Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

HijackThis Log - Help greatly appreciated

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

HijackThis Log - Help greatly appreciated

Unread postby Revan77 » January 23rd, 2009, 7:39 pm

I've had pop-up problems for a few weeks, but now having trouble with slow computer and being unable to click on anything sometimes. The pop-ups seem to happen most when I attempt to search on google.

Here are a couple examples of what pops up:


http:// 82.98.235.111/dot.gif/?ver=120&cmp=superjuan&uid=62DF00B0C40A11DD957D168440CFFFFF&guid=0CB3DC48A87D468AAAE2D79F16A13624&affid=166350&rid=zdez&m=irq4&revid=9961&lid=www.google.com%2Fsearch%3Fq=http%3A%2F%2F82.98.235.111%2Fdot.gif%26ie=utf-8%26oe=utf-8%26aq=t%26rls=org.mozilla%3Aen-US%3Aofficial%26client=firefox-a&uqs=1197&s=0&c1=1197&c2=0&uid_track=903c82fa-231b-4bd0-a204-c1fab7b9e96e&br=firefox

http:// electronics4me.com/tbredir.php?&sid=3d758b4170a72992524695adf2808a80

htt p://ww w.utterpop.com/popup.php?r=%27%5DE%60%27E%27g%5DexEnPW%40EGQlZ%5DP%7D%23P%23%60WxZ%60xU%22GC%27x%5DPg%7D%234

http:// 70.38.98.32/red.php?lid=hijackthis&br=firefox&url=www.google.com%2Fsearch%3Fq%3Dhijackthis%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a&z=US&affid=166350&ver=120&shows=0&click1=1225&click2=0&uqs=1225&uid=62DF00B0C40A11DD957D168440CFFFFF&guid=0CB3DC48A87D468AAAE2D79F16A13624&jguid=&cmp=superjuan&rid=zdez&xp=1

Any help is appreciated. Here is the HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:24:51 PM, on 1/23/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\LTMSG.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\prunnet.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\krnl32.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet

Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://search.myidentitydefender.com/smallsearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.conquerclub.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer =

sas.r4.attbi.com:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =

sas.r4.attbi.com;*.local
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - ~EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: MyIdentityDefender - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6}

- C:\Documents and Settings\Owner\Local Settings\Application

Data\CyberDefender\cdmyidd.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program

Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: MyIdentityDefender - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} -

C:\Documents and Settings\Owner\Local Settings\Application

Data\CyberDefender\cdmyidd.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update

Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program

Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control

Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common

Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program

Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft

Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat

8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM]

C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader

8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software

Group\SpyHunter\SpyHunter3.exe
O4 - HKLM\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe"
O4 - HKCU\..\Run: [GetModule31] "C:\Program Files\GetModule\GetModule31.exe"
O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\Owner\Application

Data\gadcom\gadcom.exe"

61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe"
O4 - HKCU\..\Run: [SysDriver32] C:\WINDOWS\krnl32.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft

Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: Add to Windows &Live Favorites -

http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Append to existing PDF - res://C:\Program

Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program

Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program

Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program

Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program

Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program

Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program

Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program

Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -

C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote -

{2670000A-7350-4f3c-8081-5663EE0C6C49} -

C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} -

C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com -

{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program

Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control

Class) - http://www.fileplanet.com/fpdlmgr/cabs/ ... 0_0_44.cab
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} -

http://download.websearch.com/Dnl/T_50188/QDow_AS2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2BE41984-B389-4D0F-A14D-C0D4D97F0C25}:

NameServer = 85.255.115.53,85.255.112.95
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer =

85.255.116.104,85.255.112.229
O17 - HKLM\System\CS1\Services\Tcpip\..\{2BE41984-B389-4D0F-A14D-C0D4D97F0C25}:

NameServer = 85.255.116.104,85.255.112.229
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer =

85.255.116.153,85.255.112.12
O17 - HKLM\System\CS2\Services\Tcpip\..\{2BE41984-B389-4D0F-A14D-C0D4D97F0C25}:

NameServer = 85.255.116.153,85.255.112.12
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer =

85.255.115.53,85.255.112.95
O17 - HKLM\System\CS3\Services\Tcpip\..\{2BE41984-B389-4D0F-A14D-C0D4D97F0C25}:

NameServer = 85.255.115.53,85.255.112.95
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer =

85.255.115.53,85.255.112.95
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} -

C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program

Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll ffrjhw.dll npoxzf.dll lcbihe.dll uelglx.dll paphal.dll

eyghwy.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program

Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common

Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. -

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program

Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. -

C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common

files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common

Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 11702 bytes
Revan77
Regular Member
 
Posts: 15
Joined: January 23rd, 2009, 7:29 pm
Advertisement
Register to Remove

Re: HijackThis Log - Help greatly appreciated

Unread postby DFW » January 24th, 2009, 4:57 pm

My name is DFW, and I will be helping you to remove any infection(s) that you may have.

Please note! that all instructions given are customised for this computer only, the tools used may cause damage if used on a different computer or infection.


Please observe these rules while we work:
If you don't know, stop and ask! Don't keep going on.
Stick with it till you're given the all clear.
REMEMBER, ABSENCE OF SYMPTOMS DOES NOT MEAN THE INFECTION IS ALL GONE.
Please not try and clean your computer with any tools other than the ones I ask you to use during the cleanup process

If you can do these things, everything should go smoothly.




First off your HijackThis log is very hard to read, please open Notepad, go to the Format menu and untick wordwarp
Notepad can be found start menu, programs, Accessories.




Make a uninstall list using HijackThis
To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.


Click on the Save list... button and specify where you would like to save this file.

When you press Save button a notepad will open with the contents of that file.
Simply copy and paste the contents of that notepad here on your next reply.




Post the uninstall list with a new HiJackthis Log
User avatar
DFW
MRU Honors Grad Emeritus
 
Posts: 3229
Joined: September 28th, 2006, 12:23 pm
Location: UK

Re: HijackThis Log - Help greatly appreciated

Unread postby Revan77 » January 25th, 2009, 4:47 am

Hmm....for some reason when I click on "Save list" the whole thing disappears and i get nothing. :(
Revan77
Regular Member
 
Posts: 15
Joined: January 23rd, 2009, 7:29 pm

Re: HijackThis Log - Help greatly appreciated

Unread postby DFW » January 25th, 2009, 5:35 am

Ok lets try this

  1. Please download Malwarebytes' Anti-Malware and save it to a convenient location.
  2. Double click on mbam-setup.exe to install it.
  3. Before clicking the Finish button, make sure that these 2 boxes are checked (ticked):
      Update Malwarebytes' Anti-Malware
      Launch Malwarebytes' Anti-Malware
  4. Malwarebytes' Anti-Malware will now check for updates. If your firewall prompts, please allow it. If you can't update it, select the Update tab. Under Update Mirror, select one of the websites and click on Check for Updates.
  5. Select the Scanner tab. Click on Perform full scan, then click on Scan.
  6. Leave the default options as it is and click on Start Scan.
  7. When done, you will be prompted. Click OK, then click on Show Results.
  8. Checked (ticked) all items and click on Remove Selected.
  9. After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest.

Reboot your system


Next
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)


Please post back

Malwarebytes' Anti-Malware Log
(RSIT) log.txt and info.txt
User avatar
DFW
MRU Honors Grad Emeritus
 
Posts: 3229
Joined: September 28th, 2006, 12:23 pm
Location: UK

Re: HijackThis Log - Help greatly appreciated

Unread postby Revan77 » January 25th, 2009, 7:43 pm

Malwarebytes' Anti-Malware 1.33
Database version: 1693
Windows 5.1.2600 Service Pack 3

1/25/2009 4:23:01 PM
mbam-log-2009-01-25 (16-23-01).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 33872
Time elapsed: 29 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 6
Registry Keys Infected: 25
Registry Values Infected: 6
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 36

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\ckvpsgak.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\urqOGARL.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\uelglx.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\paphal.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\igqfja.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ssqOIyxW.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3057bf6a-9735-453e-98c3-1b403a7c23fa} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{3057bf6a-9735-453e-98c3-1b403a7c23fa} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77ab5974-55a3-4737-9fd5-b93c64307f78} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{77ab5974-55a3-4737-9fd5-b93c64307f78} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{de6d0331-66d6-49dc-ab42-b78f2f6ca038} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c02871a5-2150-4c14-8f97-8c331b159424} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6b18b21b-5f65-4808-b84f-5eb9ffd5d9ea} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6b18b21b-5f65-4808-b84f-5eb9ffd5d9ea} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cdmyidd.securitytoolbar (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{cd24eb02-9831-4838-99d0-726d411b1328} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f20da564-9254-49fe-a678-cc3cef172252} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cdmyidd.securitytoolbar.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssqoiyxw (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\64ced7fd (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{4e7bd74f-2b8d-469e-86bd-fd60bb9aae3a} (Adware.OneToolBar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\urqogarl -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\urqogarl -> Delete on reboot.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\urqOGARL.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\LRAGOqru.ini (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\LRAGOqru.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ckvpsgak.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\kagspvkc.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pdlbawcf.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fcwabldp.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wjbsxata.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ataxsbjw.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awlruyxf.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uelglx.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\paphal.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\igqfja.dll (Trojan.Vundo) -> Delete on reboot.
C:\Documents and Settings\Owner\Local Settings\Application Data\CyberDefender\cdmyidd.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssqOIyxW.dll (Trojan.Vundo) -> Delete on reboot.
C:\Documents and Settings\Owner\Local Settings\Temp\tmp8.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\tmp81243.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\tmp96826.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\tmp98423.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\tmpE.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\winsinstall.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\winvsnet.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\seneka4fa8.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\senekacxniduxyyc.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\senekatqbvpdwofv.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\senekawkikossptb.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\tmp6F.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\tmp10.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\tmp12.tmp (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Owner\Local Settings\Temp\tmp12354.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\tmp22345.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\tmp34567.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\tmp43429.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\tmp47156.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\tmp5.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\xpre.tmp (Trojan.BHO) -> Quarantined and deleted successfully.


