Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Vundo.H (Please help me fix)


  • This topic is locked This topic is locked
19 replies to this topic

#1 MIRABELLO

MIRABELLO

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:36 AM

Posted 28 May 2009 - 06:31 PM

Thanks so much in advance.

The computer suddenly had all these pop up windows appearing; then it ran very slowly. I noticed a file called avguard.exe was taking up 99% of CPU usage consistently. I could not do anything; I transfered the main HDD to another computer and made it a slave. From there I ran Symantec's Trojan.Vundo.B Removal Tool (useless - did not detect); vundofix.atribune.org (did not detect) and Malwarebytes' Anti-Malware (which did remove 42 instances of infected objects). I then returned the HDD to the original computer and ran the OS (XP); multiple runs of Malwarebytes' Anti-Malware did not remove 3 virus objects that kept returning:

I have attached both the DDS.txt and the Attach.txt files which were generated after running dds.scr

Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 5.1.2600 Service Pack 2

5/28/2009 7:24:13 PM
mbam-log-2009-05-28 (19-24-05a).txt

Scan type: Quick Scan
Objects scanned: 5064
Time elapsed: 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0e0d45b7-55a6-4666-8064-9a6a164857b1} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{0e0d45b7-55a6-4666-8064-9a6a164857b1} (Trojan.Vundo.H) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\buyijuvuju (Trojan.Vundo.H) -> No action taken.

I hope you can help me. Have read may similar examples and want guidance in using ComboFix.

Attached Files



BC AdBot (Login to Remove)

 


#2 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:36 AM

Posted 29 May 2009 - 10:47 AM

Hello MIRABELLO :thumbup2: Welcome to the BC HijackThis Log and Analysis forum. I will be assisting you in cleaning up your system.


I ask that you refrain from running tools other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.



In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond the your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.





Please perform the following:



Do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.



  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)





When completed please post both both logs fromRSIT as well as the one from Kaspersky.





Thanks,



thewall
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#3 MIRABELLO

MIRABELLO
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:36 AM

Posted 30 May 2009 - 06:01 AM

Thank you so much for the quick response. Here are the three files:

KASPERSKY ONLINE SCANNER 7.0 REPORT
Saturday, May 30, 2009
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Friday, May 29, 2009 21:54:48
Records in database: 2273495
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
C:\
D:\
E:\
F:\
R:\
V:\

INFO.TXT:
info.txt logfile of random's system information tool 1.06 2009-05-29 19:32:12

======Uninstall list======

-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->MsiExec.exe /I{C4CBAD7E-DF4A-4FEC-AC17-8BC709AFB844}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{326C976A-8B3D-463F-976B-9D72DA50D3B0}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acronis True Image-->MsiExec.exe /X{CA83357B-931E-44DC-AD43-9996FEEB8116}
Ad-Aware SE Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 2.1-->MsiExec.exe /I{25569723-DC5A-4467-A639-79535BF01B71}
Adobe MPEG Encoder-->MsiExec.exe /I{9811A185-3D3D-11D6-9E14-00036D172B00}
Adobe Photoshop CS-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
Adobe Photoshop Elements 5.0-->msiexec /I {A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}
Adobe Photoshop Lightroom-->MsiExec.exe /I{CBCDEDF3-A2E5-4402-8E9E-E2C23DBE1DA8}
Adobe Premiere 6.5-->C:\WINDOWS\UNINST.EXE -f"C:\Program Files\Adobe\Premiere 6.5\DeIsL1.isu" -c"C:\Program Files\Adobe\Premiere 6.5\Uninst.dll"
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Advanced RealMedia Export Plug-in for Premiere 6.0-->C:\Program Files\Adobe\Premiere 6.5\Plug-ins\RNCompiler\rnuninst.exe RealNetworks|RNCompiler|6.0
Age of Mythology - The Titans Expansion-->"C:\Program Files\Microsoft Games\Age of Mythology\UNINSTXP.EXE" /runtemp /addremove
Age of Mythology-->"C:\Program Files\Microsoft Games\Age of Mythology\UNINSTAL.EXE" /runtemp /addremove
Apple Mobile Device Support-->MsiExec.exe /I{AFA20D47-69C3-4030-8DF8-D37466E70F13}
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Atomic Clock Sync-->C:\PROGRA~1\ATOMIC~1\UNWISE.EXE C:\PROGRA~1\ATOMIC~1\INSTALL.LOG
Audacity 1.2.6-->"d:\Program Files\Audacity\unins000.exe"
AutoHotkey 1.0.47.06-->C:\Program Files\AutoHotkey\uninst.exe
Avery Media Software 32 bit-->C:\WINDOWS\MVUNINST\App1\unwise.exe C:\WINDOWS\MVUNINST\APP1\INSTALL.LOG "Avery Media Software Uninstall"
AVG Free 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Azureus-->C:\Program Files\Azureus\Uninstall.exe
Blender (remove only)-->"C:\Program Files\Blender Foundation\Blender\uninstall.exe"
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
BookSmart™ 1.9.5 1.9.5-->D:\Program Files\BLURBBookSmart\uninstall.exe
Camtasia Studio 3-->d:\Program Files\TechSmith\Camtasia Studio 3\CSuninst.EXE
Canon Camera Access Library-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{901F8ED7-13E8-43EF-B738-2FE89B0588EB} /l1033
Canon Camera Support Core Library-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{A1D0D14A-B776-4907-BC00-5149F2298086} /l1033
Canon Camera Window DC_DV 5 for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}
Canon Camera Window DC_DV 6 for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{50E25180-3BDC-4B6D-80A2-3F1F0C9CF39D}
Canon Camera Window DSLR 5 for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{0A146245-DB79-4197-BF5D-FE1A699A2CC7}
Canon Camera Window MC 6 for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{6C3A75A6-9A90-44A3-A703-82AC1EA6A85D}
Canon IXY 320, PowerShot S230, IXUS v3 WIA Driver-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{E1CDCB03-A90F-4A74-BE8C-CD3AF43190CA}
Canon MovieEdit Task for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{4DBBF091-FACD-422C-B43C-786335BD5398}
Canon PhotoRecord-->C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\Canon\PhotoRecord\Uninst.isu -c"C:\PROGRA~1\Canon\PhotoRecord\Program\uninstdll.dll"
Canon RAW Image Task for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{44E24545-F317-4498-B7CD-240DE7BA8DE2}
Canon Utilities FileViewerUtility 1.0-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{0627E8E9-6822-4A5E-9225-286741CDC3E4}
Canon Utilities PhotoStitch 3.1-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{A3E0FF15-90D5-40CD-8565-B80A433B0D4C}
Canon Utilities RemoteCapture 2.6-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{B08894AF-D523-46B1-9B9B-2DA6B29CDD23}
Canon ZoomBrowser EX (E)-->MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
CardScan 8.0.3-->MsiExec.exe /I{40629090-205C-440A-BD09-A3BAA0309FCA}
Catan - The Computer Game-->"C:\Program Files\MSN Games\Catan - The Computer Game\Uninstall.exe" "C:\Program Files\MSN Games\Catan - The Computer Game\install.log"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Chikka (3.0.47) -->C:\PROGRA~1\Chikka\UNWISE.EXE C:\PROGRA~1\Chikka\INSTALL.LOG
Chikka (3.0.47) -->C:\PROGRA~1\Chikka\UNWISE.EXE C:\PROGRA~1\Chikka\INSTALL.LOG
Chikka Messenger V4-->C:\PROGRA~1\CHIKKA~2\CHIKKA~1.4\UNWISE.EXE C:\PROGRA~1\CHIKKA~2\CHIKKA~1.4\INSTALL.LOG
Color Schemer Studio-->"d:\Program Files\Color Schemer Studio\unins000.exe"
ConvertHelper 2.2-->"C:\Program Files\ConvertHelper\unins000.exe"
Cool Edit Pro 2.0-->C:\Program Files\coolpro2\cep2unin.exe
CorelDRAW Graphics Suite X3-->MsiExec.exe /I{63218538-4A69-497F-8455-904261B0E9E4}
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Dial Plan Wizard-->MsiExec.exe /I{D2009E42-340D-4D38-8B90-5AE796D5FF6F}
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
DVDInfoPro-->MsiExec.exe /I{0D3AD4BA-C593-4625-9C9D-BD21BF28EB77}
DVDInfoPro-->MsiExec.exe /I{ED542793-8163-4D13-B5D1-B5EF433B8E89}
Dynamic-Photo HDR Trial 3.36-->"d:\Program Files\DynamicPhotoHDR\unins000.exe"
EA Download Manager-->C:\Program Files\Electronic Arts\EADM\Uninstall.exe
EditPlus 2-->C:\Program Files\EditPlus 2\remove.exe
eFax Messenger 4.3-->C:\Program Files\eFax Messenger 4.3\Uninstall.exe
eMachines Bay Reader-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}
EN-->MsiExec.exe /I{32A72502-BC2C-4C39-ACEA-BC3D463F0697}
FairUse Wizard 2 LE-->"D:\Program Files\FairUse Wizard 2\un_FU-Setup_14333.exe"
Finale Reader 2009-->C:\Program Files\Finale Reader\uninstallRD.exe
FLV Player 1.3.3-->"d:\Program Files\FLVPlayer\uninstall.exe"
FLV Player-->"C:\WINDOWS\FLV Player\uninstall.exe" "/U:d:\Program Files\FLV Player\Uninstall\uninstall.xml"
FontNav-->MsiExec.exe /I{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}
foobar2000 v0.9.6.7-->"C:\Program Files\foobar2000\uninstall.exe" _?=C:\Program Files\foobar2000
Garmin Communicator Plugin-->MsiExec.exe /X{3A7BF905-F37D-4DFB-8308-EC3AA4617B36}
Garmin MapSource-->MsiExec.exe /X{CF07A1C9-098F-47DD-99E0-B6558C33871B}
Garmin POI Loader-->MsiExec.exe /X{80A2A967-C1B7-412D-B2B2-C4A33209C205}
GIGABYTE VGA Utility Manager-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\GigaByte\VGA Utility Manager\Uninst.isu"
GoldWave v4.26-->C:\WINDOWS\sxstall2.exe "GoldWave v4.26" "D:\Program Files\GoldWave\unstall.log"
GoldWave v5.18-->"D:\Program Files\GoldWave\unstall.exe" "GoldWave v5.18" "D:\Program Files\GoldWave\unstall.log"
Google Calendar Sync-->"d:\Program Files\Google\Google Calendar Sync\uninstall.exe"
Google Desktop Plugin - gdSkype-->MsiExec.exe /X{B21F8E8C-3C67-4BB7-94D4-48542C85D60A}
Google Desktop Plugin - Goocal-->MsiExec.exe /X{CDF3606C-63B5-4BA1-BA14-6158F36756B1}
Google Desktop Plugin - GoogleCalendar-->MsiExec.exe /X{B1D5486F-5490-4197-A9EC-133829D14306}
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Earth-->MsiExec.exe /I{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}
Google Earth-->MsiExec.exe /X{CC016F21-3970-11DE-B878-005056806466}
Google Talk Plugin-->MsiExec.exe /I{5012BC0C-7E1A-329A-8F02-B6846070C5F8}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Google Video Player-->"C:\Program Files\Google\Google Video Player\Uninstall.exe"
Google Video Uploader-->"C:\Program Files\Google Video\Uninstall.exe"
GroupMail :: Business Edition-->"C:\Documents and Settings\mbira\Application Data\unins000.exe"
HFX PLUS for Studio-->C:\WINDOWS\unvise32.exe C:\Program Files\Pinnacle\HFX PLUS for Studio\uninstal.log
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hollywood FX Pack 26 - Extra FX-->C:\WINDOWS\unvise32.exe C:\WINDOWS\unextrafx.log
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
hp color LaserJet 2550 series-->MsiExec.exe /x {7ABD6243-A825-46AE-B1B4-B5AE845AA7A9}
HP Install Network Printer Wizard-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A440B9C-4BD5-44F8-BE3A-2C8697449BBA}\Setup.exe" -l0x9 UNINSTALL
HP Software Update-->MsiExec.exe /X{90B5E602-1867-449D-86FD-FC9DEA4434BF}
iGadget 4.1.0.0-->"d:\Program Files\Purple Ghost\iGadget\unins000.exe"
ImgBurn-->"d:\Program Files\ImgBurn\uninstall.exe"
Instant Wireless USB Network Adapter ver.2.5 Configuration Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1271176E-D68F-4E6A-9ED2-A1ED841852F5}\Setup.EXE" -l0x9
iPod for Windows 2006-01-10-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{3D047C15-C859-45F7-81CE-F2681778069B} /l1033
Ipswitch WS_FTP Home 2007-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11DE2361-9F73-47B3-B638-2F267927E307}\setup.exe" -l0x9 -removeonly
IsoBuster 2.4-->"C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe"
iTunes-->MsiExec.exe /I{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Lame ACM MP3 Codec-->C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_LameMP3 132 C:\WINDOWS\INF\LameACM.inf
Legacy 6.0-->C:\Legacy\UNWISE.EXE /U C:\Legacy\Install.log
LiveReg (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\LiveReg\VCSETUP.EXE /REMOVE
LiveUpdate (Symantec Corporation)-->MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate"
LiveUpdate (Symantec Corporation)-->MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}
LiveUpdate Notice (Symantec Corporation)-->MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Logitech MouseWare 9.79.1 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\Setup.exe" -l0x9 -l0009 UNINSTALL
Macromedia Dreamweaver 8-->MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
Macromedia Extension Manager-->MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Fireworks 8-->MsiExec.exe /I{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}
MagicTune3.6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1C04D433-2EDF-4AFB-B31B-C0B13065092F}\setup.exe" -l0x9
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MapCenter - mapset-->d:\Program Files\MapCenter\uninstall.exe
MapleStory-->MsiExec.exe /I{8BF863F9-7739-4DA4-B40A-2AD76D571B82}
MapleStoryT-->MsiExec.exe /I{1D3D783B-2588-4DE6-94A2-9F0BC6946EB7}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Windows Logo-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CF149A60-8F5A-4632-B5DE-EC35BCB5ADFC}\Setup.exe"
Mobipocket Creator 4.2-->MsiExec.exe /I{AFE499B5-FCC4-45E6-A1A5-3C51AE0E539B}
Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Music Assistant-->rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
MultiRen Shell Extension-->C:\Temp\MultiREName\multiren\mrsetup.exe
MyPublisher BookMaker-->C:\Program Files\MyPublisher\BookMaker\BookMaker.exe -uninstall
Natural Color Pro-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC2C7405-BC58-4E11-8F51-29671BEAC06B}\setup.exe" -l0x9
Nero 8-->MsiExec.exe /X{5FCCD531-1B38-4A94-924C-127F722F1033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Nokia Connectivity Cable Driver-->MsiExec.exe /X{6882DD11-33B8-4DEA-8305-7E765BF74BD3}
Nokia PC Connectivity Solution-->MsiExec.exe /I{0D80391C-0A72-43BB-9BC2-143F63CC111D}
Nokia PC Suite-->MsiExec.exe /I{531317A5-586A-4E36-87C1-CA823447B375}
Nokia Software Updater-->MsiExec.exe /I{5A7E1140-CDA9-40A6-9B69-1550BCBDD867}
Norton Ghost 10.0-->MsiExec.exe /X{32F720F5-2D0D-4245-A2B0-9EB3CECF8101}
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Pando Media Booster-->C:\Program Files\Pando Networks\Media Booster\uninst.exe
Photo Story 3 for Windows-->MsiExec.exe /I{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
Pinnacle HFX Volume 2-->C:\WINDOWS\unvise32.exe C:\Program Files\Pinnacle\Hollywood FX for Studio\6.0\unvol2log
Pinnacle Hollywood FX 4.6-->C:\WINDOWS\unvise32.exe C:\Program Files\Pinnacle\Hollywood FX 4.6\uninstal.log
Pinnacle Hollywood FX Pack1 - Holiday FX-->C:\WINDOWS\unvise32.exe C:\WINDOWS\unhfxpack1.log
Pinnacle Hollywood FX Pack2 - Family FX-->C:\WINDOWS\unvise32.exe C:\WINDOWS\unhfxpack2.log
Pinnacle Instant DVD Recorder-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}\setup.exe" -l0x9 UNINSTALL
PowerQuest Drive Image 5.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9075FCA2-7B7E-46A3-841A-52519270C1B2}\Setup.exe"
proDAD Heroglyph 2.5-->"C:\Program Files\proDAD\Heroglyph-2.5\uninstall.exe" uninstall spcp PATHVERSION 2.5 MAINNAME Heroglyph
proDAD Vitascene 1.0-->"C:\Program Files\proDAD\Vitascene-1.0\uninstall.exe" uninstall spcp PATHVERSION 1.0 MAINNAME Vitascene
QuickBooks Premier 2002: Accountant Edition-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{809987B2-F964-11D4-A1A5-00104BD190B1}\setup.exe" -addremove
QuickBooks Pro Edition 2003-->C:\Program Files\Installshield Installation Information\{237a4b22-78c2-11d6-a394-00104bd190b1}\QBReplace.exe {237a4b22-78c2-11d6-a394-00104bd190b1}#{AD46C591-FB19-11D5-A316-00104BD190B1}
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
RawShooter essentials 2005-->C:\PROGRA~1\PIXMAN~1\RAWSHO~1.0\UNWISE.EXE C:\PROGRA~1\PIXMAN~1\RAWSHO~1.0\INSTALL.LOG
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
RootsMagic 3.2.5.0-->"C:\Program Files\RootsMagic\unins000.exe"
Salesforce Outlook Edition 3.2-->MsiExec.exe /X{4AB8665C-A730-4C65-8BB0-A314E7E1D23E}
Samsung ML-2510 Series-->C:\Program Files\Samsung\Samsung ML-2510 Series\Install\Setup.exe /R
Scratch-->C:\Program Files\Scratch\uninstall.exe
SeaTools for Windows-->MsiExec.exe /I{98613C99-1399-416C-A07C-1EE1C585D872}
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901190)-->"C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB939373)-->"C:\WINDOWS\$NtUninstallKB939373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB942830)-->"C:\WINDOWS\$NtUninstallKB942830$\spuninst\spuninst.exe"
Security Update for Windows XP (KB942831)-->"C:\WINDOWS\$NtUninstallKB942831$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953155)-->"C:\WINDOWS\$NtUninstallKB953155$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Skype™ 3.5-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SmartSound Quicktracks Plugin-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
SoftV92 Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1\HXFSETUP.EXE -U -IURSLST5K.inf
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
SoundSoap PE-->MsiExec.exe /I{CBF78A5F-7950-4CF1-A063-C4C7B2B82CE6}
SPORE™-->"C:\Program Files\InstallShield Installation Information\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\SPORESetup.exe" -runfromtemp -l0x0009 -removeonly
Starcraft-->C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat
Startup Cop 1.1-->"C:\Program Files\StartCop\unins000.exe"
StepMania (remove only)-->"C:\Program Files\StepMania\uninstall.exe"
Studio 10.5 Patch-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{08E2EC5A-9C9D-4472-AB52-4165774BB8D8}\setup.exe" -l0x9 UNINSTALL
Studio 10.5.2 Patch-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ED775CE1-E9F7-41C4-BE91-C925E6D5F513}\setup.exe" -l0x9 UNINSTALL -removeonly
Studio 11 Bonus DVD-->C:\Program Files\InstallShield Installation Information\{45A1BF92-700A-4408-B95E-79F462E3D67D}\setup.exe -runfromtemp -l0x0009 UNINSTALL -removeonly
Studio 11 Ultimate-->C:\Program Files\InstallShield Installation Information\{CC874CBB-BD87-4126-9465-AE73BB62D6E0}\setup.exe -runfromtemp -l0x0009 -removeonly
Studio 11-->C:\Program Files\InstallShield Installation Information\{110B1ADF-2EAE-4E8F-B501-D2A1E6D8ED9D}\Setup2.exe -runfromtemp -l0x0009 UNINSTALL -removeonly
Studio Content CD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C643986-DE3C-4737-8472-CCEC36CCC267}\Setup.exe" -l0x9
Studio Premium Pack 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{20CCB867-C95A-4604-A743-0DB5C88E792E}\setup.exe" -l0x9 UNINSTALL
Studio RTFx Volume 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B03028E5-633F-41EE-84A9-2274917F9400}\Setup.exe" -l0x9 UNINSTALL
SWiSH Jukebox-->C:\WINDOWS\unvise32.exe d:\Program Files\SWiSH Jukebox\uninstal.log
SWiSH Max2-->C:\WINDOWS\unvise32.exe d:\Program Files\SWiSH Max2\uninstal.log
SWiSH Studio2-->C:\WINDOWS\unvise32.exe d:\Program Files\SWiSH Studio2\uninstal.log
SWiSH Video2-->C:\WINDOWS\unvise32.exe d:\Program Files\SWiSH Video2\uninstal.log
SWiSHmax-->C:\WINDOWS\unvise32.exe d:\Program Files\SWiSHmax\uninstal.log
SWiSHpresenter-->C:\WINDOWS\unvise32.exe d:\Program Files\SWiSHpresenter\uninstal.log
SWiSHzone.com FLV Filter-->C:\WINDOWS\unvise32.exe d:\Program Files\SWiSHzone.com FLV Filter\uninstal.log
SyncBack-->"C:\Program Files\2BrightSparks\SyncBack\unins000.exe"
SyncBackSE-->"d:\Program Files\2BrightSparks\SyncBackSE\unins000.exe"
The Rosetta Stone-->C:\WINDOWS\unvise32.exe C:\Program Files\The Rosetta Stone\TRS Support\uninstal.log
TopStyle Lite (Version 3.0)-->C:\WINDOWS\unlite3.exe "C:\Program Files\Bradbury\TopStyle3"
Travelscan 464-->MsiExec.exe /I{AA06948A-9242-4CEB-832D-D3D8D76AD953}
Tweak UI-->"C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update Manager-->MsiExec.exe /I{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}
VBA-->MsiExec.exe /I{C94E45B0-6AA6-4FB9-9AAE-22085F631880}
Vbuzzer -- Voip Your World-->C:\Program Files\vbuzzer\uninstall.exe
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
VideoLAN VLC media player 0.8.6a-->d:\Program Files\VideoLAN\VLC\uninstall.exe
WD Diagnostics-->MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
WD Drive Manager (x86)-->MsiExec.exe /X{51B833D8-66B0-4E72-92B9-4E4977EF37F2}
WebEx MeetMeNow-->C:\PROGRA~1\MOZILL~1\plugins\MyWebEx\419\\mwmcliun.exe
Windows Driver Package - Nokia Modem (06/12/2006 6.81.0.21)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_62A340731F8930057B44B8864F236850B0D49D65\nokbtmdm.inf
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Support Tools-->MsiExec.exe /I{8398B542-3CC4-44D9-83DF-696CCE70124B}
WinPcap 4.0.1-->C:\Program Files\WinPcap\uninstall.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Wireless PCI Card Configuration Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C6956F3-B586-4674-BCD0-CCF7EC1DF766}\Setup.exe" -l0x9
Wireshark 0.99.6a-->"d:\Program Files\Wireshark\uninstall.exe"
X-Lite 3.0-->"d:\Program Files\CounterPath\X-Lite\unins000.exe"
X-PRO 2.0 private build 1101-->"d:\Program Files\X-PRO\unins000.exe"
Yahoo! Desktop Login-->MsiExec.exe /I{F9AEEC34-CF00-4CBD-9E36-DF9DC4002685}
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Zinio Reader-->C:\Program Files\Zinio\uninstall.exe
Zoot 4.0-->C:\Program Files\Zoot\UnInstall_15970.exe
Zoot 5.0-->"d:\Program Files\Zoot32\un_z5_Install_17229.exe"

