----w c:\program files\RegCure
2009-04-23 05:36 . 2009-04-23 05:36 -------- d-----w c:\program files\Illustrate
2009-04-23 05:35 . 2009-04-23 05:35 -------- d-----w c:\program files\Apple Software Update
2009-04-23 05:35 . 2009-04-23 05:35 -------- d-----w c:\program files\Bonjour
2009-04-23 05:35 . 2009-04-23 05:35 -------- d-----w c:\program files\Common Files\Apple
2009-04-23 05:30 . 2009-04-23 05:30 -------- d-----w c:\windows\LastGood(2)
2009-04-22 05:57 . 2009-04-23 05:35 -------- d-----w C:\6eb71efb1748be66e578615e46d88f
2009-04-22 05:33 . 2009-04-23 05:35 -------- dc----w c:\windows\ie8
2009-04-22 05:30 . 2009-04-23 05:35 -------- d-----w C:\9a8c15e3b814b6817cbda9
2009-04-22 05:17 . 2009-04-24 23:12 -------- d-----w c:\program files\Windows Defender
2009-04-19 04:39 . 2009-04-19 04:39 -------- d-----w C:\ProgramData
2009-04-17 00:27 . 2009-03-06 14:22 284160 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-17 00:27 . 2009-02-09 12:10 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-17 00:27 . 2009-02-06 11:11 110592 ------w c:\windows\system32\dllcache\services.exe
2009-04-17 00:27 . 2009-02-09 12:10 473600 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-17 00:27 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-17 00:27 . 2009-02-09 12:10 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-17 00:27 . 2009-02-09 12:10 729088 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-04-17 00:27 . 2009-02-09 12:10 617472 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-17 00:27 . 2009-02-09 12:10 714752 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-17 00:27 . 2009-02-06 11:06 2145280 ------w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-04-17 00:27 . 2009-02-06 11:08 2189056 ------w c:\windows\system32\dllcache\ntoskrnl.exe
2009-04-17 00:27 . 2009-02-06 10:32 2023936 ------w c:\windows\system32\dllcache\ntkrpamp.exe
2009-04-17 00:26 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-17 00:26 . 2008-04-21 12:08 215552 ------w c:\windows\system32\dllcache\wordpad.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-02 02:07 . 2009-03-31 00:56 868 ----a-w c:\windows\Tasks\Google Software Updater.job
2009-05-02 02:07 . 2009-04-24 19:44 440 ----a-w c:\windows\Tasks\RegCure Program Check.job
2009-05-02 02:06 . 2005-09-27 18:15 6 ---ha-w c:\windows\Tasks\SA.DAT
2009-04-27 01:33 . 2005-09-26 22:37 76487 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-27 00:18 . 2009-04-24 19:43 374 ----a-w c:\windows\Tasks\RegCure.job
2009-04-23 17:36 . 2006-02-26 01:49 82368 -c--a-w c:\documents and settings\Junior\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-23 05:38 . 2009-02-23 03:47 -------- d-----w c:\program files\Libronix DLS
2009-04-23 05:34 . 2005-09-27 00:42 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-23 05:34 . 2005-09-26 23:24 -------- d-----w c:\program files\VIA
2009-04-11 01:30 . 2006-04-03 17:23 262 ----a-w c:\windows\Tasks\Disk Cleanup.job
2009-03-06 14:22 . 2004-08-04 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2004-08-04 12:00 826368 ----a-w c:\windows\system32\wininet.dll
2009-03-03 00:18 . 2004-08-04 12:00 826368 ----a-w c:\windows\system32\wininet(2).dll
2009-02-20 18:09 . 2004-08-04 12:00 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-20 18:09 . 2004-08-04 12:00 1160192 ----a-w c:\windows\system32\urlmon(2).dll
2009-02-20 18:09 . 2004-08-04 12:00 3595264 ----a-w c:\windows\system32\mshtml(2).dll
2009-02-09 12:10 . 2009-04-25 16:11 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2009-04-25 16:11 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2004-08-04 12:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 11:13 . 2009-04-25 16:11 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-08 02:02 . 2009-04-25 16:11 2066048 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-06 11:11 . 2009-04-25 16:11 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:08 . 2009-04-25 16:11 2189056 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2004-08-04 12:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 19:59 . 2004-08-04 12:00 56832 ----a-w c:\windows\system32\secur32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2003-12-09 57344]
"EPSON Stylus Photo R200 Series (Copy 1)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE" [2003-07-08 99840]

c:\documents and settings\Junior\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Yahoo!\\browser\\ybrowser.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R1 nbuvjxzs;nbuvjxzs; [x]
R3 ICDUSB2;Sony IC Recorder (ST);c:\windows\system32\Drivers\ICDUSB2.sys [2002-11-29 39048]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{853ec73f-5d6b-11da-a4a3-00142abc848e}]
\Shell\AutoRun\command - winshell110.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ee798af3-6533-11da-bf39-00142ad3bebc}]
\Shell\AutoRun\command - winshell110.exe
.
Contents of the 'Scheduled Tasks' folder

2009-04-11 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2004-08-04 00:12]

2009-05-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-23 04:58]

2009-05-02 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 17:58]

2009-04-27 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 17:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZCxdm492NYUS
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-01 19:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1948)
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\snmp.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\Yahoo!\browser\ycommon.exe
.
**************************************************************************
.
Completion time: 2009-05-02 19:16 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-02 02:15