Logfile of random's system information tool 1.05 (written by random/random)
Run by Owner at 2009-01-25 16:31:48
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 126 GB (68%) free of 187 GB
Total RAM: 959 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:32:45 PM, on 1/25/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\LTMSG.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\krnl32.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.myidentitydefender.com/smallsearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.conquerclub.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sas.r4.attbi.com:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = sas.r4.attbi.com;*.local
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - ~EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {15361C1A-5428-4BDA-B2C9-1F5805C05E44} - C:\WINDOWS\system32\hgGxUKeB.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKLM\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe"
O4 - HKCU\..\Run: [GetModule31] "C:\Program Files\GetModule\GetModule31.exe"
O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\Owner\Application Data\gadcom\gadcom.exe" 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SysDriver32] C:\WINDOWS\krnl32.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/ ... 0_0_44.cab
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50188/QDow_AS2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2BE41984-B389-4D0F-A14D-C0D4D97F0C25}: NameServer = 85.255.115.53,85.255.112.95
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.104,85.255.112.229
O17 - HKLM\System\CS1\Services\Tcpip\..\{2BE41984-B389-4D0F-A14D-C0D4D97F0C25}: NameServer = 85.255.116.104,85.255.112.229
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.53,85.255.112.95
O17 - HKLM\System\CS2\Services\Tcpip\..\{2BE41984-B389-4D0F-A14D-C0D4D97F0C25}: NameServer = 85.255.115.53,85.255.112.95
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.115.53,85.255.112.95
O17 - HKLM\System\CS3\Services\Tcpip\..\{2BE41984-B389-4D0F-A14D-C0D4D97F0C25}: NameServer = 85.255.115.53,85.255.112.95
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.53,85.255.112.95
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll ffrjhw.dll npoxzf.dll lcbihe.dll uelglx.dll paphal.dll eyghwy.dll igqfja.dll
O20 - Winlogon Notify: jkkHBQGx - jkkHBQGx.dll (file missing)
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 12174 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Symantec NetDetect.job
C:\WINDOWS\tasks\whsplbpv.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15361C1A-5428-4BDA-B2C9-1F5805C05E44}]
C:\WINDOWS\system32\hgGxUKeB.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2004-05-11 744960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-18 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-18 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-18 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"=VTTimer.exe []
"UpdateManager"=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe /r []
"Sunkist2k"=C:\Program Files\Multimedia Card Reader\shwicon2k.exe [2003-10-29 135168]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2003-11-03 221184]
"LTMSG"=LTMSG.exe 7 []
"hpsysdrv"=c:\windows\system\hpsysdrv.exe [1998-05-07 52736]
"HPHUPD05"=c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe [2003-08-21 49152]
"HPHmon05"=C:\WINDOWS\System32\hphmon05.exe [2003-08-21 483328]
"AlcxMonitor"=C:\WINDOWS\ALCXMNTR.EXE [2004-09-07 57344]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2003-04-28 323584]
"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2003-12-05 3022848]
"nwiz"=nwiz.exe /installquiet /keeploaded /nodetect []
"LogitechCommunicationsManager"=C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2006-12-22 497176]
"LogitechQuickCamRibbon"=C:\Program Files\Logitech\QuickCam10\QuickCam10.exe [2006-12-22 756248]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-26 31016]
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2008-01-11 623992]
""= []
"Adobe_ID0EYTHM"=C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [2007-03-20 1884160]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-01-18 136600]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-11-27 1261336]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
"SpyHunter Security Suite"=C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe []
"prunnet"=C:\WINDOWS\system32\prunnet.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
""= []
"ATI Launchpad"= []
"Aim6"= []
"GetModule31"=C:\Program Files\GetModule\GetModule31.exe []
"gadcom"=C:\Documents [2005-06-19 5]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"SysDriver32"=C:\WINDOWS\krnl32.exe [2009-01-19 2521]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WT GameChannel]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]
C:\PROGRA~1\COMPAQ~1\1940576\Program\BACKWE~1.EXE [2004-01-26 16384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Organize.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Shortcut to CircuitCity.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^spamsubtract.lnk]
[]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll ffrjhw.dll npoxzf.dll lcbihe.dll uelglx.dll paphal.dll eyghwy.dll igqfja.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2003-11-18 323584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\jkkHBQGx]
jkkHBQGx.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"SpecifyDefaultButtons"=0
"Btn_Search"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\eDonkey2000\edonkey2000.exe"="C:\Program Files\eDonkey2000\edonkey2000.exe:*:Enabled:eDonkey2000 Application"
"C:\Program Files\Ares\Ares.exe"="C:\Program Files\Ares\Ares.exe:*:Enabled:Ares"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Real\RealOne Player\realplay.exe"="C:\Program Files\Real\RealOne Player\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe"="C:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe:*:Enabled:BF1942"
"C:\Program Files\Soulseek\slsk.exe"="C:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek"
"C:\Program Files\WinMX\WinMX.exe"="C:\Program Files\WinMX\WinMX.exe:*:Enabled:WinMX Application"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\Yahoo!\Messenger\YPager.exe"="C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\WINDOWS\system32\InetCntrl\InetCntrl.exe"="C:\WINDOWS\system32\InetCntrl\InetCntrl.exe:*:Enabled:Bsecure Internet Protection Services - Application"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe"="C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Windows Explorer"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Java\jre1.6.0_07\launch4j-tmp\JDownloader.exe"="C:\Program Files\Java\jre1.6.0_07\launch4j-tmp\JDownloader.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\WINDOWS\system32\java.exe"="C:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9b6453fe-6bf4-11dd-9dc0-000ea6880ecb}]
shell\AutoRun\command - K:\wd_windows_tools\WDSetup.exe


======List of files/folders created in the last 1 months======

2009-01-25 16:31:48 ----D---- C:\rsit
2009-01-25 11:53:29 ----D---- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2009-01-25 11:52:42 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-25 11:52:42 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-01-24 18:52:20 ----A---- C:\WINDOWS\system32\extcbvnm.dll
2009-01-24 17:52:23 ----SH---- C:\WINDOWS\system32\dekqbieq.ini
2009-01-24 00:30:00 ----A---- C:\WINDOWS\system32\pmnnoOiI.dll
2009-01-23 16:24:09 ----D---- C:\Program Files\Trend Micro
2009-01-23 15:49:40 ----A---- C:\WINDOWS\system32\eyghwy.dll
2009-01-23 15:49:39 ----A---- C:\WINDOWS\system32\aapunmfj.dll
2009-01-23 15:48:31 ----SH---- C:\WINDOWS\system32\rqvmixyh.ini
2009-01-22 21:37:42 ----SH---- C:\WINDOWS\system32\ukdqvcnh.ini
2009-01-22 21:34:50 ----A---- C:\WINDOWS\system32\gufihnwu.dll
2009-01-20 15:40:08 ----A---- C:\WINDOWS\system32\lcbihe.dll
2009-01-20 15:39:55 ----A---- C:\WINDOWS\system32\ypyedujl.dll
2009-01-19 20:54:44 ----RSHD---- C:\resycled
2009-01-19 20:53:30 ----A---- C:\WINDOWS\krnl32.exe
2009-01-19 20:53:29 ----A---- C:\WINDOWS\system32\~.exe
2009-01-19 11:11:22 ----SH---- C:\WINDOWS\system32\cpkxkqjl.ini
2009-01-19 11:08:23 ----A---- C:\WINDOWS\system32\npoxzf.dll
2009-01-19 11:08:21 ----A---- C:\WINDOWS\system32\egkgceyx.dll
2009-01-18 16:53:05 ----A---- C:\WINDOWS\system32\javaws.exe
2009-01-18 16:53:05 ----A---- C:\WINDOWS\system32\javaw.exe
2009-01-18 16:53:05 ----A---- C:\WINDOWS\system32\java.exe
2009-01-18 16:53:05 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-01-18 11:05:35 ----A---- C:\WINDOWS\system32\ffrjhw.dll
2009-01-18 11:05:30 ----A---- C:\WINDOWS\system32\iqbcidqk.dll
2009-01-17 08:24:45 ----A---- C:\WINDOWS\system32\acmejo.dll
2009-01-17 08:24:44 ----A---- C:\WINDOWS\system32\vmavvhqn.dll
2009-01-16 07:17:55 ----SH---- C:\WINDOWS\system32\wdvpbsey.ini
2009-01-16 07:16:09 ----A---- C:\WINDOWS\system32\znrmnh.dll
2009-01-16 07:16:05 ----A---- C:\WINDOWS\system32\exeobivw.dll
2009-01-15 15:39:09 ----SH---- C:\WINDOWS\system32\mgtjbjsb.ini
2009-01-15 15:36:09 ----A---- C:\WINDOWS\system32\vowkfc.dll
2009-01-15 15:36:08 ----A---- C:\WINDOWS\system32\oiimfycp.dll
2009-01-14 15:34:11 ----SH---- C:\WINDOWS\system32\bnssohlb.ini
2009-01-14 15:33:25 ----A---- C:\WINDOWS\system32\bhvzyl.dll
2009-01-14 15:33:20 ----A---- C:\WINDOWS\system32\tqjdijss.dll
2009-01-13 23:07:30 ----SH---- C:\WINDOWS\system32\vbhfhkmd.ini
2009-01-13 23:04:31 ----A---- C:\WINDOWS\system32\okdfon.dll
2009-01-13 23:04:29 ----A---- C:\WINDOWS\system32\fduxmdpf.dll
2009-01-12 23:07:57 ----D---- C:\Program Files\VirusRemover2008
2009-01-12 23:06:08 ----A---- C:\WINDOWS\system32\wvUlklkk.dll
2009-01-12 23:03:40 ----SH---- C:\WINDOWS\system32\cgnhhqac.ini
2009-01-12 23:03:35 ----A---- C:\WINDOWS\system32\ketvqu.dll
2009-01-12 23:03:31 ----A---- C:\WINDOWS\system32\peahmwpx.dll