======Hosts File======

127.0.0.1 localhost
82.98.231.89 url.adtrgt.com
82.98.231.89 googleads2.gdoubleclick.net

======Security center information======

AV: AVG Anti-Virus Free
FW: Norton AntiVirus

======System event log======

Computer Name: ATHLON-T6524
Event Code: 7022
Message: The Avira AntiVir Scheduler service hung on starting.

Record Number: 142164
Source Name: Service Control Manager
Time Written: 20090523164443.000000-240
Event Type: error
User:

Computer Name: ATHLON-T6524
Event Code: 10009
Message: DCOM was unable to communicate with the computer DOCOMO using any of the configured
protocols.

Record Number: 142163
Source Name: DCOM
Time Written: 20090523164358.000000-240
Event Type: error
User: ATHLON-T6524\Administrator

Computer Name: ATHLON-T6524
Event Code: 10009
Message: DCOM was unable to communicate with the computer DOCOMO using any of the configured
protocols.

Record Number: 142162
Source Name: DCOM
Time Written: 20090523164358.000000-240
Event Type: error
User: ATHLON-T6524\Administrator

Computer Name: ATHLON-T6524
Event Code: 10009
Message: DCOM was unable to communicate with the computer HPTX200Z using any of the configured
protocols.

Record Number: 142161
Source Name: DCOM
Time Written: 20090523164357.000000-240
Event Type: error
User: ATHLON-T6524\Administrator

Computer Name: ATHLON-T6524
Event Code: 57
Message: The system failed to flush data to the transaction log. Corruption may occur.

Record Number: 142159
Source Name: Ftdisk
Time Written: 20090523164316.000000-240
Event Type: warning
User:

=====Application event log=====

Computer Name: ATHLON-T6524
Event Code: 4113
Message:
Record Number: 58242
Source Name: Avira AntiVir
Time Written: 20090523164715.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: ATHLON-T6524
Event Code: 4113
Message:
Record Number: 58241
Source Name: Avira AntiVir
Time Written: 20090523164713.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: ATHLON-T6524
Event Code: 32068
Message: The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly.
Country/region code: '*'
Area code: '*'

Record Number: 58235
Source Name: Microsoft Fax
Time Written: 20090523164439.000000-240
Event Type: warning
User:

Computer Name: ATHLON-T6524
Event Code: 32026
Message: Fax Service failed to initialize any assigned fax devices (virtual or TAPI).
No faxes can be sent or received until a fax device is installed.

Record Number: 58234
Source Name: Microsoft Fax
Time Written: 20090523164438.000000-240
Event Type: warning
User:

Computer Name: ATHLON-T6524
Event Code: 2570
Message: Adobe Active File Monitor Service has Started.