Pre-Run: 23,679,504,384 bytes free
Post-Run: 24,197,685,248 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

188 --- E O F --- 2009-04-29 01:35

#11 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:56 PM

Posted 02 May 2009 - 05:58 AM

Please download the OTMoveIt3 by OldTimer
  • Save it to your Desktop.
  • Please double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Let the Unregister Dll's and Ocx's remain ticked and Zip Files After Moves remain unticked..
  • Copy the codebox contents and paste it to the "Paste List of Files/Folders to Move" window (under the light Yellow bar)

    :processes
    explorer.exe
    
    :services
    nbuvjxzs
    
    :reg
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{853ec73f-5d6b-11da-a4a3-00142abc848e}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ee798af3-6533-11da-bf39-00142ad3bebc}]
    
    :commands
    [purity]
    [emptytemp]
    [start explorer]
    [reboot]
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.




Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Post me these logs in your next reply..
1, OTMoveIt3
2. Malwarebytes'
3. ESET Online
4. How's the computer now? :thumbup2:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#12 Dholy

Dholy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:56 PM

Posted 02 May 2009 - 04:53 PM

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========

Service\Driver nbuvjxzs deleted successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{853ec73f-5d6b-11da-a4a3-00142abc848e}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ee798af3-6533-11da-bf39-00142ad3bebc}\\ deleted successfully.
========== COMMANDS ==========
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Junior\Local Settings\Temporary Internet Files\Content.IE5\HH5VQ4EC\iframe[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Junior\Local Settings\Temporary Internet Files\Content.IE5\HH5VQ4EC\index[4].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Junior\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_a4.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05022009_144211

Files moved on Reboot...
C:\Documents and Settings\Junior\Local Settings\Temporary Internet Files\Content.IE5\HH5VQ4EC\iframe[1].htm moved successfully.
C:\Documents and Settings\Junior\Local Settings\Temporary Internet Files\Content.IE5\HH5VQ4EC\index[4].htm moved successfully.
C:\WINDOWS\temp\Perflib_Perfdata_a4.dat moved successfully.

#13 Dholy

Dholy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:56 PM

Posted 02 May 2009 - 06:51 PM

Malwarebytes' Anti-Malware 1.36
Database version: 2067
Windows 5.1.2600 Service Pack 3

5/2/2009 4:23:11 PM
mbam-log-2009-05-02 (16-23-11).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 138172
Time elapsed: 50 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 15
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 4
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ErrorRepairTool (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\ProgramData\RD Platinum v5.0 (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Junior\Application Data\ErrorRepairTool (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Junior\Application Data\ErrorRepairTool\Log (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Junior\Application Data\ErrorRepairTool\Registry Backups (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.

Files Infected:
C:\System Volume Information\_restore{2AC40D97-1C11-4D9C-B7E8-FA720CE2C708}\RP697\A0146427.exe (Rogue.RegistryDefender5) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2AC40D97-1C11-4D9C-B7E8-FA720CE2C708}\RP697\A0146429.exe (Rogue.RegistryDefender5) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2AC40D97-1C11-4D9C-B7E8-FA720CE2C708}\RP697\A0146430.exe (Rogue.RegistryDefender5) -> Quarantined and deleted successfully.
C:\ProgramData\RD Platinum v5.0\report.csv (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Junior\Application Data\ErrorRepairTool\Log\2008 Oct 06 - 08_00_55 PM_656.log (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Junior\Application Data\ErrorRepairTool\Registry Backups\2008-10-06_20-02-44.reg (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.

#14 Dholy

Dholy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:56 PM

Posted 02 May 2009 - 07:32 PM

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=4049 (20090501)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=0326740f6b286746b483d1b0e83ec23f
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2009-05-03 12:26:42
# local_time=2009-05-02 05:26:42 (-0800, Pacific Daylight Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=161671
# found=11
# scan_time=1931
C:\Documents and Settings\Junior\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{034DB2E5-9A93-4840-96CC-E7AA578D500B} Win32/Qhost trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\Junior\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{0AD4ABDE-FF4D-44AD-A048-ADAD3907AB79} Win32/Qhost trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\Junior\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{56A0F2B9-14A9-4DB3-A2A1-9F9DA62F30F6} Win32/Qhost trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\Junior\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{5A634272-13FE-449F-976F-298269D62A3F} Win32/Qhost trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\Junior\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{6DAEEE70-EE0D-4C21-852D-0E2218454FCD} Win32/Qhost trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\Junior\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{7DDEA51C-C1DC-4DD7-93D9-973D9F0022E9} Win32/Qhost trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\Junior\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{9A545E7C-9388-40D3-8331-F64F85BF357B} Win32/Qhost trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\Junior\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{AD5C3964-E748-43FC-97BB-40253F2BE07A} Win32/Qhost trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\Junior\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{B975B3EE-B80A-4EF9-849C-15DA51BEFB46} Win32/Qhost trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\Junior\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{BC21D40F-C72C-4F77-A214-D6027322A1C0} Win32/Qhost trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\system32\ulihovim.ini.vir Win32/Adware.Virtumonde.NEO~datafile application (unable to clean - deleted) 00000000000000000000000000000000

#15 Dholy

Dholy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:56 PM

Posted 02 May 2009 - 07:42 PM

Computer is running better than before! That's awsome! Thank you. :thumbup2: Is my computer still infected and what should I do with all the programs I have on my desktop?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users