======List of files/folders modified in the last 1 months======

2009-01-25 16:28:39 ----D---- C:\WINDOWS\Temp
2009-01-25 16:28:16 ----D---- C:\Program Files\Mozilla Firefox
2009-01-25 16:27:41 ----A---- C:\Pollog.txt
2009-01-25 16:27:40 ----A---- C:\PollSt.txt
2009-01-25 16:26:37 ----D---- C:\WINDOWS\system32
2009-01-25 16:26:36 ----D---- C:\WINDOWS\system32\drivers
2009-01-25 16:26:12 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-25 15:31:55 ----D---- C:\WINDOWS\Prefetch
2009-01-25 11:52:42 ----AD---- C:\Program Files
2009-01-25 01:41:12 ----SHD---- C:\RECYCLER
2009-01-24 18:52:19 ----A---- C:\WINDOWS\system32\6fed1383-.txt
2009-01-24 11:04:15 ----HD---- C:\$AVG8.VAULT$
2009-01-24 11:00:17 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-01-24 00:29:46 ----D---- C:\WINDOWS
2009-01-19 13:36:23 ----RSD---- C:\WINDOWS\assembly
2009-01-18 16:52:36 ----SHD---- C:\WINDOWS\Installer
2009-01-18 16:52:32 ----D---- C:\Program Files\Java
2009-01-14 21:18:01 ----D---- C:\Program Files\Soulseek
2008-12-29 18:02:45 ----D---- C:\Program Files\Common Files\Adobe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-13 37760]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-08-30 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-08-24 26824]
R1 SiSkp;SiSkp; C:\WINDOWS\System32\DRIVERS\srvkp.sys [2003-12-05 11392]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 ltmodem5;Agere Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2003-07-02 652497]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2006-12-22 25632]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2003-12-05 1619243]
R3 nvax;Service for NVIDIA(R) nForce(TM) Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2004-10-22 53376]
R3 NVENET;NVIDIA nForce MCP Networking Controller Driver; C:\WINDOWS\System32\DRIVERS\NVENET.sys [2003-04-21 54784]
R3 nvnforce;Service for NVIDIA(R) nForce(TM) Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2004-10-22 413824]
R3 Ps2;PS2; C:\WINDOWS\System32\DRIVERS\PS2.sys [2002-07-29 23808]
R3 SunkFilt;Alcor Micro Corp - 9360; \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys []
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S1 gaopdxserv.sys;gaopdxserv.sys; C:\WINDOWS\system32\drivers\gaopdxserv.sys [2009-01-25 71680]
S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-11-20 122110]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-11-20 99002]
S3 61883;61883 Unit Device; C:\WINDOWS\System32\DRIVERS\61883.sys [2008-04-13 48128]
S3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-12-12 391424]
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-10-01 2279424]
S3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2003-04-28 625920]
S3 Avc;AVC Device; C:\WINDOWS\System32\DRIVERS\avc.sys [2008-04-13 38912]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 FilterService;UVC Filter Service; C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys [2006-12-14 22432]
S3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2003-11-20 95579]
S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2006-12-22 1683232]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2006-12-22 1963680]
S3 lvpopflt;Logitech POP Suppression Filter; C:\WINDOWS\system32\DRIVERS\lvpopflt.sys [2006-12-14 1513120]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2006-12-14 41248]
S3 LVUVC;Logitech QuickCam Pro 5000(UVC); C:\WINDOWS\system32\DRIVERS\lvuvc.sys [2006-12-14 1090720]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\System32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys []
S3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\System32\DRIVERS\R8139n51.SYS [2002-10-04 46976]
S3 SiS315;SiS315; C:\WINDOWS\System32\DRIVERS\sisgrp.sys [2003-12-06 429440]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 Sunkfiltp;HP && Alcor Micro Corp for Phison; \??\C:\WINDOWS\System32\Drivers\sunkfiltp.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbbus;LGE CDMA Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2005-05-26 21344]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 UsbDiag;LGE CDMA USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2005-05-26 38144]
S3 USBModem;LGE CDMA USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2005-06-24 39036]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 viagfx;viagfx; C:\WINDOWS\System32\DRIVERS\vtmini.sys [2003-10-16 117760]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2003-08-15 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-30 231704]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-18 152984]
R2 LVPrcSrv;Process Monitor; c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe [2006-12-22 109344]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2003-12-05 77824]
R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2001-01-01 654848]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2003-04-28 254037]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2003-04-28 114775]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2006-12-22 105248]
S2 SymWSC;SymWMI Service; C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe [2004-11-02 316544]
S3 Adobe Version Cue CS3;Adobe Version Cue CS3; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [2007-03-20 153792]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.05 2009-01-25 16:33:13

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->c:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\Setup.exe"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\Setup.exe"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\Setup.exe"
-->RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3ivx D4 4.5.1 (remove only)-->"C:\Program Files\3ivx\3ivx D4 4.5.1\uninstall.exe"
Ace Utilities 2.5.0-->"C:\Program Files\Ace Utilities\unins000.exe"
Ad-aware 6 Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Add or Remove Adobe Creative Suite 3 Design Standard-->C:\Program Files\Common Files\Adobe\Installers\0e772471f6aed60c960ed52600a76bd\Setup.exe
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe BridgeTalk Plugin CS3-->MsiExec.exe /I{B7F560B3-6EFF-4026-A982-843895A41149}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Creative Suite 3 Design Standard-->MsiExec.exe /I{222421DC-CAEB-42EC-AF15-09A39AA5C94D}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\5bc0f8414ec36c555a3e7e5ec2e225e\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{1BCEA516-B4C5-4B2D-BFA0-AB7910BAD862}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Illustrator CS3-->MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}
Adobe InDesign CS3 Icon Handler-->MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}
Adobe InDesign CS3-->MsiExec.exe /I{CB3F8375-B600-4B9F-83C9-238ED1E583FD}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe MotionPicture Color Files-->MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop Album 2.0 Starter Edition-->MsiExec.exe /I{11B569C2-4BF6-4ED0-9D17-A4273943CB24}
Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup-->MsiExec.exe /I{D4DBF0C9-E294-4C01-A205-73B8ED947D50}
Adobe Setup-->MsiExec.exe /I{D504303A-717D-414C-BA9F-FE01093E2EF8}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe SING CS3-->MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe Version Cue CS3 Server {ko_KR} -->MsiExec.exe /I{1D58229F-C505-45CA-8223-F35F3A34B963}
Adobe WAS CS3-->MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Advertisement Service-->C:\WINDOWS\system32\prunnet.exe Uninstall
AHV content for Acrobat and Flash-->MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
AIM 6-->C:\Program Files\AIM6\uninst.exe
Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ArcSoft Camera Suite 1.3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AD13BFB0-FDD2-4AFA-A8AF-9F4A950D56B7}\setup.exe" -l0x9
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI DVD Decoder 2.2.0.0-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{D3661269-10B6-495F-B4EE-539ABE3F9AA9} /l1033
ATI Multimedia Center 8.1.0.0-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{28ADA52D-B7AF-442C-8B7F-CEB9ECC28078} /l1033
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Comcast Universal Installer v1.2-->MsiExec.exe /I{54AE3C08-D7D8-45FF-9348-0B4BE0D5A6CB}
Compaq Connections-->C:\WINDOWS\BWUnin-6.2.3.66L.exe -AppId 1940576
Compaq Instant Support-->C:\PROGRA~1\COMPAQ~2\UNWISE.EXE C:\PROGRA~1\COMPAQ~2\INSTALL.LOG
Cucusoft DVD to iPod Converter 5.28-->"C:\Program Files\Cucusoft\ipod-converter\unins000.exe"
Daniusoft iPod Music Transfer(Build 1.2.10)-->"C:\Program Files\Daniusoft\iPod Music Transfer\unins000.exe"
DAO-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}
DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DivX-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
Evolver-->MsiExec.exe /I{E9BB45A6-3D37-4272-BD5C-976AF30546F3}
Free iPod Video Converter 1.32-->"C:\Program Files\Free iPod Video Converter\unins000.exe"
Google Video Uploader-->"C:\Program Files\Google Video\Uninstall.exe"
HiJaak Image Manager Browser 1.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A8F10BB5-1264-4116-8150-89AB1FB48F20}\setup.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Photo & Imaging 3.5 - HP Devices-->C:\Program Files\HP\Digital Imaging\{15B9DC72-73F9-4d99-9E28-848D66DA8D99}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP Software Update-->MsiExec.exe /X{34957B51-9676-41CE-9E52-44AE91B73F1C}
HyperLoad - Multiplayer Billiards-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{138EE4BB-1288-4C13-9309-F934E47083F2}\setup.exe" -l0x9 -uninst -removeonly
HyperLoad - Multiplayer Bowling-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{15F5C98B-756F-4752-8820-5D91A155A3BD}\setup.exe" -l0x9 -uninst -removeonly
ImTOO iPod Movie Converter-->C:\Program Files\ImTOO\ImTOO iPod Movie Converter\Uninstall.exe
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
Internet Speed Monitor-->C:\Program Files\iCheck\Uninstall.exe
InterVideo WinDVD Creator 2-->"C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
InterVideo WinDVD Player-->"C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
LG USB Drivers-->C:\PROGRA~1\LGDRIV~1\LGUSBD~1\UNWISE.EXE C:\PROGRA~1\LGDRIV~1\LGUSBD~1\INSTALL.LOG
LiveUpdate 2.6 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Logitech Audio Echo Cancellation Component-->MsiExec.exe /X{BEF726DD-4037-4214-8C6A-E625C02D2870}
Logitech QuickCam-->MsiExec.exe /X{31C50740-FC5A-4C6C-B91B-E3B5DFADC824}
Logitech Video Enumerator-->MsiExec.exe /X{EA516024-D84D-41F1-814F-83175A6188F2}
Logitech® Camera Driver-->"C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works 7.0-->MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
MotionDV STUDIO 5.3E LE for DV-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{43F8F1E5-C740-4293-A309-EA9DD6474DB1}\setup.exe" UNINSTALL
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Music Assistant-->rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Multimedia Card Reader-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{EF9967D8-1999-4260-ACC2-86901AA36650}
MVision-->MsiExec.exe /I{35725FBC-A136-4A46-9F29-091759D9BB93}
MyIdentityDefender Toolbar (CyberDefender Corporation)-->C:\Documents and Settings\Owner\Local Settings\Application Data\CyberDefender\cdinstx.exe /u
Native Instruments Traktor Beatport Player-->C:\PROGRA~1\NATIVE~1\TRAKTO~1\UNWISE.EXE C:\PROGRA~1\NATIVE~1\TRAKTO~1\INSTALL.LOG
Norton WMI Update-->MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352}
NVIDIA Display Driver-->C:\WINDOWS\system32\nvudisp.exe Uninstall C:\WINDOWS\system32\nvdisp.nvu,NVIDIA Display Driver
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
NVIDIA Ethernet Driver-->C:\WINDOWS\System32\nvuenet.exe Uninstall C:\WINDOWS\System32\Nvenet.nvu,NVIDIA Ethernet Driver
NVIDIA GART Driver-->C:\WINDOWS\System32\nvugart.exe Uninstall C:\WINDOWS\System32\Nvgart.nvu,NVIDIA GART Driver
PC-Doctor for Windows-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\Setup.exe"
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Photosmart 140,240,7200,7600,7700,7900 Series-->C:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\setup\hpzscr01.exe -datfile hphscr01.dat
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Rhapsody Player Engine-->MsiExec.exe /I{8A62A068-3FD6-495A-9F66-26FE94F32EC9}
screensaver2004-->C:\WINDOWS\screensaver2004.scr /u
Security Update for Microsoft .NET Framework 2.0 (KB928365)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Encoder (KB954156)-->"C:\WINDOWS\$NtUninstallKB954156_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
SoulSeek Client 156-->"C:\Program Files\Soulseek\uninstall.exe"
Spybot - Search & Destroy 1.3-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpyHunter-->"C:\Program Files\Enigma Software Group\SpyHunter\Uninstall.exe" "C:\Program Files\Enigma Software Group\SpyHunter\install.log" -u
Spyware Doctor 2.1-->"C:\Program Files\Spyware Doctor\unins000.exe"
SqrSoft® Advanced Crossfading (remove only)-->"C:\Program Files\Winamp\unout_mix2dsk.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Video Stream Driver for Panasonic DVC-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{9A97D672-6C93-4DFA-B527-DE005A761495} /l1033
VideoLAN VLC media player 0.8.6c-->C:\Program Files\VideoLAN\VLC\uninstall.exe
WD Diagnostics-->MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant-->MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinMX-->C:\Program Files\WinMX\uninstall.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Wisdom-soft ScreenHunter 4.0 Free-->C:\PROGRA~1\WISDOM~1\UNWISE.EXE C:\PROGRA~1\WISDOM~1\INSTALL.LOG
Yahoo! Internet Mail-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

======Hosts File======

127.0.0.1 www.f1organizer.com
127.0.0.1 www.netpalnow.com
127.0.0.1 www.addictivetechnologies.com
127.0.0.1 www.mindseti.com
127.0.0.1 www.mindsetinteractive.com
127.0.0.1 1stpagehere.com
127.0.0.1 www.1stpagehere.com
127.0.0.1 www.31234.com
127.0.0.1 356563.net
127.0.0.1 www.356563.net

======Security center information======

AV: AVG Anti-Virus Free

System event log

Computer Name: SAGE
Event Code: 6006
Message: The Event log service was stopped.