Record Number: 58226
Source Name: Adobe Active File Monitor 5.0
Time Written: 20090523164412.000000-240
Event Type:
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Program Files\ATI Technologies\ATI Control Panel;d:\Program Files\SWiSHpresenter;D:\Program Files\Support Tools\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2f02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------



LOG.TXT
Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2009-05-29 19:01:47
Microsoft Windows XP Professional Service Pack 2
System drive C: has 217 GB (46%) free of 477 GB
Total RAM: 1406 MB (19% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:32:03 PM, on 5/29/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\GEARSec.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
D:\Program Files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe
C:\Program Files\QuickTime\QTTask.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\CardScan\CardScan\System\csynccfg.exe
C:\Documents and Settings\Administrator.ATHLON-T6524\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
D:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
D:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
D:\Program Files\Linksys\WUSB11 v25 Config Utility\WUSB11Cfg.exe
C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe
D:\Program Files\2BrightSparks\SyncBackSE\SyncBackSE.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Documents and Settings\administrator\My Documents\Downloads\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://plus.cnbc.com/player/main.do
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O1 - Hosts: 82.98.231.89 url.adtrgt.com
O1 - Hosts: 82.98.231.89 googleads2.gdoubleclick.net
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0e0d45b7-55a6-4666-8064-9a6a164857b1} - C:\WINDOWS\system32\lisabavo.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\eMachines Bay Reader\shwiconem.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [StatusClient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [buyijuvuju] Rundll32.exe "C:\WINDOWS\system32\luseyiko.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CardScan AutoSync] "D:\Program Files\CardScan\CardScan\System\csynccfg.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator.ATHLON-T6524\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-19\..\Run: [buyijuvuju] Rundll32.exe "C:\WINDOWS\system32\luseyiko.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [buyijuvuju] Rundll32.exe "C:\WINDOWS\system32\luseyiko.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1454471165-1993962763-854245398-1115\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-1454471165-1993962763-854245398-1129\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (User '?')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [HP CLJ2550 Install] J:\hpinst.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [HP CLJ2550 Install] J:\hpinst.exe (User 'Default user')
O4 - Startup: SyncBackSE.lnk = D:\Program Files\2BrightSparks\SyncBackSE\SyncBackSE.exe
O4 - Global Startup: Acrobat Assistant.lnk = D:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Calendar Sync.lnk = D:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
O4 - Global Startup: Instant Wireless Configuration Utility.lnk = ?
O4 - Global Startup: Wireless PCI Card Configuration Utility.lnk = C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra button: Start WebEx MeetMeNow - {F5AD6CC5-776C-4DBB-B38F-F5404A3582F3} - C:\PROGRA~1\MOZILL~1\plugins\MyWebEx\419\mwmie.dll
O9 - Extra 'Tools' menuitem: Start WebEx MeetMeNow - {F5AD6CC5-776C-4DBB-B38F-F5404A3582F3} - C:\PROGRA~1\MOZILL~1\plugins\MyWebEx\419\mwmie.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shock...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E638367A-3A2B-433F-BC32-004F548866AA}: NameServer = 68.94.156.1,68.94.157.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL C:\WINDOWS\system32\foremeso.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - D:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c8809a5b13dc2a) (gupdate1c8809a5b13dc2a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe

--
End of file - 14665 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-725345543-839522115-1006.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-725345543-839522115-500.job
C:\WINDOWS\tasks\SyncBack Active Projects 2006.job
C:\WINDOWS\tasks\SyncBackSE Active Projects 2006 toDVD Bakup.job
C:\WINDOWS\tasks\SyncBackSE My PIX Bakup.job
C:\WINDOWS\tasks\SyncBackSE MyMusic toWDMyBook Bakup.job
C:\WINDOWS\tasks\SyncBackSE MyMusic toWDMyBook Bakup2.job
C:\WINDOWS\tasks\SyncBackSE SCFAS Production Site Bakup.job
C:\WINDOWS\tasks\SyncBackSE scfasPROD2appdesitebak.job
C:\WINDOWS\tasks\SyncBackSE WDMyBook Bakup Group.job
C:\WINDOWS\tasks\SyncBackSE Zoot toWDMyBook Bakup.job
C:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0e0d45b7-55a6-4666-8064-9a6a164857b1}]
C:\WINDOWS\system32\lisabavo.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-05-26 1107224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2004-08-13 118842]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-02-28 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-23 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-02-28 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-02-28 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0BF43445-2F28-4351-9252-17FE6E806AA0}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-03-17 339968]
"SunKistEM"=C:\Program Files\eMachines Bay Reader\shwiconem.exe [2004-03-11 135168]
"Logitech Utility"=C:\WINDOWS\Logi_MwX.Exe [2003-12-17 19968]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2007-12-03 29744]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-03 208952]
"IMEKRMIG6.1"=C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE [2001-08-23 44032]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC []
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC []
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-06-01 7618560]
"nwiz"=nwiz.exe /install []
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2008-01-25 51048]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-08-13 122939]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-03-06 180269]
"Adobe Photo Downloader"=D:\Program Files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe [2007-02-06 61440]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"Symantec PIF AlertEng"=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe [2007-11-28 583048]
"WD Drive Manager"=C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe [2008-01-30 438272]
"NvMediaCenter"=NvMCTray.dll,NvTaskbarInit []
"StatusClient 2.6"=C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe [2004-02-11 61440]
"TomcatStartup 2.5"=C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe [2004-02-12 163840]
"HP Software Update"=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [2004-01-07 49152]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-04-15 77824]
"Samsung PanelMgr"=C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe [2008-08-14 536576]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]
"iTunesHelper"=D:\Program Files\iTunes\iTunesHelper.exe [2009-01-06 290088]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-02-28 136600]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-05-26 1947928]
"buyijuvuju"=C:\WINDOWS\system32\luseyiko.dll,s []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"CardScan AutoSync"=D:\Program Files\CardScan\CardScan\System\csynccfg.exe [2007-08-14 177400]
"Google Update"=C:\Documents and Settings\Administrator.ATHLON-T6524\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 133104]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2007-12-13 1688872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [2008-11-17 2356088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChikkaDefault]
C:\PROGRA~1\CHIKKA~2\CHIKKA~1.4\ChikkaLauncher.exe [2007-08-28 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2007-01-19 4670968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AVGEMS"=2
"Avg7UpdSvc"=2
"Avg7Alrt"=2
"Norton Ghost"=2
"ccSetMgr"=2
"ccPwdSvc"=3
"ccEvtMgr"=2
"CCALib8"=2
"Bonjour Service"=2
"AcrSch2Svc"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Acrobat Assistant.lnk - D:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Google Calendar Sync.lnk - D:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
Instant Wireless Configuration Utility.lnk - D:\Program Files\Linksys\WUSB11 v25 Config Utility\WUSB11Cfg.exe
Wireless PCI Card Configuration Utility.lnk - C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe

C:\Documents and Settings\Administrator.ATHLON-T6524\Start Menu\Programs\Startup
SyncBackSE.lnk - D:\Program Files\2BrightSparks\SyncBackSE\SyncBackSE.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL C:\WINDOWS\system32\foremeso.dll "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-03-15 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-05-26 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-04-10 144688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-04 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
relog_ap
"notification packages"=scecli
wogmwve2.dll
C:\WINDOWS\system32\foremeso.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableCAD"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\usmt\migwiz.exe"="C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard"
"C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe"="C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe:*:Enabled:Dreamweaver MX 2004"
"C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe"="C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe:*:Disabled:javaw"
"C:\Program Files\vbuzzer\VBuzzer.exe"="C:\Program Files\vbuzzer\VBuzzer.exe:*:Enabled:VBuzzer"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Pinnacle\Studio 11\programs\studio.exe"="C:\Program Files\Pinnacle\Studio 11\programs\studio.exe:*:Enabled:Studio program file"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Temp\ipswitch\WS_FTP95.exe"="C:\Temp\ipswitch\WS_FTP95.exe:*:Enabled:WS_FTP 95"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"D:\Temp\ipswitch\WS_FTP95.exe"="D:\Temp\ipswitch\WS_FTP95.exe:*:Enabled:WS_FTP 95"
"D:\Program Files\iTunes\iTunes.exe"="D:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
"C:\Documents and Settings\mcr\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll"="C:\Documents and Settings\mcr\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin"
"C:\Documents and Settings\mcr\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe"="C:\Documents and Settings\mcr\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe"="C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe:*:Enabled:WDBtnMgrUI"
"C:\Program Files\Avira\AntiVir Desktop\avgnt.exe"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe:*:Enabled:avgnt"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:rundll32"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\WINDOWS\system32\HPBPRO.EXE"="C:\WINDOWS\system32\HPBPRO.EXE:*:Enabled:HPBPRO"
"D:\Program Files\Linksys\WUSB11 v25 Config Utility\WUSB11Cfg.exe"="D:\Program Files\Linksys\WUSB11 v25 Config Utility\WUSB11Cfg.exe:*:Enabled:WUSB11Cfg"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YPager.exe"="C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe"="C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe:*:Enabled:Dreamweaver MX 2004"
"C:\Program Files\vbuzzer\VBuzzer.exe"="C:\Program Files\vbuzzer\VBuzzer.exe:*:Enabled:VBuzzer"
"C:\Temp\Sipura SPA 3000\spa3k-2.0.13g\spa3k-02-00-13-GW-g.exe"="C:\Temp\Sipura SPA 3000\spa3k-2.0.13g\spa3k-02-00-13-GW-g.exe:*:Enabled:spa3k-02-00-13-GW-g"
"C:\WINDOWS\system32\msiexec.exe"="C:\WINDOWS\system32\msiexec.exe:*:Enabled:Windows® installer"
"C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe"="C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe:*:Enabled:javaw"
"C:\Program Files\Pinnacle\Studio 10\programs\RM.exe"="C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe"="C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\Program Files\Pinnacle\Studio 10\programs\umi.exe"="C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:*:Enabled:umi"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe"="C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:nsu_ui_client"
"C:\Program Files\Common Files\Nokia\Service Layer\nsl_host_process.exe"="C:\Program Files\Common Files\Nokia\Service Layer\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\Temp\ipswitch\WS_FTP95.exe"="C:\Temp\ipswitch\WS_FTP95.exe:*:Enabled:WS_FTP 95"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe"="C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe:*:Enabled:Menu"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\WINDOWS\LMI464.tmp\rescue.exe"="C:\WINDOWS\LMI464.tmp\rescue.exe:*:Enabled:LogMeIn Rescue"
"C:\Program Files\Pinnacle\Studio 11\programs\RM.exe"="C:\Program Files\Pinnacle\Studio 11\programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe"="C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\Program Files\Pinnacle\Studio 11\programs\umi.exe"="C:\Program Files\Pinnacle\Studio 11\programs\umi.exe:*:Enabled:umi"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"D:\Program Files\X-PRO\X-PRO.exe"="D:\Program Files\X-PRO\X-PRO.exe:*:Enabled:X-PRO"
"D:\Program Files\CounterPath\X-Lite\x-lite.exe"="D:\Program Files\CounterPath\X-Lite\x-lite.exe:*:Enabled:X-Lite"
"D:\Program Files\iTunes\iTunes.exe"="D:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