Record Number: 24107
Source Name: EventLog
Time Written: 20081214005636.000000-420
Event Type: information
User:

Computer Name: SAGE
Event Code: 7036
Message: The FLEXnet Licensing Service service entered the stopped state.

Record Number: 24106
Source Name: Service Control Manager
Time Written: 20081214005503.000000-420
Event Type: information
User:

Computer Name: SAGE
Event Code: 35
Message: The time service is now synchronizing the system time with the time
source time.windows.com (ntp.m|0x1|71.237.33.99:123->207.46.197.32:123).

Record Number: 24105
Source Name: W32Time
Time Written: 20081213211315.000000-420
Event Type: information
User:

Computer Name: SAGE
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 24104
Source Name: Tcpip
Time Written: 20081213174539.000000-420
Event Type: warning
User:

Computer Name: SAGE
Event Code: 7036
Message: The IMAPI CD-Burning COM Service service entered the stopped state.

Record Number: 24103
Source Name: Service Control Manager
Time Written: 20081213170424.000000-420
Event Type: information
User:

Application event log

Computer Name: SAGE
Event Code: 0
Message:
Record Number: 34372
Source Name: Viewpoint Manager Service
Time Written: 20080921095518.000000-360
Event Type: information
User:

Computer Name: SAGE
Event Code: 105
Message: The service was started.

Record Number: 34371
Source Name: ATI Smart
Time Written: 20080921095516.000000-360
Event Type: information
User:

Computer Name: SAGE
Event Code: 1001
Message: Detection of product '{31C50740-FC5A-4C6C-B91B-E3B5DFADC824}', feature 'QuickCam' failed during request for component '{C207503F-9631-4AF6-8CD2-D11260DBA3C5}'

Record Number: 34370
Source Name: MsiInstaller
Time Written: 20080921095515.000000-360
Event Type: warning
User: SAGE\Owner

Computer Name: SAGE
Event Code: 1004
Message: Detection of product '{31C50740-FC5A-4C6C-B91B-E3B5DFADC824}', feature 'QuickCam', component '{B52C7B4D-F46F-438C-ADF2-05A138C57757}' failed. The resource 'HKEY_CURRENT_USER\Software\Logitech\QuickCam10\DesktopShortcutKey' does not exist.

Record Number: 34369
Source Name: MsiInstaller
Time Written: 20080921095515.000000-360
Event Type: warning
User: SAGE\Owner

Computer Name: SAGE
Event Code: 1001
Message: Detection of product '{31C50740-FC5A-4C6C-B91B-E3B5DFADC824}', feature 'QuickCam' failed during request for component '{C207503F-9631-4AF6-8CD2-D11260DBA3C5}'

Record Number: 34368
Source Name: MsiInstaller
Time Written: 20080921095515.000000-360
Event Type: warning
User: SAGE\Owner

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\services;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0a00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------


Thanks again :D
Revan77
Regular Member
 
Posts: 15
Joined: January 23rd, 2009, 7:29 pm

Re: HijackThis Log - Help greatly appreciated

Unread postby DFW » January 26th, 2009, 9:52 am

You are running a P2P filesharing programme/s.


IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

LimeWire

This line apears in RSIT Log

C:\Program Files\LimeWire

Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

Go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red) NOW.


Also remove this Malware while you in Add/Remove programs

Advertisement Service

Post back a new HijackThis, so we can continue cleaning your pc,
in black text please, the reg and blue are hard on my poor old eyes ;)
User avatar
DFW
MRU Honors Grad Emeritus
 
Posts: 3229
Joined: September 28th, 2006, 12:23 pm
Location: UK

Re: HijackThis Log - Help greatly appreciated

Unread postby Revan77 » January 26th, 2009, 10:29 pm

I used the different colors to help divide them, but I guess I won't do that. :)

I don't see Limewire in my "Add or Remove Programs" list. I remember downloading it a couple years ago and then deciding not to use it, so I thought I deleted it. Do I need to go somewhere else to delete it?

Also here are a couple other things going on that are problems:

1. When I click on "Local Disk (C:)" on "My Computer" it doesn't do anything/can't get in there.

2. Seems like every time I turn on the computer one of the first things to come up is "aquaplay Setup" as minimized at the bottom.

Again, thank you for your help. :D
Revan77
Regular Member
 
Posts: 15
Joined: January 23rd, 2009, 7:29 pm

Re: HijackThis Log - Help greatly appreciated

Unread postby DFW » January 27th, 2009, 10:43 am

Ok just checking ;) ,we will remove the leftovers soon, did you remove Advertisement Service? as I last posted, we will look into the C Drive problem,
I also see Liveupdate is also running, if you do not use any Symantec or norton software I would uninstall it.



Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.

  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back



please find instructions for Comboxfix below, make sure you turn off
all your real-time protection (Antivirus, Antisptware) so this tool can do it's job, as asked to in the instructions


Download and run Combofix

Download ComboFix from one of these locations:
A word of warning: Please do not run ComboFix on your own. it tool is not a toy and not for everyday use.

Link 1
Link 2
Link 3

IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Very Important!, before running Combofix Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan.
    They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Image

Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you.


Please Post back the log below so we can continue cleaning the system.

Combofix Log C:\ComboFix.txt
A New HijackThis log
SDFix Log
User avatar
DFW
MRU Honors Grad Emeritus
 
Posts: 3229
Joined: September 28th, 2006, 12:23 pm
Location: UK

Re: HijackThis Log - Help greatly appreciated

Unread postby Revan77 » January 27th, 2009, 8:57 pm

Yes, I did remove Advertisement Service and now LiveUpdate

ComboFix 09-01-21.04 - Owner 2009-01-27 17:34:40.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.959.657 [GMT -7:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated)
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\fbk.sts
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\Tvm.log
C:\Documents
c:\program files\Altnet
c:\program files\Altnet\My Altnet Shares\Bullguard Protection\cevakrnl.ivd.cab
c:\program files\Altnet\My Altnet Shares\Bullguard Protection\plugins.cab
c:\program files\Altnet\My Altnet Shares\Bullguard Protection\plugins.cab.cab (incomplete)
c:\program files\Altnet\My Altnet Shares\Bullguard Protection\plugins.cab.cab
c:\program files\Mozilla Firefox\components\iamfamous.dll
c:\program files\Mozilla Firefox\plugins\npclntax.dll
c:\recycler\S-5-9-20-100023341-100010935-100022064-6344.com
c:\recycler\S-8-4-42-100032631-100008643-100000754-5015.com
C:\resycled
c:\resycled\ntldr.com
c:\windows\smdat32m.sys
c:\windows\system32\aapunmfj.dll
c:\windows\system32\acmejo.dll
c:\windows\system32\BeKUxGgh.ini
c:\windows\system32\BeKUxGgh.ini2
c:\windows\system32\bhvzyl.dll
c:\windows\system32\bnssohlb.ini
c:\windows\system32\cgnhhqac.ini
c:\windows\system32\cpkxkqjl.ini
c:\windows\system32\dekqbieq.ini
c:\windows\system32\drivers\seneka.sys
c:\windows\system32\drivers\senekahkyevkfh.sys
c:\windows\system32\egkgceyx.dll
c:\windows\system32\evwnetlm.ini
c:\windows\system32\exeobivw.dll
c:\windows\system32\extcbvnm.dll
c:\windows\system32\eyghwy.dll
c:\windows\system32\fduxmdpf.dll
c:\windows\system32\ffrjhw.dll
c:\windows\system32\gorvwnuo.ini
c:\windows\system32\gufihnwu.dll
c:\windows\system32\iffglofs.ini
c:\windows\system32\iqbcidqk.dll
c:\windows\system32\jscplijf.ini
c:\windows\system32\ketvqu.dll
c:\windows\system32\lcbihe.dll
c:\windows\system32\mgtjbjsb.ini
c:\windows\system32\npoxzf.dll
c:\windows\system32\oiimfycp.dll
c:\windows\system32\okdfon.dll
c:\windows\system32\peahmwpx.dll
c:\windows\system32\rqvmixyh.ini
c:\windows\system32\senekajixdlsqs.dll
c:\windows\system32\tqjdijss.dll
c:\windows\system32\ttnwajgx.ini
c:\windows\system32\ukdqvcnh.ini
c:\windows\system32\vbhfhkmd.ini
c:\windows\system32\vhtximql.ini
c:\windows\system32\vmavvhqn.dll
c:\windows\system32\vowkfc.dll
c:\windows\system32\wdvpbsey.ini
c:\windows\system32\wjnuphbx.ini
c:\windows\system32\wvUlklkk.dll
c:\windows\system32\ybrifjoq.ini
c:\windows\system32\ypyedujl.dll
c:\windows\system32\znrmnh.dll
c:\windows\Tasks\whsplbpv.job
c:\windows\wiaserviv.log
D:\Autorun.inf
d:\recycler\S-5-5-12-100031799-100005520-100011257-4386.com
d:\recycler\S-5-9-20-100023341-100010935-100022064-6344.com
d:\recycler\S-8-4-42-100032631-100008643-100000754-5015.com
D:\resycled
d:\resycled\ntldr.com

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SENEKA


((((((((((((((((((((((((( Files Created from 2008-12-28 to 2009-01-28 )))))))))))))))))))))))))))))))
.

2009-01-27 16:30 . 2009-01-27 16:30 578,560 --a--c--- c:\windows\system32\dllcache\user32.dll
2009-01-27 16:16 . 2009-01-27 16:16 <DIR> d-------- c:\windows\ERUNT
2009-01-27 15:39 . 2009-01-27 17:03 <DIR> d-------- C:\SDFix
2009-01-25 16:31 . 2009-01-25 16:33 <DIR> d-------- C:\rsit
2009-01-25 11:53 . 2009-01-25 11:53 <DIR> d-------- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-01-25 11:52 . 2009-01-25 11:53 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-25 11:52 . 2009-01-25 11:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-25 11:52 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-25 11:52 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-24 00:30 . 2009-01-24 00:30 49,664 --a------ c:\windows\system32\pmnnoOiI.dll
2009-01-23 16:24 . 2009-01-23 16:24 <DIR> d-------- c:\program files\Trend Micro
2009-01-19 20:53 . 2009-01-19 20:53 2,521 --a------ c:\windows\krnl32.exe
2009-01-19 20:53 . 2009-01-25 22:47 3 --a------ c:\windows\drv32.sys
2009-01-18 16:53 . 2009-01-18 16:52 410,984 --a------ c:\windows\system32\deploytk.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-28 00:20 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-01-27 22:35 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-18 23:52 --------- d-----w c:\program files\Java
2009-01-15 04:18 --------- d-----w c:\program files\Soulseek
2008-12-30 01:02 --------- d-----w c:\program files\Common Files\Adobe
2004-09-08 21:27 1,771 -c-h--w c:\documents and settings\All Users\Application Data\mssaru.dat
2004-09-07 21:51 216,030 -c--a-w c:\documents and settings\Owner\Application Data\tvmknwrd.dll
2005-06-28 17:03 9,625 -csha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"SysDriver32"="c:\windows\krnl32.exe" [2009-01-19 2521]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sunkist2k"="c:\program files\Multimedia Card Reader\shwicon2k.exe" [2003-10-29 135168]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2003-11-03 221184]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HPHUPD05"="c:\program files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 49152]
"HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-08-21 483328]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-04-28 323584]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-12-05 3022848]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2006-12-22 497176]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2006-12-22 756248]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992]
"Adobe_ID0EYTHM"="c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 1884160]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-18 136600]
"LTMSG"="LTMSG.exe" [2003-07-14 c:\windows\ltmsg.exe]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 c:\windows\ALCXMNTR.EXE]
"nwiz"="nwiz.exe" [2003-12-05 c:\windows\system32\nwiz.exe]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"SpecifyDefaultButtons"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.VSPX"= vspxvfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Organize.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Shortcut to CircuitCity.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^spamsubtract.lnk]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WT GameChannel

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"c:\\Program Files\\WinMX\\WinMX.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-08-24 97928]
R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-08-24 231704]

--- Other Services/Drivers In Memory ---

*Deregistered* - Dnscache
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - FLEXnet Licensing Service
*Deregistered* - helpsvc
*Deregistered* - iPod Service
*Deregistered* - JavaQuickStarterService
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - LVPrcSrv
*Deregistered* - LVSrvLauncher
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - NVSvc
*Deregistered* - PolicyAgent
*Deregistered* - ProtectedStorage
*Deregistered* - RasMan
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - Spooler
*Deregistered* - srservice
*Deregistered* - stisvc
*Deregistered* - SymWSC
*Deregistered* - TapiSrv
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - W32Time
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - wscsvc
*Deregistered* - WZCSVC

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\ntldr.com c:
\Shell\Open\command - c:\resycled\ntldr.com c:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\ntldr.com d:
\Shell\Open\command - d:\resycled\ntldr.com d:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9b6453fe-6bf4-11dd-9dc0-000ea6880ecb}]
\Shell\AutoRun\command - k:\wd_windows_tools\WDSetup.exe
.
Contents of the 'Scheduled Tasks' folder

2009-01-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
URLSearchHooks-~EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
BHO-{15361C1A-5428-4BDA-B2C9-1F5805C05E44} - c:\windows\system32\hgGxUKeB.dll
WebBrowser-{825CF5BD-8862-4430-B771-0C15C5CA880F} - (no file)
HKCU-Run-ATI Launchpad - (no file)
HKCU-Run-Aim6 - (no file)
HKLM-Run-UpdateManager - c:\program files\Common Files\Sonic\Update Manager\sgtray.exe
HKLM-Run-SpyHunter Security Suite - c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe
HKLM-Run-prunnet - c:\windows\system32\prunnet.exe
HKLM-Run-VTTimer - VTTimer.exe
Notify-jkkHBQGx - jkkHBQGx.dll


.
------- Supplementary Scan -------
.
uStart Page = www.conquerclub.com/
uInternet Settings,ProxyOverride = sas.r4.attbi.com;*.local
uInternet Settings,ProxyServer = sas.r4.attbi.com:8000
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: NameServer = 85.255.116.162,85.255.112.111
TCP: {2BE41984-B389-4D0F-A14D-C0D4D97F0C25} = 85.255.116.162,85.255.112.111
DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - hxxp://download.websearch.com/Dnl/T_50188/QDow_AS2.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\yahg5ylf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.malwareremoval.com/forum/vie ... 31&start=0
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\components\iamfamous.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-27 17:40:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

c:\windows\explorer.exe [1504] 0x85899A50

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\gaopdxserv.sys]
"imagepath"="\systemroot\system32\drivers\gaopdxwwyrfokm.sys"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\rundll32.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\docume~1\Owner\LOCALS~1\Temp\tmp59876.exe
.
**************************************************************************
.
Completion time: 2009-01-27 17:46:34 - machine was rebooted [Owner]
ComboFix-quarantined-files.txt 2009-01-28 00:46:21

Pre-Run: 134,468,911,104 bytes free
Post-Run: 135,100,354,560 bytes free

305 --- E O F --- 2008-11-12 05:39:02




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:51:05 PM, on 1/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\LTMSG.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\krnl32.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.conquerclub.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sas.r4.attbi.com:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = sas.r4.attbi.com;*.local
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SysDriver32] C:\WINDOWS\krnl32.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/ ... 0_0_44.cab
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50188/QDow_AS2.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.104,85.255.112.229
O17 - HKLM\System\CS1\Services\Tcpip\..\{2BE41984-B389-4D0F-A14D-C0D4D97F0C25}: NameServer = 85.255.116.104,85.255.112.229
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 10311 bytes




SDFix: Version 1.240
Run by Owner on Tue 01/27/2009 at 04:33 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\autorun.inf - Deleted
C:\resycled\ntldr.com - Deleted
C:\Program Files\iCheck\Uninstall.exe - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\tmp1.tmp - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\tmp10.tmp - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\tmp11.tmp - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\tmp12.tmp - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\tmp13.tmp - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\tmp14.tmp - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\tmp15.tmp - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\tmp16.tmp - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\tmp17.tmp - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\tmp18.tmp - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\tmp19.tmp - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\tmp1A.tmp - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\tmp1B.tmp - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\tmp2.tmp - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\tmp3.tmp - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\TMP4.tmp - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\tmp5.tmp - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\tmp6.tmp - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\TMP69.tmp - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\tmp6E.tmp - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\TMP7.tmp - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\tmp8.tmp - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\tmp9.tmp - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\tmpA.tmp - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\tmpB.tmp - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\tmpC.tmp - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\tmpD.tmp - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\tmpE.tmp - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\tmpF.tmp - Deleted
C:\WINDOWS\system32\~.exe - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\removalfile.bat - Deleted
C:\WINDOWS\smdat32a.sys - Deleted



Folder C:\Documents and Settings\Owner\Application Data\gadcom - Removed
Folder C:\Program Files\GetModule - Removed
Folder C:\Program Files\iCheck - Removed
Folder C:\Program Files\VirusRemover2008 - Removed
Folder C:\resycled - Removed


Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-27 17:03:27
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

disk error: C:\WINDOWS\system32\config\system, 0
scanning hidden registry entries ...

disk error: C:\WINDOWS\system32\config\software, 0
disk error: C:\Documents and Settings\Owner\ntuser.dat, 0
scanning hidden files ...

disk error: C:\WINDOWS\

please note that you need administrator rights to perform deep scan

Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\eDonkey2000\\edonkey2000.exe"="C:\\Program Files\\eDonkey2000\\edonkey2000.exe:*:Enabled:eDonkey2000 Application"
"C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Real\\RealOne Player\\realplay.exe"="C:\\Program Files\\Real\\RealOne Player\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"="C:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe:*:Enabled:BF1942"
"C:\\Program Files\\Soulseek\\slsk.exe"="C:\\Program Files\\Soulseek\\slsk.exe:*:Enabled:SoulSeek"
"C:\\Program Files\\WinMX\\WinMX.exe"="C:\\Program Files\\WinMX\\WinMX.exe:*:Enabled:WinMX Application"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\WINDOWS\\system32\\InetCntrl\\InetCntrl.exe"="C:\\WINDOWS\\system32\\InetCntrl\\InetCntrl.exe:*:Enabled:Bsecure Internet Protection Services - Application"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"="C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\WINDOWS\\explorer.exe"="C:\\WINDOWS\\explorer.exe:*:Enabled:Windows Explorer"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb"
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:OrbTray"
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Java\\jre1.6.0_07\\launch4j-tmp\\JDownloader.exe"="C:\\Program Files\\Java\\jre1.6.0_07\\launch4j-tmp\\JDownloader.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\\WINDOWS\\system32\\java.exe"="C:\\WINDOWS\\system32\\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Sat 3 Apr 2004 196 A.SHR --- "C:\BOOT.BAK"
Fri 23 Jan 2009 65,536 ..SHR --- "C:\RECYCLER\S-5-9-20-100023341-100010935-100022064-6344.com"
Fri 23 Jan 2009 65,536 ..SHR --- "C:\RECYCLER\S-8-4-42-100032631-100008643-100000754-5015.com"
Sun 13 Apr 2008 1,695,232 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Tue 28 Jun 2005 9,625 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Sat 10 Jul 2004 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 5 Feb 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv03.tmp"
Sat 7 Feb 2004 5,294,080 A..H. --- "C:\hp\patches\42WW1REC\src\App00153.exe"
Sat 7 Feb 2004 452,096 A..H. --- "C:\hp\patches\42WW1REC\src\App00292.exe"
Sat 7 Feb 2004 444,416 A..H. --- "C:\hp\patches\42WW1REC\src\App00491.exe"
Sat 7 Feb 2004 1,838,592 A..H. --- "C:\hp\patches\42WW1REC\src\App02995.exe"
Sat 7 Feb 2004 492,544 A..H. --- "C:\hp\patches\42WW1REC\src\App04827.exe"
Sat 7 Feb 2004 1,401,856 A..H. --- "C:\hp\patches\42WW1REC\src\App05447.exe"
Sat 7 Feb 2004 440,320 A..H. --- "C:\hp\patches\42WW1REC\src\App05705.exe"
Sat 7 Feb 2004 462,848 A..H. --- "C:\hp\patches\42WW1REC\src\App09961.exe"
Sat 7 Feb 2004 15,596,032 A..H. --- "C:\hp\patches\42WW1REC\src\App14604.exe"
Sat 7 Feb 2004 5,256,704 A..H. --- "C:\hp\patches\42WW1REC\src\App16827.exe"
Sat 7 Feb 2004 3,668,992 A..H. --- "C:\hp\patches\42WW1REC\src\App17421.exe"
Tue 10 Feb 2004 696,832 A..H. --- "C:\hp\patches\42WW1REC\src\App18716.exe"
Sat 7 Feb 2004 423,936 A..H. --- "C:\hp\patches\42WW1REC\src\App19169.exe"
Sat 7 Feb 2004 1,157,632 A..H. --- "C:\hp\patches\42WW1REC\src\App19718.exe"
Tue 10 Feb 2004 995,328 A..H. --- "C:\hp\patches\42WW1REC\src\App19895.exe"
Sat 7 Feb 2004 453,632 A..H. --- "C:\hp\patches\42WW1REC\src\App23281.exe"
Sat 7 Feb 2004 453,632 A..H. --- "C:\hp\patches\42WW1REC\src\App24464.exe"
Sat 7 Feb 2004 2,251,776 A..H. --- "C:\hp\patches\42WW1REC\src\App26962.exe"
Sat 7 Feb 2004 481,792 A..H. --- "C:\hp\patches\42WW1REC\src\App29358.exe"
Sat 7 Feb 2004 12,426,752 A..H. --- "C:\hp\patches\42WW1REC\src\App32391.exe"
Sat 7 Feb 2004 12,426,752 A..H. --- "C:\hp\patches\42WW1REC\src\App99990.exe"
Sat 7 Feb 2004 15,596,032 A..H. --- "C:\hp\patches\42WW1REC\src\App99992.exe"
Sat 7 Feb 2004 5,256,704 A..H. --- "C:\hp\patches\42WW1REC\src\App99993.exe"
Sat 7 Feb 2004 5,256,704 A..H. --- "C:\hp\patches\42WW1REC\src\xApp14604.exe"
Sat 10 Jul 2004 4,348 ...H. --- "C:\Documents and Settings\Owner\My Documents\My Music\License Backup\drmv1key.bak"
Sun 11 Jun 2006 20 A..H. --- "C:\Documents and Settings\Owner\My Documents\My Music\License Backup\drmv1lic.bak"
Sat 5 Feb 2005 400 A.SH. --- "C:\Documents and Settings\Owner\My Documents\My Music\License Backup\drmv2key.bak"

Finished!
Revan77
Regular Member
 
Posts: 15
Joined: January 23rd, 2009, 7:29 pm

Re: HijackThis Log - Help greatly appreciated

Unread postby DFW » January 28th, 2009, 12:23 pm

Hi Revan77



Reconfigure Windows XP to show hidden files:
Double-click the My Computer icon on the Windows desktop.
Select the Tools menu and click Folder Options. Select the View Tab.