======File associations======

.txt - open -

======List of files/folders created in the last 3 months======

2009-05-29 19:01:53 ----D---- C:\Program Files\trend micro
2009-05-29 19:01:46 ----D---- C:\rsit
2009-05-29 04:14:25 ----SH---- C:\WINDOWS\system32\zotereve.exe
2009-05-27 07:18:09 ----D---- C:\VundoFix Backups
2009-05-27 07:18:09 ----A---- C:\VundoFix.txt
2009-05-26 16:24:57 ----D---- C:\Program Files\WinDirStat
2009-05-26 15:54:53 ----D---- C:\Documents and Settings\Administrator.ATHLON-T6524\Application Data\foobar2000
2009-05-26 15:54:22 ----D---- C:\Program Files\foobar2000
2009-05-26 12:38:12 ----HD---- C:\$AVG8.VAULT$
2009-05-26 08:29:22 ----D---- C:\Documents and Settings\Administrator.ATHLON-T6524\Application Data\Malwarebytes
2009-05-26 07:51:26 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-05-26 07:50:50 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-05-26 07:43:45 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-05-25 09:23:36 ----D---- C:\TEMP Downloads
2009-05-25 08:22:48 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-05-23 16:43:26 ----SH---- C:\WINDOWS\system32\ivahejen.ini
2009-05-10 14:41:31 ----RD---- C:\My Documents
2009-05-09 22:08:18 ----SH---- C:\WINDOWS\system32\atomivir.ini
2009-05-08 22:01:43 ----SH---- C:\WINDOWS\system32\upiyedef.ini
2009-05-08 10:01:44 ----SH---- C:\WINDOWS\system32\odisufop.ini
2009-05-07 10:00:48 ----SH---- C:\WINDOWS\system32\oyepular.ini
2009-05-06 22:00:24 ----SH---- C:\WINDOWS\system32\azuteyub.ini
2009-05-04 21:59:19 ----SH---- C:\WINDOWS\system32\ayolozaj.ini
2009-05-02 17:57:47 ----D---- C:\Documents and Settings\All Users\Application Data\PMB Files
2009-05-02 17:56:53 ----D---- C:\Program Files\Pando Networks
2009-05-01 18:32:48 ----A---- C:\WINDOWS\system32\msexcr.ini
2009-04-30 21:49:47 ----D---- C:\Program Files\ConvertHelper
2009-04-29 00:48:39 ----D---- C:\Dell
2009-04-27 07:24:41 ----SH---- C:\WINDOWS\system32\erogadag.ini
2009-04-26 12:14:54 ----SH---- C:\WINDOWS\system32\owazihut.ini
2009-04-26 00:14:24 ----SH---- C:\WINDOWS\system32\ivehihaw.ini
2009-04-25 12:14:46 ----SH---- C:\WINDOWS\system32\havabeve.exe
2009-04-25 00:13:34 ----SH---- C:\WINDOWS\system32\ukalubuv.ini
2009-04-24 12:13:30 ----SH---- C:\WINDOWS\system32\idiyutoj.ini
2009-04-24 00:13:17 ----SH---- C:\WINDOWS\system32\ijiveruj.ini
2009-04-22 12:12:09 ----D---- C:\Documents and Settings\All Users\Application Data\dowuporu
2009-04-22 12:12:07 ----D---- C:\Documents and Settings\All Users\Application Data\vebotihu
2009-04-22 12:12:07 ----D---- C:\Documents and Settings\All Users\Application Data\jahozawa
2009-04-22 00:11:57 ----D---- C:\Documents and Settings\All Users\Application Data\nadihale
2009-04-22 00:11:56 ----D---- C:\Documents and Settings\All Users\Application Data\nugojuwo
2009-04-22 00:11:56 ----D---- C:\Documents and Settings\All Users\Application Data\bepiwitu
2009-04-21 12:12:03 ----SH---- C:\WINDOWS\system32\ewahuruk.ini
2009-04-21 00:12:52 ----SH---- C:\WINDOWS\system32\rizipiru.exe
2009-04-21 00:12:32 ----SH---- C:\WINDOWS\system32\rewapabi.dll
2009-04-21 00:12:32 ----SH---- C:\WINDOWS\system32\jozeyeki.dll
2009-04-20 12:11:15 ----SH---- C:\WINDOWS\system32\urugulud.ini
2009-04-20 00:10:50 ----SH---- C:\WINDOWS\system32\ubozatom.ini
2009-04-19 12:10:32 ----SH---- C:\WINDOWS\system32\inezezod.ini
2009-04-19 00:10:08 ----SH---- C:\WINDOWS\system32\ubawabon.ini
2009-04-18 23:31:08 ----A---- C:\WINDOWS\IE4 Error Log.txt
2009-04-18 12:10:09 ----SH---- C:\WINDOWS\system32\anaviluv.ini
2009-04-18 00:15:10 ----D---- C:\My Downloads
2009-04-18 00:10:22 ----SH---- C:\WINDOWS\system32\ubofutad.ini
2009-04-17 03:02:22 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-04-17 03:02:14 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-04-17 03:01:58 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-04-17 03:01:41 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-04-17 03:01:30 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-04-17 03:01:15 ----HDC---- C:\WINDOWS\$NtUninstallKB963027$
2009-04-17 03:00:59 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-04-05 03:01:53 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2009-04-05 03:01:22 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
2009-04-05 03:01:18 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2009-04-05 03:01:09 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2009-04-04 10:25:10 ----HDC---- C:\WINDOWS\$NtUninstallKB926239$
2009-04-04 10:24:02 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-04-04 10:24:00 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2009-04-04 10:23:01 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2009-04-01 16:07:41 ----D---- C:\Alice
2009-03-28 18:02:22 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-03-28 18:02:13 ----D---- C:\Program Files\Oberon Media
2009-03-28 18:02:13 ----D---- C:\Program Files\MSN Games
2009-03-26 03:00:28 ----D---- C:\WINDOWS\system32\KB905474
2009-03-23 08:47:44 ----D---- C:\Program Files\Avira
2009-03-13 21:34:13 ----D---- C:\Documents and Settings\All Users\Application Data\Electronic Arts
2009-03-13 19:28:58 ----D---- C:\ProgramData
2009-03-13 19:20:57 ----D---- C:\Program Files\Electronic Arts
2009-03-13 17:31:17 ----D---- C:\Program Files\Bonjour
2009-03-11 03:01:03 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-03-11 03:00:59 ----A---- C:\WINDOWS\imsins.BAK
2009-03-11 03:00:54 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-03-04 09:02:40 ----D---- C:\Program Files\CCleaner
2009-03-03 16:25:11 ----A---- C:\WINDOWS\LOGO.INI
2009-03-03 16:19:04 ----D---- C:\Program Files\Softronics

======List of files/folders modified in the last 3 months======

2009-05-29 19:02:09 ----D---- C:\WINDOWS\Prefetch
2009-05-29 19:01:53 ----RD---- C:\Program Files
2009-05-29 18:39:19 ----D---- C:\Program Files\Mozilla Firefox
2009-05-29 17:49:44 ----D---- C:\WINDOWS\Temp
2009-05-29 11:08:11 ----SD---- C:\WINDOWS\Tasks
2009-05-29 10:16:16 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-05-29 07:55:18 ----SHD---- C:\WINDOWS\Installer
2009-05-29 07:55:15 ----SHD---- C:\Config.Msi
2009-05-29 07:54:08 ----D---- C:\WINDOWS\system32\inetsrv
2009-05-29 04:50:56 ----D---- C:\WINDOWS\system32
2009-05-28 14:33:29 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-05-27 08:23:26 ----SHD---- C:\System Volume Information
2009-05-27 08:23:02 ----D---- C:\WINDOWS\repair
2009-05-27 08:22:45 ----D---- C:\WINDOWS\Registration
2009-05-26 18:45:07 ----D---- C:\WINDOWS
2009-05-26 16:53:03 ----D---- C:\WINDOWS\system32\CatRoot2
2009-05-26 13:47:35 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-05-26 12:00:38 ----HD---- C:\WINDOWS\system32\drivers
2009-05-26 08:27:40 ----SHD---- C:\WINDOWS\CSC
2009-05-26 07:50:51 ----D---- C:\Program Files\AVG
2009-05-24 15:40:05 ----D---- C:\Legacy
2009-05-23 14:39:09 ----D---- C:\Program Files\Google
2009-05-12 07:45:30 ----SHD---- C:\RECYCLER
2009-05-09 22:38:08 ----HD---- C:\WINDOWS\inf
2009-05-06 20:00:37 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-04-30 22:24:06 ----A---- C:\WINDOWS\NeroDigital.ini
2009-04-26 13:47:56 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-04-21 22:01:06 ----D---- C:\WINDOWS\system32\FxsTmp
2009-04-21 22:01:06 ----D---- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.3 Output
2009-04-17 17:58:04 ----D---- C:\Documents and Settings\Administrator.ATHLON-T6524\Application Data\Macromedia
2009-04-17 03:09:23 ----D---- C:\WINDOWS\system32\wbem
2009-04-17 03:09:23 ----D---- C:\WINDOWS\AppPatch
2009-04-17 03:02:26 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-04-17 03:01:49 ----HD---- C:\WINDOWS\$hf_mig$
2009-04-17 03:01:21 ----D---- C:\Program Files\Internet Explorer
2009-04-16 21:45:57 ----D---- C:\WINDOWS\system32\appmgmt
2009-04-10 16:51:18 ----A---- C:\WINDOWS\win.ini
2009-04-09 22:53:02 ----D---- C:\WINDOWS\system32\NtmsData
2009-04-06 16:07:47 ----D---- C:\Program Files\Scratch
2009-04-05 11:19:38 ----D---- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2009-04-05 03:04:27 ----D---- C:\WINDOWS\system32\CatRoot
2009-04-04 10:23:23 ----D---- C:\Program Files\Windows Media Connect 2
2009-04-04 10:23:20 ----D---- C:\Program Files\Windows Media Player
2009-04-04 10:23:13 ----D---- C:\WINDOWS\Help
2009-03-28 18:02:13 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-03-25 07:43:20 ----D---- C:\Documents and Settings\Administrator.ATHLON-T6524\Application Data\Adobe
2009-03-23 08:46:36 ----D---- C:\WINDOWS\WinSxS
2009-03-21 10:18:57 ----A---- C:\WINDOWS\system32\kernel32.dll
2009-03-19 20:58:03 ----D---- C:\WINDOWS\Debug
2009-03-19 16:21:08 ----D---- C:\Program Files\StepMania
2009-03-16 19:38:21 ----D---- C:\Program Files\Microsoft Silverlight
2009-03-13 19:29:05 ----HD---- C:\Program Files\Installshield Installation Information
2009-03-06 19:10:16 ----D---- C:\WINDOWS\Minidump
2009-03-06 10:44:35 ----A---- C:\WINDOWS\system32\pdh.dll
2009-03-02 19:52:18 ----A---- C:\WINDOWS\system32\shdocvw.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-05-26 325896]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-05-26 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-05-26 108552]
R1 NCPro;NCPro; C:\WINDOWS\system32\drivers\MTictwl.sys [2005-10-21 13396]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
R1 V2IMount;V2IMount; C:\WINDOWS\system32\drivers\V2IMount.sys [2007-04-10 56192]
R2 DgiVecp;DgiVecp; \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys []
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-08-13 40544]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-08-13 25723]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-08-13 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-08-13 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-08-13 2239]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-08-13 86202]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-08-13 14715]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-08-13 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-08-13 98714]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-08-13 100603]
R2 tifsfilter;Acronis TrueImage FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2005-12-30 30688]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-04-19 2317504]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-03-15 1032192]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2007-01-04 171520]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 PCANDIS5;PCANDIS5 Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2004-04-01 10368]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 vaxscsi;vaxscsi; C:\WINDOWS\System32\Drivers\vaxscsi.sys [2007-09-18 223128]
S2 SSPORT;SSPORT; \??\C:\WINDOWS\system32\Drivers\SSPORT.sys []
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2004-08-04 48128]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2004-08-04 38912]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 Dot4;MS IEEE-1284.4 Driver; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2004-08-03 207360]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 dot4ufd;HP Dot4usb Filter; C:\WINDOWS\system32\DRIVERS\hppaufd0.sys [2003-07-21 16800]
S3 GVCplDrv;GVCplDrv; C:\WINDOWS\system32\drivers\GVCplDrv.sys [2004-05-02 23040]
S3 GVTDrv;GVTDrv; \??\C:\WINDOWS\system32\Drivers\GVTDrv.sys []
S3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-23 9600]
S3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-06-17 1041536]
S3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2004-06-17 220032]
S3 L8042pr2;Logitech PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042pr2.Sys [2003-12-17 51729]
S3 LHidFlt2;Logitech HID/USB Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys [2003-12-17 25505]
S3 LHidUsb;Logitech USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsb.Sys [2003-12-17 37887]
S3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys [2003-12-17 70801]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-05-11 41888]
S3 LVUVC;Logitech QuickCam Pro 5000(UVC); C:\WINDOWS\system32\DRIVERS\lvuvc.sys [2007-05-11 3580832]
S3 MagicTune;MagicTune; C:\WINDOWS\system32\drivers\MTiCtwl.sys [2005-10-21 13396]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12160]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2004-08-04 51328]
S3 msloop;Microsoft Loopback Adapter Driver; C:\WINDOWS\system32\DRIVERS\loop.sys [2001-08-23 4992]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2004-08-03 40320]
S3 Nokia USB Generic;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2006-05-29 8704]
S3 Nokia USB Modem;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2006-05-29 13312]
S3 Nokia USB Phone Parent;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2006-05-29 127488]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-06-28 42512]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-06-01 3925920]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 SunkFilt;Alcor Micro Corp - 9360; \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys []
S3 SunkFilt39;Alcor Micro Corp - 3239; \??\C:\WINDOWS\System32\Drivers\sunkfilt39.sys []
S3 Sunkfiltp;HP && Alcor Micro Corp for Phison; \??\C:\WINDOWS\System32\Drivers\sunkfiltp.sys []
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 VPROEVENTMONITOR;VPROEVENTMONITOR; \??\C:\WINDOWS\system32\drivers\VProEventMonitor.sys []
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\WINDOWS\system32\DRIVERS\wdcsam.sys [2007-10-01 11520]
S3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-06-17 685056]
S3 WMP11V27;Instant Wireless PCI Card V2.7 Driver; C:\WINDOWS\system32\DRIVERS\WMP11V27.sys [2002-07-30 171776]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 WUSB11;Instant Wireless USB Network Adapter ver.2.5 Driver; C:\WINDOWS\system32\DRIVERS\LSWLUSB.sys [2002-03-30 50048]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeActiveFileMonitor5.0;Adobe Active File Monitor V5; D:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [2006-09-14 102400]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-26 132424]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-03-15 352256]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [2008-02-09 238968]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-05-26 298776]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 GEARSecurity;GEARSecurity; C:\WINDOWS\System32\GEARSec.exe [2005-09-09 53248]
R2 IISADMIN;IIS Admin; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 15872]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-02-28 152984]
R2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe [2007-11-28 583048]
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP); C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 15872]
R2 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2008-05-11 1245064]
R2 W3SVC;World Wide Web Publishing; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 15872]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service; C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [2008-01-30 106496]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-01-06 536872]
R3 ServiceLayer;ServiceLayer; C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe [2006-06-05 174080]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
S2 gupdate1c8809a5b13dc2a;Google Update Service (gupdate1c8809a5b13dc2a); C:\Program Files\Google\Update\GoogleUpdate.exe [2008-09-02 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-23 183280]
S2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-01-25 149864]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-06-01 155715]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2005-12-30 68096]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-02-14 658432]
S3 GoogleDesktopManager-093007-112848;Google Desktop Manager 5.5.709.30344; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2007-12-03 29744]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 LiveUpdate;LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE [2008-02-09 3220856]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-10-22 65536]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-06-28 92792]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S4 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2005-11-28 172032]
S4 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2005-06-02 86606]
S4 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-01-25 149864]
S4 ccPwdSvc;Symantec Password Validation; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2004-12-13 79472]
S4 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-01-25 149864]
S4 Norton Ghost;Norton Ghost; C:\Program Files\Norton Ghost\Agent\VProSvc.exe [2007-04-10 2066024]

-----------------EOF-----------------

Scan statistics
Files scanned 372939
Threat name 3
Infected objects 5
Suspicious objects 3
Duration of the scan 07:15:23

File name Threat name Threats count
C:\Documents and Settings\administrator\Local Settings\Application Data\Microsoft\Outlook\Outlmirabello@gmail.com-0000000a.pst Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Documents and Settings\administrator\My Documents\_Personal\_Archive\Outlook ARCHIVE Files\outlookArchive2007.pst Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Documents and Settings\Administrator.ATHLON-T6524\Local Settings\Application Data\Microsoft\Outlook\Outlmirano353@hotmail.com-00000005.pst Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Documents and Settings\mbira\Local Settings\Application Data\Identities\{FD22C496-3A8D-4F1A-A430-743101510478}\Microsoft\Outlook Express\BethRamsey - Inbox.dbx Infected: Trojan-Spy.HTML.Bayfraud.ib 1
C:\Documents and Settings\mbira\Local Settings\Application Data\Identities\{FD22C496-3A8D-4F1A-A430-743101510478}\Microsoft\Outlook Express\Hotmail - Inbox.dbx Infected: Email-Worm.Win32.Nyxem.e 4
The selected area was scanned.

#4 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:36 AM

Posted 30 May 2009 - 08:10 AM

Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Instruction can be found HERE
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a new HJT log.
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#5 MIRABELLO

MIRABELLO
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:36 AM

Posted 30 May 2009 - 03:22 PM

Hi TheWall...

Here's the log from Combofix.exe:


ComboFix 09-05-30.03 - Administrator 05/30/2009 15:25.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1406.757 [GMT -4:00]
Running from: c:\documents and settings\Administrator.ATHLON-T6524\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Norton AntiVirus *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\IE4 Error Log.txt
c:\windows\system32\anaviluv.ini
c:\windows\system32\atomivir.ini
c:\windows\system32\ayolozaj.ini
c:\windows\system32\azuteyub.ini
c:\windows\system32\Cache
c:\windows\system32\erogadag.ini
c:\windows\system32\ewahuruk.ini
c:\windows\system32\havabeve.exe
c:\windows\system32\idiyutoj.ini
c:\windows\system32\ijiveruj.ini
c:\windows\system32\inezezod.ini
c:\windows\system32\ivahejen.ini
c:\windows\system32\ivehihaw.ini
c:\windows\system32\jozeyeki.dll
c:\windows\system32\odisufop.ini
c:\windows\system32\owazihut.ini
c:\windows\system32\oyepular.ini
c:\windows\system32\rewapabi.dll
c:\windows\system32\rizipiru.exe
c:\windows\system32\ubawabon.ini
c:\windows\system32\ubofutad.ini
c:\windows\system32\ubozatom.ini
c:\windows\system32\ukalubuv.ini
c:\windows\system32\upiyedef.ini
c:\windows\system32\urugulud.ini
c:\windows\system32\zotereve.exe

.
((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-30 )))))))))))))))))))))))))))))))
.

2009-05-29 23:01 . 2009-05-29 23:32 -------- d-----w c:\program files\trend micro
2009-05-29 23:01 . 2009-05-29 23:32 -------- d-----w C:\rsit
2009-05-27 11:18 . 2009-05-27 11:18 -------- d-----w C:\VundoFix Backups
2009-05-26 22:39 . 2009-05-26 22:39 -------- d-----w c:\documents and settings\mcr\Application Data\Malwarebytes
2009-05-26 20:24 . 2009-05-26 20:24 -------- d-----w c:\program files\WinDirStat
2009-05-26 19:54 . 2009-05-26 22:38 -------- d-----w c:\documents and settings\Administrator.ATHLON-T6524\Application Data\foobar2000
2009-05-26 19:54 . 2009-05-26 19:54 -------- d-----w c:\program files\foobar2000
2009-05-26 16:38 . 2009-05-30 15:51 -------- d--h--w C:\$AVG8.VAULT$
2009-05-26 12:29 . 2009-05-26 12:29 -------- d-----w c:\documents and settings\Administrator.ATHLON-T6524\Application Data\Malwarebytes
2009-05-26 11:52 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-26 11:52 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 11:51 . 2009-05-26 11:51 11952 ----a-w c:\windows\system32\avgrsstx.dll
2009-05-26 11:51 . 2009-05-26 11:51 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-05-26 11:51 . 2009-05-26 11:51 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-05-26 11:51 . 2009-05-26 11:51 27784 ----a-w c:\windows\system32\drivers\avgmfx86.sys
2009-05-26 11:51 . 2009-05-30 12:16 -------- d-----w c:\windows\system32\drivers\Avg
2009-05-26 11:50 . 2009-05-30 19:15 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-05-26 11:43 . 2009-05-26 11:43 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-25 13:23 . 2009-05-25 13:24 -------- d-----w C:\TEMP Downloads
2009-05-25 12:22 . 2009-05-26 11:58 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-10 18:41 . 2009-05-15 00:50 -------- d-----r C:\My Documents
2009-05-06 02:48 . 2009-05-06 02:48 -------- d-----w c:\documents and settings\mcr\Local Settings\Application Data\Ahead
2009-05-03 01:06 . 2009-05-03 01:06 10134 ----a-r c:\documents and settings\mcr\Application Data\Microsoft\Installer\{8BF863F9-7739-4DA4-B40A-2AD76D571B82}\ARPPRODUCTICON.exe
2009-05-02 22:52 . 2009-05-03 01:06 45056 ----a-r c:\documents and settings\mcr\Application Data\Microsoft\Installer\{8BF863F9-7739-4DA4-B40A-2AD76D571B82}\MapleStory.exe1_DB457427E7B9425292170DC5FADE980F.exe
2009-05-02 22:52 . 2009-05-03 01:06 45056 ----a-r c:\documents and settings\mcr\Application Data\Microsoft\Installer\{8BF863F9-7739-4DA4-B40A-2AD76D571B82}\MapleStory.exe_DB457427E7B9425292170DC5FADE980F.exe
2009-05-02 21:58 . 2009-05-03 06:14 -------- d-----w c:\documents and settings\mcr\Local Settings\Application Data\PMB Files
2009-05-02 21:57 . 2009-05-02 21:58 -------- d-----w c:\documents and settings\All Users\Application Data\PMB Files
2009-05-02 21:56 . 2009-05-02 21:56 -------- d-----w c:\program files\Pando Networks
2009-05-01 04:28 . 2009-05-01 04:28 -------- d-----w c:\documents and settings\mcr\Local Settings\Application Data\IsolatedStorage
2009-05-01 01:49 . 2009-05-01 01:49 -------- d-----w c:\program files\ConvertHelper

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-30 15:17 . 2007-11-17 21:56 -------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-05-26 11:50 . 2008-05-11 21:32 -------- d-----w c:\program files\AVG
2009-05-25 21:50 . 2009-04-22 16:12 -------- d-----w c:\documents and settings\All Users\Application Data\jahozawa
2009-05-25 21:50 . 2009-04-22 04:11 -------- d-----w c:\documents and settings\All Users\Application Data\nadihale
2009-05-23 18:39 . 2006-01-03 18:20 -------- d-----w c:\program files\Google
2009-05-11 13:10 . 2009-03-13 23:20 -------- d-----w c:\program files\Electronic Arts
2009-05-07 11:57 . 2007-09-18 20:10 721904 ----a-w c:\windows\system32\drivers\sptd.sys
2009-04-29 04:53 . 2009-04-29 04:53 -------- d-----w c:\documents and settings\mcr\Application Data\Nero
2009-04-29 01:31 . 2007-10-26 18:11 2828 --sha-w c:\windows\system32\KGyGaAvL.sys
2009-04-28 09:07 . 2009-03-23 12:47 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-04-26 21:13 . 2009-04-22 16:12 -------- d-----w c:\documents and settings\All Users\Application Data\dowuporu
2009-04-26 21:13 . 2009-04-22 04:11 -------- d-----w c:\documents and settings\All Users\Application Data\bepiwitu
2009-04-25 14:16 . 2009-04-22 16:12 -------- d-----w c:\documents and settings\All Users\Application Data\vebotihu
2009-04-25 14:16 . 2009-04-22 04:11 -------- d-----w c:\documents and settings\All Users\Application Data\nugojuwo
2009-04-22 02:01 . 2007-12-14 16:41 -------- d-----w c:\documents and settings\All Users\Application Data\eFax Messenger 4.3 Output
2009-04-06 20:07 . 2008-12-18 01:39 -------- d-----w c:\program files\Scratch
2009-04-05 15:19 . 2006-01-08 17:59 -------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2009-04-04 14:23 . 2006-12-12 01:40 -------- d-----w c:\program files\Windows Media Connect 2
2009-03-24 22:33 . 2009-03-24 22:33 237264 ----a-w c:\documents and settings\mcr\Application Data\Mozilla\plugins\npgoogletalk.dll
2009-03-19 01:54 . 2009-03-19 01:54 16286 ----a-w c:\documents and settings\mcr\Application Data\Sun\Java\Deployment\cache\6.0\5\42c06805-7e80b35e-n\ShoddyHelper.dll
2009-03-13 23:28 . 2009-03-13 23:28 1216 ----a-w c:\windows\system32\ealregsnapshot1.reg
2009-03-06 14:44 . 2004-08-04 04:56 283648 ----a-w c:\windows\system32\pdh.dll
2007-12-03 21:38 . 2006-01-03 18:21 131584 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-03-24 18:16 . 2008-03-24 18:16 27976 ----a-w c:\program files\mozilla firefox\plugins\atgpcdec.dll
2008-03-24 18:16 . 2008-03-24 18:16 125840 ----a-w c:\program files\mozilla firefox\plugins\atgpcext.dll
2008-03-24 18:16 . 2008-03-24 18:16 98704 ----a-w c:\program files\mozilla firefox\plugins\ieatgpc.dll
2008-03-24 18:16 . 2008-03-24 18:16 91464 ----a-w c:\program files\mozilla firefox\plugins\mwmcli.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"CardScan AutoSync"="d:\program files\CardScan\CardScan\System\csynccfg.exe" [2007-08-14 177400]
"Google Update"="c:\documents and settings\Administrator.ATHLON-T6524\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-02 133104]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 1688872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-18 339968]
"SunKistEM"="c:\program files\eMachines Bay Reader\shwiconem.exe" [2004-03-11 135168]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-12-03 29744]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2001-08-23 44032]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-01 7618560]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-01-26 51048]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-03-06 180269]
"Adobe Photo Downloader"="d:\program files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe" [2007-02-06 61440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" [2007-11-29 583048]
"WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-01-30 438272]
"StatusClient 2.6"="c:\program files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe" [2004-02-11 61440]
"TomcatStartup 2.5"="c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-02-12 163840]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-01-07 49152]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2008-08-15 536576]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-01 136600]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-26 1947928]
"Logitech Utility"="Logi_MwX.Exe" - c:\windows\LOGI_MWX.EXE [2003-12-17 19968]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-06-01 1519616]
"NvMediaCenter"="NvMCTray.dll" - c:\windows\system32\nvmctray.dll [2006-06-01 86016]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-04-15 77824]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]
"WUAppSetup"="c:\program files\Common Files\logishrd\WUApp32.exe" [2007-05-11 441120]

c:\documents and settings\administrator\Start Menu\Programs\Startup\
SyncBackSE.lnk - d:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2006-12-7 6206720]

c:\documents and settings\Administrator.ATHLON-T6524\Start Menu\Programs\Startup\
SyncBackSE.lnk - d:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2006-12-7 6206720]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - d:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2008-2-29 49254]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-26 11:51 11952 ----a-w c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AVGEMS"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"Norton Ghost"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"CCALib8"=2 (0x2)
"Bonjour Service"=2 (0x2)
"AcrSch2Svc"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CardScan AutoSync"="d:\program files\CardScan\CardScan\System\csynccfg.exe" /background
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
"GoToMeeting"=c:\program files\Citrix\GoToMeeting\198\g2mstart.exe "/Trigger RunAtLogon"
"vbuzzer"=c:\program files\vbuzzer\vbuzzer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TrueImageMonitor.exe"=c:\program files\Acronis\TrueImage\TrueImageMonitor.exe
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe"
"eBayToolbar"=c:\program files\eBay\eBay Toolbar2\eBayTBDaemon.exe
"eFax 4.1"="c:\program files\eFax Messenger 4.1\J2GDllCmd.exe" /R
"StatusClient 2.6"=c:\program files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
"TomcatStartup 2.5"=c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"eFax 4.2"="c:\program files\eFax Messenger 4.2\J2GDllCmd.exe" /R
"VGAUtil"=c:\program files\GigaByte\VGA Utility Manager\G-VGA.exe
"Norton Ghost 10.0"="c:\program files\Norton Ghost\Agent\GhostTray.exe"
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"CardScanAgent"="d:\program files\CardScan\CardScan\CardScanAgent.exe"
"PCSuiteTrayApplication"=c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"eFax 4.3"="c:\program files\eFax Messenger 4.3\J2GDllCmd.exe" /R
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\vbuzzer\\VBuzzer.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\studio.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Documents and Settings\\mcr\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\mcr\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Western Digital\\WD Drive Manager\\WDBtnMgrUI.exe"=
"c:\\WINDOWS\\system32\\HPBPRO.EXE"=
"d:\\Program Files\\Linksys\\WUSB11 v25 Config Utility\\WUSB11Cfg.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56085:TCP"= 56085:TCP:Pando Media Booster
"56085:UDP"= 56085:UDP:Pando Media Booster

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/26/2009 7:51 AM 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/26/2009 7:51 AM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [5/26/2009 7:50 AM 298776]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [1/30/2008 4:52 AM 106496]
S2 gupdate1c8809a5b13dc2a;Google Update Service (gupdate1c8809a5b13dc2a);c:\program files\Google\Update\GoogleUpdate.exe [9/2/2008 1:20 PM 133104]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 GoogleDesktopManager-093007-112848;Google Desktop Manager 5.5.709.30344;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [1/3/2006 2:20 PM 29744]
S3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [1/5/2007 11:54 AM 19039]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6/28/2007 8:01 PM 42512]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [6/22/2008 2:25 PM 11520]
S3 WMP11V27;Instant Wireless PCI Card V2.7 Driver;c:\windows\system32\drivers\WMP11V27.sys [9/9/2008 7:00 PM 171776]
S3 WUSB11;Instant Wireless USB Network Adapter ver.2.5 Driver;c:\windows\system32\drivers\LSWLUSB.sys [11/13/2006 10:49 AM 50048]
S4 Aearlaat;Aearlaat; [x]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{BD8F264D-1BB5-5F0C-8A17-EFBA6D629116}]
c:\windows\system32\drivers\svchost.exe s
.
Contents of the 'Scheduled Tasks' folder

2009-05-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 20:42]

2009-05-30 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2006-12-24 23:41]

2009-05-30 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-09-02 17:20]

2009-05-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-725345543-839522115-1006.job
- c:\documents and settings\mcr\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-19 20:22]

2009-05-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-725345543-839522115-500.job
- c:\documents and settings\Administrator.ATHLON-T6524\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 17:29]

2009-05-24 c:\windows\Tasks\SyncBack Active Projects 2006.job
- c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2005-02-03 20:16]

2009-04-21 c:\windows\Tasks\SyncBackSE Active Projects 2006 toDVD Bakup.job
- d:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2006-12-07 22:59]

2009-04-21 c:\windows\Tasks\SyncBackSE My PIX Bakup.job
- d:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2006-12-07 22:59]

2009-04-21 c:\windows\Tasks\SyncBackSE MyMusic toWDMyBook Bakup.job
- d:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2006-12-07 22:59]

2009-04-21 c:\windows\Tasks\SyncBackSE MyMusic toWDMyBook Bakup2.job
- d:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2006-12-07 22:59]

2009-05-30 c:\windows\Tasks\SyncBackSE SCFAS Production Site Bakup.job
- d:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2006-12-07 22:59]

2009-05-30 c:\windows\Tasks\SyncBackSE scfasPROD2appdesitebak.job
- d:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2006-12-07 22:59]

2009-04-21 c:\windows\Tasks\SyncBackSE WDMyBook Bakup Group.job
- d:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2006-12-07 22:59]

2009-04-21 c:\windows\Tasks\SyncBackSE Zoot toWDMyBook Bakup.job
- d:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2006-12-07 22:59]

2009-05-30 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-03-26 02:18]
.
- - - - ORPHANS REMOVED - - - -

BHO-{0e0d45b7-55a6-4666-8064-9a6a164857b1} - c:\windows\system32\lisabavo.dll
HKLM-Run-MSPY2002 - c:\windows\system32\IME\PINTLGNT\ImScInst.exe
HKLM-Run-PHIME2002ASync - c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
HKLM-Run-PHIME2002A - c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
HKLM-Run-buyijuvuju - c:\windows\system32\luseyiko.dll
HKU-Default-Run-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe
HKU-Default-RunOnce-HP CLJ2550 Install - J:\hpinst.exe
SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = hxxp://plus.cnbc.com/player/main.do
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local;<local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {E638367A-3A2B-433F-BC32-004F548866AA} = 68.94.156.1,68.94.157.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Administrator.ATHLON-T6524\Application Data\Mozilla\Firefox\Profiles\bnl0vm3x.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\Administrator.ATHLON-T6524\Local Settings\Application Data\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npaxctrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: d:\program files\iTunes\Mozilla Plugins\npitunes.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-30 15:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
ATIPTA = c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe?= ATPITA???????????????????????????????????????????!??????????w??e???!?????????????3??w`?????????e?????????????g??w???????w??????????????!?????,??????Z??????????????!????????????????w???w????????M??]D??????w??e????????w????M??]???? ???=??Z????g??w???w???????wc??]????????????M??]M??]????????????????????????`???????4??w????????????????M??]????????????M??]???????w????????Z??w????*??w????M??]????????????????????????????M??]????????????????????????g??w0??w
SunKistEM = c:\program files\eMachines Bay Reader\shwiconem.exe?= MEtsiKnuS?= ATPITA???????????????????????????????????????????!??????????w??e???!?????????????3??w`?????????e?????????????g??w???????w??????????????!?????,??????Z??????????????!????????????????w???w????????M??]D??????w??e????????w????M??]???? ???=??Z????g??w???w???????wc??]????????????M??]M??]????????????????????????`???????4??w????????????????M??]????????????M??]???????w????????Z??w????*??w????M??]????????????????????????????M??]????????????????????????g??w0??w
Logitech Utility = Logi_MwX.Exe?= ytilitU hcetigoL?Reader\shwiconem.exe?= MEtsiKnuS?= ATPITA???????????????????????????????????????????!??????????w??e???!?????????????3??w`?????????e?????????????g??w???????w??????????????!?????,??????Z??????????????!????????????????w???w????????M??]D??????w??e????????w????M??]???? ???=??Z????g??w???w???????wc??]????????????M??]M??]????????????????????????`???????4??w????????????????M??]????????????M??]???????w????????Z??w????*??w????M??]????????????????????????????M??]????????????????????????g??w0??w
Google Desktop Search = "c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" /startup?= hcraeS potkseD elgooG??????????????????!??????????w??e???!?????????????3??w`?????????e?????????????g??w???????w??????????????!?????,??????Z??????????????!????????????????w???w????????M??]D??????w??e????????w????M??]???? ???=??Z????g??w???w???????wc??]????????????M??]M??]????????????????????????`???????4??w????????????????M??]????????????M??]???????w????????Z??w????*??w????M??]????????????????????????????M??]????????????????????????g??w0??w
IMJPMIG8.1 = "c:\windows\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32?= 1.8GIMPJMI?eS potkseD elgooG??????????????????!??????????w??e???!?????????????3??w`?????????e?????????????g??w???????w??????????????!?????,??????Z??????????????!????????????????w???w????????M??]D??????w??e????????w????M??]???? ???=??Z????g??w???w???????wc??]????????????M??]M??]????????????????????????`???????4??w????????????????M??]????????????M??]???????w????????Z??w????*??w????M??]????????????????????????????M??]????????????????????????g??w0??w
IMEKRMIG6.1 = c:\windows\ime\imkr6_1\IMEKRMIG.EXE?= 1.6GIMRKEMI?vDef /Migration32?= 1.8GIMPJMI?eS potkseD elgooG??????????????????!??????????w??e???!?????????????3??w`?????????e?????????????g??w???????w??????????????!?????,??????Z??????????????!????????????????w???w????????M??]D??????w??e????????w????M??]???? ???=??Z????g??w???w???????wc??]????????????M??]M??]????????????????????????`???????4??w????????????????M??]????????????M??]???????w????????Z??w????*??w????M??]????????????????????????????M??]????????????????????????g??w0??w
MSPY2002 = c:\windows\system32\IME\PINTLGNT\ImScInst.exe /SYNC?= 2002YPSM?on32?= 1.8GIMPJMI?eS potkseD elgooG??????????????????!??????????w??e???!?????????????3??w`?????????e?????????????g??w???????w??????????????!?????,??????Z??????????????!????????????????w???w????????M??]D??????w??e????????w????M??]???? ???=??Z????g??w???w???????wc??]????????????M??]M??]????????????????????????`???????4??w????????????????M??]????????????M??]???????w????????Z??w????*??w????M??]????????????????????????????M??]????????????????????????g??w0??w
PHIME2002ASync = c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC?= cnySA2002EMIHP? 1.8GIMPJMI?eS potkseD elgooG??????????????????!??????????w??e???!?????????????3??w`?????????e?????????????g??w???????w??????????????!?????,??????Z??????????????!????????????????w???w????????M??]D??????w??e????????w????M??]???? ???=??Z????g??w???w???????wc??]????????????M??]M??]????????????????????????`???????4??w????????????????M??]????????????M??]???????w????????Z??w????*??w????M??]????????????????????????????M??]????????????????????????g??w0??w
PHIME2002A = c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName?= A2002EMIHP?? 1.8GIMPJMI?eS potkseD elgooG??????????????????!??????????w??e???!?????????????3??w`?????????e?????????????g??w???????w??????????????!?????,??????Z??????????????!????????????????w???w????????M??]D??????w??e????????w????M??]???? ???=??Z????g??w???w???????wc??]????????????M??]M??]????????????????????????`???????4??w????????????????M??]????????????M??]???????w????????Z??w????*??w????M??]????????????????????????????M??]????????????????????????g??w0??w

scanning hidden files ...


c:\windows\system32\wbem\Performance\WmiApRpl_new.ini 924 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{05AC2CA4-9D93-32D8-AE673619A46BB764}\{B5C3A2C7-0F69-BCDD-BACA5675DFFD204D}\{69E387FB-63DC-7F36-9B03233CFCE1F807}*]
"S6KI1YERXJTIP3T5RVDI41UR2G1"=hex:01,00,01,00,00,00,00,00,26,ff,b1,c2,08,0b,50,
9e,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,11,8a,15,95,cf,
7e,ed,b0,e2,63,26,f1,3f,c8,ff,68,c2,e8,30,cc,e8,79,ef,f8,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5C082286-DD56-6B96-110FABAC317C22E3}\{17077DA0-F2D9-EF48-DBC13F521337D931}\{A783887F-564D-BBBA-662193019693FEBC}*]
"S6KI1YERXJTIP3T5RVDI41UR2G1"=hex:01,00,01,00,00,00,00,00,26,ff,b1,c2,08,0b,50,
9e,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:46,47,15,b0,92,4b,c7,ef,17,7f,80,f9,d3,
35,45,de,6a,9c,d6,61,af,45,84,18,25,26,b2,98,91,ae,7f,48,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{61A3D62A-E669-8B2B-95B7C505631D6590}\{1D71893B-0DD3-8FF9-31AA9E7B284EB027}\{CF9E2073-5E5A-1B13-96346A906352FBBE}*]
"S6KI1YERXJTIP3T5RVDI41UR2G1"=hex:01,00,01,00,00,00,00,00,26,ff,b1,c2,08,0b,50,
9e,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,11,5a,a0,10,4f,
c2,ca,ee,ff,7c,85,e0,43,d4,0e,fe,01,7b,73,a1,df,2a,83,bd,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,74,ba,3d,a8,d0,
6a,39,59,86,8c,21,01,be,91,eb,e7,d8,10,ae,4e,35,ed,db,e7,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,da,de,09,4b,c9,
67,97,4c,f5,1d,4d,73,a8,13,5c,05,61,8b,ed,89,8c,c3,b2,12,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,62,4a,4c,b2,32,
84,44,5d,df,20,58,62,78,6b,cf,c8,96,12,1a,39,51,e6,62,1b,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,37,d5,8d,92,ef,
b5,19,1a,fb,a7,78,e6,12,2f,9a,ea,cf,bd,09,63,df,d6,d1,37,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ADCDC452-5950-0BD6-5DEB640DBA321648}\{0A2FAA8F-EDBD-61CA-231081ECE2D6CFC4}\{38D3EADC-5C2C-A096-9079D739DE5BCFA9}*]
"S6KI1YERXJTIP3T5RVDI41UR2G1"=hex:01,00,01,00,00,00,00,00,26,ff,b1,c2,08,0b,50,
9e,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,58,00,5b,3f,bc,
44,88,cf,01,3a,48,fc,e8,04,4a,f1,ec,38,a6,da,bb,f4,2e,e9,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E24A3BE2-0E58-440D-C5291999CC5C5741}\{9EE83BBD-CDA7-8737-4BFE3ADA0C41BF51}\{12860FBF-70CB-D90A-D9669DC891BE38B3}*]
"S6KI1YERXJTIP3T5RVDI41UR2G1"=hex:01,00,01,00,00,00,00,00,26,ff,b1,c2,08,0b,50,
9e,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,46,b2,0d,ec,b5,
a3,dd,dd,f6,0f,4e,58,98,5b,89,c9,c4,bd,95,88,44,54,13,06,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,ce,c6,1a,54,71,
89,c1,43,3d,ce,ea,26,2d,45,aa,78,1b,5f,e0,0c,db,8f,87,42,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,ff,9d,f2,46,4f,
c7,b5,a4,2a,b7,cc,b5,b9,7f,41,e7,d0,08,db,73,c3,72,62,9f,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:05,73,21,dd,54,d8,4a,c5,32,e8,7d,41,2a,
30,5d,ba,6c,43,2d,1e,aa,22,2f,9c,19,c4,b1,24,2e,ea,4a,7f,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(780)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(836)
c:\windows\system32\relog_ap.dll

- - - - - - - > 'explorer.exe'(392)
c:\windows\system32\msi.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\system32\wmvcore.dll
c:\windows\system32\WMASF.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\hnetcfg.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\windows\system32\ConnAPI.DLL
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng-us.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
d:\program files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\gearsec.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\WgaTray.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\PCSuite\Services\ServiceLayer.exe
c:\program files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
c:\program files\iPod\bin\iPodService.exe
d:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe
d:\program files\Linksys\WUSB11 v25 Config Utility\WUSB11Cfg.exe
c:\program files\Linksys\WMP11 Config Utility\WMP11CFG.exe
.
**************************************************************************
.
Completion time: 2009-05-30 16:03 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-30 20:03

Pre-Run: 227,812,642,816 bytes free
Post-Run: 240,771,190,784 bytes free

Current=2 Default=2 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
447 --- E O F --- 2009-04-17 07:02

#6 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:36 AM

Posted 30 May 2009 - 05:07 PM

CF Script speech

Special ComboFix script made for this computer only

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs including TeaTimer if you have it so they do not interfere with the running of ComboFix. Instructions for doing so are located here

3. Open notepad and copy/paste the text in the quotebox below into it:

Folder::
c:\documents and settings\All Users\Application Data\jahozawa
c:\documents and settings\All Users\Application Data\nadihale
c:\documents and settings\All Users\Application Data\dowuporu
c:\documents and settings\All Users\Application Data\bepiwitu
c:\documents and settings\All Users\Application Data\vebotihu
c:\documents and settings\All Users\Application Data\nugojuwo
FixCSet::


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


I will also need a HJT log to go along with the ComboFix.txt.
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#7 MIRABELLO

MIRABELLO
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:36 AM

Posted 31 May 2009 - 08:16 AM

when you say you want another HJT log, does that mean you want me to run RSIT again? just want to make sure i'm doing the right thing.

many thanks, mirabello

#8 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:36 AM

Posted 31 May 2009 - 08:44 AM

If HJT is on your Desktop just run it. If not go ahead with RSIT. It's not a big deal either way so which ever one you can do will be OK since RSIT will include the HJT log.
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#9 MIRABELLO

MIRABELLO
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:36 AM

Posted 31 May 2009 - 08:51 AM

thanks, thewall;

The RSIT files are attached; here is the Combofix File. Many, many thanks:

ComboFix 09-05-30.04 - Administrator 05/31/2009 9:28.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1406.676 [GMT -4:00]
Running from: c:\documents and settings\Administrator.ATHLON-T6524\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator.ATHLON-T6524\Desktop\Vundo Fix Files\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Norton AntiVirus *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\bepiwitu
c:\documents and settings\All Users\Application Data\dowuporu
c:\documents and settings\All Users\Application Data\jahozawa
c:\documents and settings\All Users\Application Data\nadihale
c:\documents and settings\All Users\Application Data\nugojuwo
c:\documents and settings\All Users\Application Data\vebotihu

.
((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-31 )))))))))))))))))))))))))))))))
.

2009-05-29 23:01 . 2009-05-29 23:32 -------- d-----w- c:\program files\trend micro
2009-05-29 23:01 . 2009-05-29 23:32 -------- d-----w- C:\rsit
2009-05-27 11:18 . 2009-05-27 11:18 -------- d-----w- C:\VundoFix Backups
2009-05-26 22:39 . 2009-05-26 22:39 -------- d-----w- c:\documents and settings\mcr\Application Data\Malwarebytes
2009-05-26 20:24 . 2009-05-26 20:24 -------- d-----w- c:\program files\WinDirStat
2009-05-26 19:54 . 2009-05-26 22:38 -------- d-----w- c:\documents and settings\Administrator.ATHLON-T6524\Application Data\foobar2000
2009-05-26 19:54 . 2009-05-26 19:54 -------- d-----w- c:\program files\foobar2000
2009-05-26 16:38 . 2009-05-30 15:51 -------- d--h--w- C:\$AVG8.VAULT$
2009-05-26 12:29 . 2009-05-26 12:29 -------- d-----w- c:\documents and settings\Administrator.ATHLON-T6524\Application Data\Malwarebytes
2009-05-26 11:52 . 2009-04-06 19:32 15504 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-26 11:52 . 2009-04-06 19:32 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 11:51 . 2009-05-26 11:51 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-26 11:51 . 2009-05-26 11:51 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-26 11:51 . 2009-05-26 11:51 325896 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-05-26 11:51 . 2009-05-26 11:51 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-05-26 11:51 . 2009-05-31 13:35 -------- d-----w- c:\windows\system32\drivers\Avg
2009-05-26 11:50 . 2009-05-30 19:15 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-05-26 11:43 . 2009-05-26 11:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-25 13:23 . 2009-05-25 13:24 -------- d-----w- C:\TEMP Downloads
2009-05-25 12:22 . 2009-05-26 11:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-10 18:41 . 2009-05-15 00:50 -------- d-----r- C:\My Documents
2009-05-06 02:48 . 2009-05-06 02:48 -------- d-----w- c:\documents and settings\mcr\Local Settings\Application Data\Ahead
2009-05-03 01:06 . 2009-05-03 01:06 10134 ----a-r- c:\documents and settings\mcr\Application Data\Microsoft\Installer\{8BF863F9-7739-4DA4-B40A-2AD76D571B82}\ARPPRODUCTICON.exe
2009-05-02 22:52 . 2009-05-03 01:06 45056 ----a-r- c:\documents and settings\mcr\Application Data\Microsoft\Installer\{8BF863F9-7739-4DA4-B40A-2AD76D571B82}\MapleStory.exe1_DB457427E7B9425292170DC5FADE980F.exe
2009-05-02 22:52 . 2009-05-03 01:06 45056 ----a-r- c:\documents and settings\mcr\Application Data\Microsoft\Installer\{8BF863F9-7739-4DA4-B40A-2AD76D571B82}\MapleStory.exe_DB457427E7B9425292170DC5FADE980F.exe
2009-05-02 21:58 . 2009-05-03 06:14 -------- d-----w- c:\documents and settings\mcr\Local Settings\Application Data\PMB Files
2009-05-02 21:57 . 2009-05-02 21:58 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2009-05-02 21:56 . 2009-05-02 21:56 -------- d-----w- c:\program files\Pando Networks

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-30 15:17 . 2007-11-17 21:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-05-26 11:50 . 2008-05-11 21:32 -------- d-----w- c:\program files\AVG
2009-05-23 18:39 . 2006-01-03 18:20 -------- d-----w- c:\program files\Google
2009-05-11 13:10 . 2009-03-13 23:20 -------- d-----w- c:\program files\Electronic Arts
2009-05-07 11:57 . 2007-09-18 20:10 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-05-01 01:49 . 2009-05-01 01:49 -------- d-----w- c:\program files\ConvertHelper
2009-04-29 04:53 . 2009-04-29 04:53 -------- d-----w- c:\documents and settings\mcr\Application Data\Nero
2009-04-29 01:31 . 2007-10-26 18:11 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-04-28 09:07 . 2009-03-23 12:47 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-04-22 02:01 . 2007-12-14 16:41 -------- d-----w- c:\documents and settings\All Users\Application Data\eFax Messenger 4.3 Output
2009-04-06 20:07 . 2008-12-18 01:39 -------- d-----w- c:\program files\Scratch
2009-04-05 15:19 . 2006-01-08 17:59 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-04-04 14:23 . 2006-12-12 01:40 -------- d-----w- c:\program files\Windows Media Connect 2
2009-03-24 22:33 . 2009-03-24 22:33 237264 ----a-w- c:\documents and settings\mcr\Application Data\Mozilla\plugins\npgoogletalk.dll
2009-03-19 01:54 . 2009-03-19 01:54 16286 ----a-w- c:\documents and settings\mcr\Application Data\Sun\Java\Deployment\cache\6.0\5\42c06805-7e80b35e-n\ShoddyHelper.dll
2009-03-13 23:28 . 2009-03-13 23:28 1216 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2009-03-06 14:44 . 2004-08-04 04:56 283648 ----a-w- c:\windows\system32\pdh.dll
2007-12-03 21:38 . 2006-01-03 18:21 131584 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-03-24 18:16 . 2008-03-24 18:16 27976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2008-03-24 18:16 . 2008-03-24 18:16 125840 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2008-03-24 18:16 . 2008-03-24 18:16 98704 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
2008-03-24 18:16 . 2008-03-24 18:16 91464 ----a-w- c:\program files\mozilla firefox\plugins\mwmcli.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-05-30_19.56.50 )))))))))))))))))))))))))))))))))))))))))
.
- 2001-08-23 15:00 . 2009-05-30 19:57 82278 c:\windows\system32\perfc009.dat
+ 2001-08-23 15:00 . 2009-05-31 12:42 82278 c:\windows\system32\perfc009.dat
+ 2001-08-23 15:00 . 2009-05-31 12:42 459950 c:\windows\system32\perfh009.dat
- 2001-08-23 15:00 . 2009-05-30 19:57 459950 c:\windows\system32\perfh009.dat
+ 2006-01-01 21:23 . 2009-05-31 13:34 226938 c:\windows\system32\inetsrv\MetaBase.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"CardScan AutoSync"="d:\program files\CardScan\CardScan\System\csynccfg.exe" [2007-08-14 177400]
"Google Update"="c:\documents and settings\Administrator.ATHLON-T6524\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-02 133104]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 1688872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-18 339968]
"SunKistEM"="c:\program files\eMachines Bay Reader\shwiconem.exe" [2004-03-11 135168]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-12-03 29744]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2001-08-23 44032]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-01 7618560]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-01-26 51048]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-03-06 180269]
"Adobe Photo Downloader"="d:\program files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe" [2007-02-06 61440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" [2007-11-29 583048]
"WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-01-30 438272]
"StatusClient 2.6"="c:\program files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe" [2004-02-11 61440]
"TomcatStartup 2.5"="c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-02-12 163840]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-01-07 49152]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2008-08-15 536576]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-01 136600]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-26 1947928]
"Logitech Utility"="Logi_MwX.Exe" - c:\windows\LOGI_MWX.EXE [2003-12-17 19968]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-06-01 1519616]
"NvMediaCenter"="NvMCTray.dll" - c:\windows\system32\nvmctray.dll [2006-06-01 86016]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-04-15 77824]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]
"WUAppSetup"="c:\program files\Common Files\logishrd\WUApp32.exe" [2007-05-11 441120]

c:\documents and settings\administrator\Start Menu\Programs\Startup\
SyncBackSE.lnk - d:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2006-12-7 6206720]

c:\documents and settings\Administrator.ATHLON-T6524\Start Menu\Programs\Startup\
SyncBackSE.lnk - d:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2006-12-7 6206720]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - d:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2008-2-29 49254]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-26 11:51 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AVGEMS"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"Norton Ghost"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"CCALib8"=2 (0x2)
"Bonjour Service"=2 (0x2)
"AcrSch2Svc"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CardScan AutoSync"="d:\program files\CardScan\CardScan\System\csynccfg.exe" /background
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
"GoToMeeting"=c:\program files\Citrix\GoToMeeting\198\g2mstart.exe "/Trigger RunAtLogon"
"vbuzzer"=c:\program files\vbuzzer\vbuzzer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TrueImageMonitor.exe"=c:\program files\Acronis\TrueImage\TrueImageMonitor.exe
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe"
"eBayToolbar"=c:\program files\eBay\eBay Toolbar2\eBayTBDaemon.exe
"eFax 4.1"="c:\program files\eFax Messenger 4.1\J2GDllCmd.exe" /R
"StatusClient 2.6"=c:\program files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
"TomcatStartup 2.5"=c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"eFax 4.2"="c:\program files\eFax Messenger 4.2\J2GDllCmd.exe" /R
"VGAUtil"=c:\program files\GigaByte\VGA Utility Manager\G-VGA.exe
"Norton Ghost 10.0"="c:\program files\Norton Ghost\Agent\GhostTray.exe"
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"CardScanAgent"="d:\program files\CardScan\CardScan\CardScanAgent.exe"
"PCSuiteTrayApplication"=c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"eFax 4.3"="c:\program files\eFax Messenger 4.3\J2GDllCmd.exe" /R
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\vbuzzer\\VBuzzer.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\studio.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Documents and Settings\\mcr\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\mcr\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Western Digital\\WD Drive Manager\\WDBtnMgrUI.exe"=
"c:\\WINDOWS\\system32\\HPBPRO.EXE"=
"d:\\Program Files\\Linksys\\WUSB11 v25 Config Utility\\WUSB11Cfg.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56085:TCP"= 56085:TCP:Pando Media Booster
"56085:UDP"= 56085:UDP:Pando Media Booster

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/26/2009 7:51 AM 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/26/2009 7:51 AM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [5/26/2009 7:50 AM 298776]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [1/30/2008 4:52 AM 106496]
S2 gupdate1c8809a5b13dc2a;Google Update Service (gupdate1c8809a5b13dc2a);c:\program files\Google\Update\GoogleUpdate.exe [9/2/2008 1:20 PM 133104]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 GoogleDesktopManager-093007-112848;Google Desktop Manager 5.5.709.30344;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [1/3/2006 2:20 PM 29744]
S3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [1/5/2007 11:54 AM 19039]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6/28/2007 8:01 PM 42512]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [6/22/2008 2:25 PM 11520]
S3 WMP11V27;Instant Wireless PCI Card V2.7 Driver;c:\windows\system32\drivers\WMP11V27.sys [9/9/2008 7:00 PM 171776]
S3 WUSB11;Instant Wireless USB Network Adapter ver.2.5 Driver;c:\windows\system32\drivers\LSWLUSB.sys [11/13/2006 10:49 AM 50048]
S4 Aearlaat;Aearlaat; [x]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{BD8F264D-1BB5-5F0C-8A17-EFBA6D629116}]
c:\windows\system32\drivers\svchost.exe s
.
Contents of the 'Scheduled Tasks' folder

2009-05-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 20:42]

2009-05-31 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2006-12-24 23:41]