Under the Hidden files and folders heading select "Show hidden files and folders".
Uncheck the "Hide protected operating system files (recommended)" option.
Uncheck the "Hide file extensions for known file types" option.
Click Yes to confirm. Click OK.


I'd like you to check (a file/some files) for Viruses.

c:\windows\system32\pmnnoOiI.dll

  • Copy/Paste the first file on the list into the white Upload a file box.
  • Click Send/Submit, and the file will upload to VirusTotal/Jotti, where it will be scanned by several anti-virus programmes.
  • After a while, a window will open, with details of what the scans found.
  • Note details of any viruses found.



Open up Hijackthis
Click on do a system scan only.
Place a checkmark next to these lines(if still present)

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKCU\..\Run: [SysDriver32] C:\WINDOWS\krnl32.exe
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - <http://download.websearch.com/Dnl/T_50188/QDow_AS2.cab>


I take it you or your Internet Provider are not based in the Ukraine, if not fix these lines as well.

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.104,85.255.112.229
O17 - HKLM\System\CS1\Services\Tcpip\..\{2BE41984-B389-4D0F-A14D-C0D4D97F0C25}: NameServer = 85.255.116.104,85.255.112.229


Then close all windows except Hijackthis and click Fix Checked


FLUSHDNS

Go start run type cmd and hit OK
type
ipconfig /flushdns
then hit enter, type exit hit enter
(that space between g and / is needed)




  • Very Important!, before running Combofix again Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan.
    They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".


    • Now please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

      Code: Select all
      File::
      c:\windows\krnl32.exe
      c:\windows\drv32.sys
      c:\documents and settings\Owner\Application Data\tvmknwrd.dll
      
      Folder::
      C:\ProgramFiles\LimeWire
      
      Driver::
      gaopdxserv.sys
      
      Rootkit::
      C:\WINDOWS\system32\drivers\gaopdxserv.sys 
      C:\WINDOWSsystem32\drivers\gaopdxwwyrfokm.sys
      
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "krnl32.exe"=-
      [-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\gaopdxserv.sys]
      [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
      [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
      

    • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.


      Image


    • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
    • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
    • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.


CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



Please post back

Combofix Log
A new Hijackthis Log
Information on Scanned file
User avatar
DFW
MRU Honors Grad Emeritus
 
Posts: 3229
Joined: September 28th, 2006, 12:23 pm
Location: UK

Re: HijackThis Log - Help greatly appreciated

Unread postby Revan77 » January 28th, 2009, 7:13 pm

Hey DFW, thanks for sticking with me through this. I appreciate it. :D

ComboFix 09-01-21.04 - Owner 2009-01-28 15:49:24.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.959.664 [GMT -7:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated)

FILE ::
c:\documents and settings\Owner\Application Data\tvmknwrd.dll
c:\windows\drv32.sys
c:\windows\krnl32.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\documents and settings\Owner\Application Data\tvmknwrd.dll
c:\program files\Mozilla Firefox\components\iamfamous.dll
c:\recycler\S-9-3-84-100004877-100030658-100032526-8803.com
C:\resycled
c:\resycled\ntldr.com
c:\windows\drv32.sys
c:\windows\krnl32.exe
c:\windows\system32\drivers\gaopdxppenalhd.sys
c:\windows\system32\drivers\gaopdxqekcpame.sys
c:\windows\system32\drivers\gaopdxqewhvjpf.sys
c:\windows\system32\drivers\gaopdxrmtagvsq.sys
c:\windows\system32\drivers\gaopdxuiinipvf.sys
c:\windows\system32\drivers\gaopdxwwyrfokm.sys
c:\windows\system32\gaopdxrmpfwkpb.dll
D:\Autorun.inf
d:\recycler\S-9-3-84-100004877-100030658-100032526-8803.com
D:\resycled
d:\resycled\ntldr.com

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gaopdxserv.sys


((((((((((((((((((((((((( Files Created from 2008-12-28 to 2009-01-28 )))))))))))))))))))))))))))))))
.

2009-01-27 16:30 . 2009-01-27 16:30 578,560 --a--c--- c:\windows\system32\dllcache\user32.dll
2009-01-27 16:16 . 2009-01-27 16:16 <DIR> d-------- c:\windows\ERUNT
2009-01-27 15:39 . 2009-01-27 17:03 <DIR> d-------- C:\SDFix
2009-01-25 16:31 . 2009-01-25 16:33 <DIR> d-------- C:\rsit
2009-01-25 11:53 . 2009-01-25 11:53 <DIR> d-------- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-01-25 11:52 . 2009-01-25 11:53 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-25 11:52 . 2009-01-25 11:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-25 11:52 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-25 11:52 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-24 00:30 . 2009-01-24 00:30 49,664 --a------ c:\windows\system32\pmnnoOiI.dll
2009-01-23 16:24 . 2009-01-23 16:24 <DIR> d-------- c:\program files\Trend Micro
2009-01-18 16:53 . 2009-01-18 16:52 410,984 --a------ c:\windows\system32\deploytk.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-28 07:36 --------- d-----w c:\program files\HP
2009-01-28 07:35 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-28 07:33 --------- d-----w c:\program files\InterActual
2009-01-28 00:20 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-01-18 23:52 --------- d-----w c:\program files\Java
2009-01-15 04:18 --------- d-----w c:\program files\Soulseek
2008-12-30 01:02 --------- d-----w c:\program files\Common Files\Adobe
2004-09-08 21:27 1,771 -c-h--w c:\documents and settings\All Users\Application Data\mssaru.dat
2005-06-28 17:03 9,625 -csha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2009-01-27_17.42.46.96 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-28 22:54:26 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_390.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sunkist2k"="c:\program files\Multimedia Card Reader\shwicon2k.exe" [2003-10-29 135168]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2003-11-03 221184]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-04-28 323584]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-12-05 3022848]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2006-12-22 497176]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2006-12-22 756248]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992]
"Adobe_ID0EYTHM"="c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 1884160]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-18 136600]
"LTMSG"="LTMSG.exe" [2003-07-14 c:\windows\ltmsg.exe]
"nwiz"="nwiz.exe" [2003-12-05 c:\windows\system32\nwiz.exe]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"SpecifyDefaultButtons"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.VSPX"= vspxvfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Organize.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Shortcut to CircuitCity.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^spamsubtract.lnk]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"c:\\Program Files\\WinMX\\WinMX.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-08-24 97928]
R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-08-24 231704]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\ntldr.com c:
\Shell\Open\command - c:\resycled\ntldr.com c:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\ntldr.com d:
\Shell\Open\command - d:\resycled\ntldr.com d:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9b6453fe-6bf4-11dd-9dc0-000ea6880ecb}]
\Shell\AutoRun\command - k:\wd_windows_tools\WDSetup.exe
.
Contents of the 'Scheduled Tasks' folder

2009-01-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
.
.
------- Supplementary Scan -------
.
uStart Page = http://www.conquerclub.com/
uInternet Settings,ProxyOverride = sas.r4.attbi.com;*.local
uInternet Settings,ProxyServer = sas.r4.attbi.com:8000
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\yahg5ylf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.malwareremoval.com/forum/vie ... 31&start=0
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-28 15:54:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
.
**************************************************************************
.
Completion time: 2009-01-28 15:59:32 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-28 22:59:29
ComboFix2.txt 2009-01-28 00:46:42

Pre-Run: 135,557,943,296 bytes free
Post-Run: 135,543,435,264 bytes free

202 --- E O F --- 2008-11-12 05:39:02



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:02:14 PM, on 1/28/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\LTMSG.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.conquerclub.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sas.r4.attbi.com:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = sas.r4.attbi.com;*.local
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/ ... 0_0_44.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 9665 bytes




Antivirus Version Last Update Result
a-squared 4.0.0.73 2009.01.27 -
AhnLab-V3 5.0.0.2 2009.01.26 -
AntiVir 7.9.0.60 2009.01.26 TR/Crypt.XPACK.Gen
Authentium 5.1.0.4 2009.01.26 -
Avast 4.8.1281.0 2009.01.26 Win32:Monder-IE
AVG 8.0.0.229 2009.01.26 -
BitDefender 7.2 2009.01.27 -
CAT-QuickHeal 10.00 2009.01.27 -
ClamAV 0.94.1 2009.01.27 -
Comodo 947 2009.01.26 -
DrWeb 4.44.0.09170 2009.01.27 -
eSafe 7.0.17.0 2009.01.26 Suspicious File
eTrust-Vet 31.6.6328 2009.01.26 Win32/VundoCryptorE
F-Prot 4.4.4.56 2009.01.26 -
F-Secure 8.0.14470.0 2009.01.27 -
Fortinet 3.117.0.0 2009.01.27 -
GData 19 2009.01.27 Win32:Monder-IE
Ikarus T3.1.1.45.0 2009.01.27 -
K7AntiVirus 7.10.606 2009.01.26 -
Kaspersky 7.0.0.125 2009.01.27 Trojan.Win32.Monderb.agog
McAfee 5507 2009.01.26 Vundo.gen.y
McAfee+Artemis 5507 2009.01.26 Vundo.gen.y
Microsoft 1.4205 2009.01.27 Trojan:Win32/Vundo.IB
NOD32 3802 2009.01.27 -
Norman 5.93.01 2009.01.26 -
nProtect 2009.1.8.0 2009.01.27 -
Panda 9.5.1.2 2009.01.26 -
PCTools 4.4.2.0 2009.01.26 -
Prevx1 V2 2009.01.27 Fraudulent Security Program
Rising 21.13.42.00 2009.01.23 -
SecureWeb-Gateway 6.7.6 2009.01.27 Trojan.Crypt.XPACK.Gen
Sophos 4.37.0 2009.01.27 -
Sunbelt 3.2.1835.2 2009.01.16 -
Symantec 10 2009.01.27 -
TheHacker 6.3.1.5.229 2009.01.26 -
TrendMicro 8.700.0.1004 2009.01.27 -
VBA32 3.12.8.11 2009.01.26 -
ViRobot 2009.1.23.1577 2009.01.26 -
VirusBuster 4.5.11.0 2009.01.26 -

Additional information
File size: 49664 bytes
MD5...: f0b6d77ce5ecdb56c9561b0540608b3a
SHA1..: df9d63e8753b53015e4422037229d5032b7293b3
SHA256: e7860b7d72f41d182037004eecd74348526980d0db0bd58202fdc01a7bfecdf7
SHA512: c368438279765b1c563a692129f16434c450e888174e2d45920cd364327a042c<br>d794c5ea6456f496052bf81cfb0714ecc1f9ed2889fa547902dabb90e0c166e2<br>
ssdeep: 1536:FDPr9LP2yJQ82UQoC133Z7T+cHJunouy8nX:FDDFP2KQUQoC157T+cHJuou<br>tnX<br>
PEiD..: -
TrID..: File type identification<br>UPX compressed Win32 Executable (39.5%)<br>Win32 EXE Yoda's Crypter (34.3%)<br>Win32 Executable Generic (11.0%)<br>Win32 Dynamic Link Library (generic) (9.8%)<br>Generic Win/DOS Executable (2.5%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x100178e0<br>timedatestamp.....: 0x49264f4f (Fri Nov 21 06:03:59 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>UPX0 0x1000 0xc000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>UPX1 0xd000 0xc000 0xb600 7.96 2abe2735f749fc3446332e6cfd3aa100<br>.rsrc 0x19000 0x1000 0x800 3.11 71b5ec2bbd7041c220a714bb82aaaea0<br><br>( 3 imports ) <br>&gt; KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree<br>&gt; advapi32.dll: RegLoadKeyA<br>&gt; user32.dll: EqualRect<br><br>( 3 exports ) <br>ctxnh, fxuvdtqwup, gjmmaihrn<br>
Prevx info: <a href="http://info.prevx.com/aboutprogramtext.asp?PX5=6F4B585900DA9E78C26700FF76D5AB00AEDFCCF7" target="_blank">http://info.prevx.com/aboutprogramtext.asp?PX5=6F4B585900DA9E78C26700FF76D5AB00AEDFCCF7</a>
packers (F-Prot): UPX_LZMA
packers (Avast): UPX
Revan77
Regular Member
 
Posts: 15
Joined: January 23rd, 2009, 7:29 pm

Re: HijackThis Log - Help greatly appreciated

Unread postby DFW » January 28th, 2009, 8:03 pm

Update Adobe Reader

  1. Please uninstall Adobe Reader 8.1.2 before installing the latest version by going to Start > Control Panel and double clicking on Add/Remove Programs. Locate Adobe Reader 8.1.2 and click on Change/Remove to uninstall it.
  2. Click here to download the latest version of Adobe Acrobat Reader.
  3. Select your Windows version and click on Download. If you are using Internet Explorer, you will receive prompts. Allow the installation to be ran and it will be installed automatically for you.

    If you are using other browsers, it will prompt you to save a file. Save this file to your desktop and run it to install the latest version of Adobe Reader.
  4. Close your Internet browser and open it again.


Also while you are in add/remove programs please remove Java(TM) 6 Update 7, as you have the java(TM) 6 11 installed




  • Very Important!, before running Combofix again Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan.
    They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".


    • Now please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

      Code: Select all
      File::
      c:\windows\system32\pmnnoOiI.dll
      
      

    • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.


      Image


    • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
    • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
    • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.


CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



Please post back

Combofix Log
A new Hijackthis Log
User avatar
DFW
MRU Honors Grad Emeritus
 
Posts: 3229
Joined: September 28th, 2006, 12:23 pm
Location: UK

Re: HijackThis Log - Help greatly appreciated

Unread postby Revan77 » January 28th, 2009, 8:42 pm

ComboFix 09-01-21.04 - Owner 2009-01-28 17:35:20.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.959.634 [GMT -7:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Created a new restore point

FILE ::
c:\windows\system32\pmnnoOiI.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\pmnnoOiI.dll

.
((((((((((((((((((((((((( Files Created from 2008-12-28 to 2009-01-29 )))))))))))))))))))))))))))))))
.

2009-01-28 17:17 . 2009-01-28 17:17 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2009-01-27 16:30 . 2009-01-27 16:30 578,560 --a--c--- c:\windows\system32\dllcache\user32.dll
2009-01-27 16:16 . 2009-01-27 16:16 <DIR> d-------- c:\windows\ERUNT
2009-01-27 15:39 . 2009-01-27 17:03 <DIR> d-------- C:\SDFix
2009-01-25 16:31 . 2009-01-25 16:33 <DIR> d-------- C:\rsit
2009-01-25 11:53 . 2009-01-25 11:53 <DIR> d-------- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-01-25 11:52 . 2009-01-25 11:53 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-25 11:52 . 2009-01-25 11:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-25 11:52 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-25 11:52 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-23 16:24 . 2009-01-23 16:24 <DIR> d-------- c:\program files\Trend Micro
2009-01-18 16:53 . 2009-01-18 16:52 410,984 --a------ c:\windows\system32\deploytk.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-28 07:36 --------- d-----w c:\program files\HP
2009-01-28 07:35 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-28 07:33 --------- d-----w c:\program files\InterActual
2009-01-28 00:20 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-01-18 23:52 --------- d-----w c:\program files\Java
2009-01-15 04:18 --------- d-----w c:\program files\Soulseek
2008-12-30 01:02 --------- d-----w c:\program files\Common Files\Adobe
2008-11-12 05:17 499,712 ----a-w c:\windows\system32\msvcp71.dll
2008-11-12 05:17 348,160 ----a-w c:\windows\system32\msvcr71.dll
2004-09-08 21:27 1,771 -c-h--w c:\documents and settings\All Users\Application Data\mssaru.dat
2005-06-28 17:03 9,625 -csha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2009-01-27_17.42.46.96 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-12 22:06:42 295,606 ----a-r c:\windows\Installer\{AC76BA86-7AD7-1033-7B44-A90000000001}\SC_Reader.exe
+ 2009-01-29 00:31:06 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_280.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sunkist2k"="c:\program files\Multimedia Card Reader\shwicon2k.exe" [2003-10-29 135168]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2003-11-03 221184]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-04-28 323584]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-12-05 3022848]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2006-12-22 497176]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2006-12-22 756248]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992]
"Adobe_ID0EYTHM"="c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 1884160]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-18 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"LTMSG"="LTMSG.exe" [2003-07-14 c:\windows\ltmsg.exe]
"nwiz"="nwiz.exe" [2003-12-05 c:\windows\system32\nwiz.exe]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"SpecifyDefaultButtons"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.VSPX"= vspxvfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Organize.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Shortcut to CircuitCity.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^spamsubtract.lnk]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"c:\\Program Files\\WinMX\\WinMX.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-08-24 97928]
R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-08-24 231704]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\ntldr.com c:
\Shell\Open\command - c:\resycled\ntldr.com c:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\ntldr.com d:
\Shell\Open\command - d:\resycled\ntldr.com d:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9b6453fe-6bf4-11dd-9dc0-000ea6880ecb}]
\Shell\AutoRun\command - k:\wd_windows_tools\WDSetup.exe
.
Contents of the 'Scheduled Tasks' folder

2009-01-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
.
.
------- Supplementary Scan -------
.
uStart Page = www.conquerclub.com/
uInternet Settings,ProxyOverride = sas.r4.attbi.com;*.local
uInternet Settings,ProxyServer = sas.r4.attbi.com:8000
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\yahg5ylf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.malwareremoval.com/forum/vie ... 31&start=0
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-28 17:38:29
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-01-28 17:40:21
ComboFix-quarantined-files.txt 2009-01-29 00:39:50
ComboFix2.txt 2009-01-28 22:59:33
ComboFix3.txt 2009-01-28 00:46:42

Pre-Run: 135,168,012,288 bytes free
Post-Run: 135,150,813,184 bytes free

167 --- E O F --- 2008-11-12 05:39:02





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:41:29 PM, on 1/28/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\LTMSG.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.conquerclub.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sas.r4.attbi.com:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = sas.r4.attbi.com;*.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/ ... 0_0_44.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 9599 bytes
Revan77
Regular Member
 
Posts: 15
Joined: January 23rd, 2009, 7:29 pm

Re: HijackThis Log - Help greatly appreciated

Unread postby DFW » January 29th, 2009, 6:19 am

Hi Revan77

Are you still having problems with your C Drive ??.



Please download ATF Cleaner here by Atribune.

  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Recommend UNCHECKING COOKIES if you rely on system remembered passwords.
  • Click the Empty Selected button.

    If you use Firefox browser
  • Click Firefox at the top and choose: Select All EXCEPT FIREFOX SAVED PASSWORDS
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    If you use Opera browser
  • Click Opera at the top and choose: Select All EXCEPT COOKIES AND SAVED PASSWORDS
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your cookies and saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.





  • Download GMER by GMER from one of the links below:
    Link1
    Link2
  • Unzip it to a folder on your desktop
  • Double click on gmer.exe to launch GMER
  • If asked, allow the gmer.sys driver load
  • If it warns you about rootkit activity and asks if you want to run scan, click OK
  • If you don't get a warning then

    • Click the rootkit tab
    • Click Scan
  • Once the scan has finished, click copy
  • Paste the log into notepad using Ctrl+V
  • Save it to your desktop as gmerrk.txt
  • Click on the >>> tab
  • This will open up the rest of the tabs for you
  • Click on the Autostart tab
  • Click on Scan
  • Once the scan has finished, click copy
  • Paste the log into notepad using Ctrl+V
  • Save it to your desktop as gmerautos.txt
  • Copy and paste the contents of gmerautos.txt and gmerrk.txt as a reply to this topic
User avatar
DFW
MRU Honors Grad Emeritus
 
Posts: 3229
Joined: September 28th, 2006, 12:23 pm
Location: UK

Re: HijackThis Log - Help greatly appreciated

Unread postby Revan77 » January 29th, 2009, 7:01 pm

Hello DFW, I can now get into my C drive, so that problem seems to be fixed. Thank you

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-01-29 15:57:36
Windows 5.1.2600 Service Pack 3


---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\WINDOWS\Explorer.EXE[1528] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [02462EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1528] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [02462C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1528] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [02462C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1528] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [02462C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam10\QuickCam10.exe[1880] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [02C32EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam10\QuickCam10.exe[1880] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [02C32C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam10\QuickCam10.exe[1880] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [02C32C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam10\QuickCam10.exe[1880] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [02C32C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wscntfy.exe[2576] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wscntfy.exe[2576] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wscntfy.exe[2576] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00802C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wscntfy.exe[2576] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2908] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003D2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2908] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003D2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2908] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003D2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2908] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003D2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3712] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00AE2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3712] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00AE2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3712] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00AE2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3712] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00AE2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Owner\Desktop\gmer.exe[3768] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Owner\Desktop\gmer.exe[3768] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Owner\Desktop\gmer.exe[3768] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00802C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Owner\Desktop\gmer.exe[3768] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs F21AF400