2009-05-31 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-09-02 17:20]

2009-05-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-725345543-839522115-1006.job
- c:\documents and settings\mcr\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-19 20:22]

2009-05-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-725345543-839522115-500.job
- c:\documents and settings\Administrator.ATHLON-T6524\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 17:29]

2009-05-31 c:\windows\Tasks\SyncBack Active Projects 2006.job
- c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2005-02-03 20:16]

2009-04-21 c:\windows\Tasks\SyncBackSE Active Projects 2006 toDVD Bakup.job
- d:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2006-12-07 22:59]

2009-04-21 c:\windows\Tasks\SyncBackSE My PIX Bakup.job
- d:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2006-12-07 22:59]

2009-04-21 c:\windows\Tasks\SyncBackSE MyMusic toWDMyBook Bakup.job
- d:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2006-12-07 22:59]

2009-04-21 c:\windows\Tasks\SyncBackSE MyMusic toWDMyBook Bakup2.job
- d:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2006-12-07 22:59]

2009-05-31 c:\windows\Tasks\SyncBackSE SCFAS Production Site Bakup.job
- d:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2006-12-07 22:59]

2009-05-31 c:\windows\Tasks\SyncBackSE scfasPROD2appdesitebak.job
- d:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2006-12-07 22:59]

2009-04-21 c:\windows\Tasks\SyncBackSE WDMyBook Bakup Group.job
- d:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2006-12-07 22:59]

2009-04-21 c:\windows\Tasks\SyncBackSE Zoot toWDMyBook Bakup.job
- d:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2006-12-07 22:59]

2009-05-31 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-03-26 02:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://plus.cnbc.com/player/main.do
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local;<local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {E638367A-3A2B-433F-BC32-004F548866AA} = 68.94.156.1,68.94.157.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Administrator.ATHLON-T6524\Application Data\Mozilla\Firefox\Profiles\bnl0vm3x.default\
FF - prefs.js: browser.search.selectedEngine - Amazon.com
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\Administrator.ATHLON-T6524\Local Settings\Application Data\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npaxctrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: d:\program files\iTunes\Mozilla Plugins\npitunes.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-31 09:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
ATIPTA = c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe?= ATPITA???????????????????????????????????????????!??????????w??e???!?????????????3??w`?????????e?????????????g??w???????w??????????????!?????,??????Z??????????????!????????????????w???w????????M??]D??????w??e????????w????M??]???? ???=??Z????g??w???w???????wc??]????????????M??]M??]????????????????????????`???????4??w????????????????M??]????????????M??]???????w????????Z??w????*??w????M??]????????????????????????????M??]????????????????????????g??w0??w
SunKistEM = c:\program files\eMachines Bay Reader\shwiconem.exe?= MEtsiKnuS?= ATPITA???????????????????????????????????????????!??????????w??e???!?????????????3??w`?????????e?????????????g??w???????w??????????????!?????,??????Z??????????????!????????????????w???w????????M??]D??????w??e????????w????M??]???? ???=??Z????g??w???w???????wc??]????????????M??]M??]????????????????????????`???????4??w????????????????M??]????????????M??]???????w????????Z??w????*??w????M??]????????????????????????????M??]????????????????????????g??w0??w
Logitech Utility = Logi_MwX.Exe?= ytilitU hcetigoL?Reader\shwiconem.exe?= MEtsiKnuS?= ATPITA???????????????????????????????????????????!??????????w??e???!?????????????3??w`?????????e?????????????g??w???????w??????????????!?????,??????Z??????????????!????????????????w???w????????M??]D??????w??e????????w????M??]???? ???=??Z????g??w???w???????wc??]????????????M??]M??]????????????????????????`???????4??w????????????????M??]????????????M??]???????w????????Z??w????*??w????M??]????????????????????????????M??]????????????????????????g??w0??w
Google Desktop Search = "c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" /startup?= hcraeS potkseD elgooG??????????????????!??????????w??e???!?????????????3??w`?????????e?????????????g??w???????w??????????????!?????,??????Z??????????????!????????????????w???w????????M??]D??????w??e????????w????M??]???? ???=??Z????g??w???w???????wc??]????????????M??]M??]????????????????????????`???????4??w????????????????M??]????????????M??]???????w????????Z??w????*??w????M??]????????????????????????????M??]????????????????????????g??w0??w
IMJPMIG8.1 = "c:\windows\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32?= 1.8GIMPJMI?eS potkseD elgooG??????????????????!??????????w??e???!?????????????3??w`?????????e?????????????g??w???????w??????????????!?????,??????Z??????????????!????????????????w???w????????M??]D??????w??e????????w????M??]???? ???=??Z????g??w???w???????wc??]????????????M??]M??]????????????????????????`???????4??w????????????????M??]????????????M??]???????w????????Z??w????*??w????M??]????????????????????????????M??]????????????????????????g??w0??w
IMEKRMIG6.1 = c:\windows\ime\imkr6_1\IMEKRMIG.EXE?= 1.6GIMRKEMI?vDef /Migration32?= 1.8GIMPJMI?eS potkseD elgooG??????????????????!??????????w??e???!?????????????3??w`?????????e?????????????g??w???????w??????????????!?????,??????Z??????????????!????????????????w???w????????M??]D??????w??e????????w????M??]???? ???=??Z????g??w???w???????wc??]????????????M??]M??]????????????????????????`???????4??w????????????????M??]????????????M??]???????w????????Z??w????*??w????M??]????????????????????????????M??]????????????????????????g??w0??w

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{05AC2CA4-9D93-32D8-AE673619A46BB764}\{B5C3A2C7-0F69-BCDD-BACA5675DFFD204D}\{69E387FB-63DC-7F36-9B03233CFCE1F807}*]
"S6KI1YERXJTIP3T5RVDI41UR2G1"=hex:01,00,01,00,00,00,00,00,26,ff,b1,c2,08,0b,50,
9e,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,11,8a,15,95,cf,
7e,ed,b0,e2,63,26,f1,3f,c8,ff,68,c2,e8,30,cc,e8,79,ef,f8,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5C082286-DD56-6B96-110FABAC317C22E3}\{17077DA0-F2D9-EF48-DBC13F521337D931}\{A783887F-564D-BBBA-662193019693FEBC}*]
"S6KI1YERXJTIP3T5RVDI41UR2G1"=hex:01,00,01,00,00,00,00,00,26,ff,b1,c2,08,0b,50,
9e,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:46,47,15,b0,92,4b,c7,ef,17,7f,80,f9,d3,
35,45,de,6a,9c,d6,61,af,45,84,18,25,26,b2,98,91,ae,7f,48,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{61A3D62A-E669-8B2B-95B7C505631D6590}\{1D71893B-0DD3-8FF9-31AA9E7B284EB027}\{CF9E2073-5E5A-1B13-96346A906352FBBE}*]
"S6KI1YERXJTIP3T5RVDI41UR2G1"=hex:01,00,01,00,00,00,00,00,26,ff,b1,c2,08,0b,50,
9e,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,11,5a,a0,10,4f,
c2,ca,ee,ff,7c,85,e0,43,d4,0e,fe,01,7b,73,a1,df,2a,83,bd,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,74,ba,3d,a8,d0,
6a,39,59,86,8c,21,01,be,91,eb,e7,d8,10,ae,4e,35,ed,db,e7,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,da,de,09,4b,c9,
67,97,4c,f5,1d,4d,73,a8,13,5c,05,61,8b,ed,89,8c,c3,b2,12,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,62,4a,4c,b2,32,
84,44,5d,df,20,58,62,78,6b,cf,c8,96,12,1a,39,51,e6,62,1b,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,37,d5,8d,92,ef,
b5,19,1a,fb,a7,78,e6,12,2f,9a,ea,cf,bd,09,63,df,d6,d1,37,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ADCDC452-5950-0BD6-5DEB640DBA321648}\{0A2FAA8F-EDBD-61CA-231081ECE2D6CFC4}\{38D3EADC-5C2C-A096-9079D739DE5BCFA9}*]
"S6KI1YERXJTIP3T5RVDI41UR2G1"=hex:01,00,01,00,00,00,00,00,26,ff,b1,c2,08,0b,50,
9e,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,58,00,5b,3f,bc,
44,88,cf,01,3a,48,fc,e8,04,4a,f1,ec,38,a6,da,bb,f4,2e,e9,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E24A3BE2-0E58-440D-C5291999CC5C5741}\{9EE83BBD-CDA7-8737-4BFE3ADA0C41BF51}\{12860FBF-70CB-D90A-D9669DC891BE38B3}*]
"S6KI1YERXJTIP3T5RVDI41UR2G1"=hex:01,00,01,00,00,00,00,00,26,ff,b1,c2,08,0b,50,
9e,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,46,b2,0d,ec,b5,
a3,dd,dd,f6,0f,4e,58,98,5b,89,c9,c4,bd,95,88,44,54,13,06,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,ce,c6,1a,54,71,
89,c1,43,3d,ce,ea,26,2d,45,aa,78,1b,5f,e0,0c,db,8f,87,42,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,ff,9d,f2,46,4f,
c7,b5,a4,2a,b7,cc,b5,b9,7f,41,e7,d0,08,db,73,c3,72,62,9f,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:05,73,21,dd,54,d8,4a,c5,32,e8,7d,41,2a,
30,5d,ba,6c,43,2d,1e,aa,22,2f,9c,19,c4,b1,24,2e,ea,4a,7f,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(780)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(836)
c:\windows\system32\relog_ap.dll

- - - - - - - > 'explorer.exe'(2844)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\hnetcfg.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\windows\system32\ConnAPI.DLL
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng-us.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
d:\program files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\gearsec.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\WgaTray.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\PCSuite\Services\ServiceLayer.exe
c:\program files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
d:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe
d:\program files\Linksys\WUSB11 v25 Config Utility\WUSB11Cfg.exe
c:\program files\Linksys\WMP11 Config Utility\WMP11CFG.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\HPBPRO.EXE
c:\windows\system32\HPBPRO.EXE
.
**************************************************************************
.
Completion time: 2009-05-31 9:43 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-31 13:43
ComboFix2.txt 2009-05-30 20:03

Pre-Run: 240,823,488,512 bytes free
Post-Run: 240,806,707,200 bytes free

415 --- E O F --- 2009-04-17 07:02

Attached Files



#10 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:36 AM

Posted 31 May 2009 - 09:04 AM

Sorry MIRABELLO but you ran DDS. :thumbup2: . I need either RSIT or HJT. Also post them in the open window instead of an attachment since it makes it easier for us to work on the log that way. It has to do with how we research any entries that may be suspect.

Thanks!!

Edited by thewall, 31 May 2009 - 09:05 AM.

If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#11 MIRABELLO

MIRABELLO
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:36 AM

Posted 31 May 2009 - 09:11 AM

Ouch. Sorry - this virus has flustered me. Here's the HJT file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:09:27 AM, on 5/31/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\GEARSec.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
D:\Program Files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe
C:\Program Files\QuickTime\QTTask.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
D:\Program Files\CardScan\CardScan\System\csynccfg.exe
C:\Documents and Settings\Administrator.ATHLON-T6524\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
D:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
D:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
D:\Program Files\Linksys\WUSB11 v25 Config Utility\WUSB11Cfg.exe
C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe
D:\Program Files\2BrightSparks\SyncBackSE\SyncBackSE.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\HPBPRO.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://plus.cnbc.com/player/main.do
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\eMachines Bay Reader\shwiconem.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [StatusClient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CardScan AutoSync] "D:\Program Files\CardScan\CardScan\System\csynccfg.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator.ATHLON-T6524\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08c5 -f video -m logitech -d 11.0.0.1217 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: SyncBackSE.lnk = D:\Program Files\2BrightSparks\SyncBackSE\SyncBackSE.exe
O4 - Global Startup: Acrobat Assistant.lnk = D:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Calendar Sync.lnk = D:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
O4 - Global Startup: Instant Wireless Configuration Utility.lnk = ?
O4 - Global Startup: Wireless PCI Card Configuration Utility.lnk = C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra button: Start WebEx MeetMeNow - {F5AD6CC5-776C-4DBB-B38F-F5404A3582F3} - C:\PROGRA~1\MOZILL~1\plugins\MyWebEx\419\mwmie.dll
O9 - Extra 'Tools' menuitem: Start WebEx MeetMeNow - {F5AD6CC5-776C-4DBB-B38F-F5404A3582F3} - C:\PROGRA~1\MOZILL~1\plugins\MyWebEx\419\mwmie.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shock...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E638367A-3A2B-433F-BC32-004F548866AA}: NameServer = 68.94.156.1,68.94.157.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - D:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c8809a5b13dc2a) (gupdate1c8809a5b13dc2a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe

--
End of file - 13964 bytes

#12 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:36 AM

Posted 31 May 2009 - 09:25 AM

Ouch. Sorry - this virus has flustered me. Here's the HJT file:


I understand, these infections are aggravating. :thumbup2: How is the computer running now?
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#13 MIRABELLO

MIRABELLO
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:36 AM

Posted 31 May 2009 - 09:31 AM

humming nicely, thanks to you.

#14 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:36 AM

Posted 31 May 2009 - 09:39 AM

That's always good to hear. I have something I need to check on and a couple more things we need to take care of. Hopefully I can get an answer to my question by today but it might be tomorrow before I hear anything and get back with you.
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#15 MIRABELLO

MIRABELLO
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:36 AM

Posted 31 May 2009 - 10:05 AM

thanks, thewall. does this mean the virus has not yet been rooted out yet?


will watch out for your message. kind regards.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users