---- EOF - GMER 1.0.14 ----




GMER 1.0.14.14536 - http://www.gmer.net
Autostart scan 2009-01-29 15:58:47
Windows 5.1.2600 Service Pack 3


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
avgrsstarter@DLLName = avgrsstx.dll
dimsntfy@DLLName = %SystemRoot%\System32\dimsntfy.dll
igfxcui@DLLName = igfxsrvc.dll
WgaLogon@DLLName = WgaLogon.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
Apple Mobile Device@ = "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
Ati HotKey Poller@ = %SystemRoot%\system32\Ati2evxx.exe
ATI Smart@ = C:\WINDOWS\system32\ati2sgag.exe
avg8wd@ = C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
Bonjour Service@ = "C:\Program Files\Bonjour\mDNSResponder.exe"
JavaQuickStarterService@ = "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
LVPrcSrv@ = c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
LVSrvLauncher@ = C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
NVSvc@ = %SystemRoot%\System32\nvsvc32.exe
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@Sunkist2kC:\Program Files\Multimedia Card Reader\shwicon2k.exe = C:\Program Files\Multimedia Card Reader\shwicon2k.exe
@RecguardC:\WINDOWS\SMINST\RECGUARD.EXE = C:\WINDOWS\SMINST\RECGUARD.EXE
@LTMSGLTMSG.exe 7 = LTMSG.exe 7
@hpsysdrvc:\windows\system\hpsysdrv.exe = c:\windows\system\hpsysdrv.exe
@ATIPTAC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe = C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
@NvCplDaemonRUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
@nwiznwiz.exe /installquiet /keeploaded /nodetect = nwiz.exe /installquiet /keeploaded /nodetect
@LogitechCommunicationsManager"C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" = "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
@LogitechQuickCamRibbon"C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide = "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
@GrooveMonitor"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" = "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
@Acrobat Assistant 8.0"C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" = "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
@Adobe_ID0EYTHMC:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE = C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
@AVG8_TRAYC:\PROGRA~1\AVG\AVG8\avgtray.exe = C:\PROGRA~1\AVG\AVG8\avgtray.exe
@QuickTime Task"C:\Program Files\QuickTime\QTTask.exe" -atboottime = "C:\Program Files\QuickTime\QTTask.exe" -atboottime
@iTunesHelper"C:\Program Files\iTunes\iTunesHelper.exe" = "C:\Program Files\iTunes\iTunesHelper.exe"
@SunJavaUpdateSched"C:\Program Files\Java\jre6\bin\jusched.exe" = "C:\Program Files\Java\jre6\bin\jusched.exe"
@Adobe Reader Speed Launcher"C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" = "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

HKCU\Software\Microsoft\Windows\CurrentVersion\Run@ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad@WPDShServiceObj = C:\WINDOWS\system32\WPDShServiceObj.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks@{B5A7F190-DDA6-4420-B3BA-52453494E6CD} = C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Display Panning CPL Extension*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{88895560-9AA2-1069-930E-00AA0030EBC8} /*HyperTerminal Icon Ext*/C:\WINDOWS\System32\hticons.dll /*file not found*/ = C:\WINDOWS\System32\hticons.dll /*file not found*/
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{32683183-48a0-441b-a342-7c2a440a9478} /*Media Band*/(null) =
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{DEE12703-6333-4D4E-8F34-738C4DCC2E04} /*RecordNow! SendToExt*/c:\Program Files\RecordNow!\shlext.dll = c:\Program Files\RecordNow!\shlext.dll
@{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /*Shell Extensions for RealOne Player*/C:\Program Files\Real\RealPlayer\rpshell.dll = C:\Program Files\Real\RealPlayer\rpshell.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Web Folders*/C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSONSEXT.DLL = C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSONSEXT.DLL
@{7F67036B-66F1-411A-AD85-759FB9C5B0DB} /*SampleView*/C:\WINDOWS\System32\ShellvRTF.dll = C:\WINDOWS\System32\ShellvRTF.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Program Files\WinRAR\rarext.dll = C:\Program Files\WinRAR\rarext.dll
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/C:\WINDOWS\system32\twext.dll = C:\WINDOWS\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/C:\WINDOWS\system32\twext.dll = C:\WINDOWS\system32\twext.dll
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\system32\extmgr.dll = C:\WINDOWS\system32\extmgr.dll
@{5464D816-CF16-4784-B9F3-75C0DB52B499} /*Yahoo! Mail*/C:\PROGRA~1\Yahoo!\Common\ymmapi2005010104.dll = C:\PROGRA~1\Yahoo!\Common\ymmapi2005010104.dll
@{1CDB2949-8F65-4355-8456-263E7C208A5D} /*Desktop Explorer*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A47} /*Desktop Explorer Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A48} /*nView Desktop Context Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll = C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll
@{72853161-30C5-4D22-B7F9-0BBC1D38A37E} /*Groove GFS Browser Helper*/(null) =
@{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} /*Groove GFS Explorer Bar*/C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL = C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
@{A449600E-1DC6-4232-B948-9BD794D62056} /*Groove GFS Stub Icon Handler*/C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL = C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
@{B5A7F190-DDA6-4420-B3BA-52453494E6CD} /*Groove GFS Stub Execution Hook*/C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL = C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
@{6C467336-8281-4E60-8204-430CED96822D} /*Groove GFS Context Menu Handler*/C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL = C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
@{387E725D-DC16-4D76-B310-2C93ED4752A0} /*Groove XML Icon Handler*/C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL = C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
@{16F3DD56-1AF5-4347-846D-7C10C4192619} /*Groove Explorer Icon Overlay 3 (GFS Folder)*/C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL = C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
@{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} /*Groove Explorer Icon Overlay 2 (GFS Stub)*/C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL = C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
@{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} /*Groove Explorer Icon Overlay 4 (GFS Unread Mark)*/C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL = C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
@{99FD978C-D287-4F50-827F-B2C658EDA8E7} /*Groove Explorer Icon Overlay 1 (GFS Unread Stub)*/C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL = C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
@{920E6DB1-9907-4370-B3A0-BAFC03D81399} /*Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)*/C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL = C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Office Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~3\Office12\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~3\Office12\OLKFSTUB.DLL
@{00020D75-0000-0000-C000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/C:\PROGRA~1\MICROS~3\Office12\MLSHEXT.DLL = C:\PROGRA~1\MICROS~3\Office12\MLSHEXT.DLL
@{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} /*Microsoft Office OneNote Namespace Extension for Windows Desktop Search*/C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL = C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Program Files\Microsoft Office\Office12\msohevi.dll = C:\Program Files\Microsoft Office\Office12\msohevi.dll
@{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} /*Microsoft Office Metadata Handler*/C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
@{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} /*Microsoft Office Thumbnail Handler*/C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
@{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} /*Adobe.Acrobat.ContextMenu*/C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll = C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll
@{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE Microsoft BrowserBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE Fade Task*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE Menu Desk Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3028902F-6374-48b2-8DC6-9725E775B926} /*IE AutoComplete*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE Navigation Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE Menu Site*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE Menu Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE Microsoft History AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE Tracking Shell Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE IShellFolderBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE BandProxy*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE MRU AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE RSS Feeder Folder*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE Microsoft Shell Folder AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE Microsoft Multiple AutoComplete List Container*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} /*Microsoft Browser Architecture*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE Shell Rebar BandSite*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE Shell Band Site Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F2CF5485-4E02-4f68-819C-B92DE9277049} /*&Links*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE Registry Tree Options Utility*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE User Assist*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE Custom MRU AutoCompleted List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable Devices*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable Devices Menu*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} /*AVG8 Shell Extension*/C:\Program Files\AVG\AVG8\avgse.dll = C:\Program Files\AVG\AVG8\avgse.dll
@{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} /*AVG8 Find Extension*/(null) =
@{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} /*iTunes*/C:\Program Files\iTunes\iTunesMiniPlayer.dll = C:\Program Files\iTunes\iTunesMiniPlayer.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
Adobe.Acrobat.ContextMenu@{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} = C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll
AVG8 Shell Extension@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\AVG\AVG8\avgse.dll
HJConvert@{303FEFF1-6ABA-11D3-90E4-0090272D53E3} = C:\Program Files\IMSI\HiJaak Image Manager Browser 1.5\ShellExt.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
XXX Groove GFS Context Menu Handler XXX@{6C467336-8281-4E60-8204-430CED96822D} = C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
Yahoo! Mail@{5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\PROGRA~1\Yahoo!\Common\ymmapi2005010104.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
XXX Groove GFS Context Menu Handler XXX@{6C467336-8281-4E60-8204-430CED96822D} = C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
Adobe.Acrobat.ContextMenu@{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} = C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll
AVG8 Shell Extension@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\AVG\AVG8\avgse.dll
HJConvert@{303FEFF1-6ABA-11D3-90E4-0090272D53E3} = C:\Program Files\IMSI\HiJaak Image Manager Browser 1.5\ShellExt.dll
MBAMShlExt@{57CE581A-0CB6-4266-9CA0-19364C90A0B3} = C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
XXX Groove GFS Context Menu Handler XXX@{6C467336-8281-4E60-8204-430CED96822D} = C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{18DF081C-E8AD-4283-A596-FA578C2EBDC3}C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
@{53707962-6F74-2D53-2644-206D7942484F}C:\PROGRA~1\SPYBOT~1\SDHelper.dll = C:\PROGRA~1\SPYBOT~1\SDHelper.dll
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}C:\Program Files\Java\jre6\bin\ssv.dll = C:\Program Files\Java\jre6\bin\ssv.dll
@{9030D464-4C02-4ABF-8ECC-5164760863C6}C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
@{DBC80044-A445-435b-BC74-9C25C1C588A9}C:\Program Files\Java\jre6\bin\jp2ssv.dll = C:\Program Files\Java\jre6\bin\jp2ssv.dll
@{E7E6F031-17CE-4C07-BC86-EABFE594F69C}C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll = C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Start Pagehttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagewww.conquerclub.com/ = http://www.conquerclub.com/
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
grooveLocalGWS@CLSID = C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
its@CLSID = c:\WINDOWS\System32\ITSS.DLL
linkscanner@CLSID = C:\Program Files\AVG\AVG8\avgpp.dll
livecall@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll
ms-help@CLSID = C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
ms-its@CLSID = c:\WINDOWS\System32\ITSS.DLL
msnim@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
wia@CLSID = C:\WINDOWS\System32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004@LibraryPath = C:\Program Files\Bonjour\mdnsNSP.dll

C:\Documents and Settings\Owner\Start Menu\Programs\Startup = OneNote 2007 Screen Clipper and Launcher.lnk

---- EOF - GMER 1.0.14 ----
Revan77
Regular Member
 
Posts: 15
Joined: January 23rd, 2009, 7:29 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: M2Judy, pgmigg and 30 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware