Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Total Secure 2009

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Total Secure 2009

Unread postby diablo343 » November 1st, 2008, 2:54 pm

I received the malware Total Secure 2009. I was able to get it deleted using Spybot and AdAware but I'm still having some phantom slowdowns and while using the internet I will randomly get pages opening that I didn't open. I'm on Windows XP and I am fairly fluent with computers. Here is my HijackThis file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:48:40 PM, on 11/1/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Curse\CurseClient.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: 69.253.151.209 idenupdate.motorola.com
O1 - Hosts: 216.19.0.250 idenupdate.motorola.com
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Cleanup] C:\DOCUME~1\Ryan\LOCALS~1\Temp\2008118131844_mcappins.exe /v=3 /cleanup
O4 - HKLM\..\Run: [msci] C:\DOCUME~1\Ryan\LOCALS~1\Temp\200811813187_mcinfo.exe /insfin
O4 - HKLM\..\Run: [OpenDNS Update] "C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9375] command /c del "C:\WINDOWS\system32\mlJApPjJ.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2511] cmd /c del "C:\WINDOWS\system32\mlJApPjJ.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3132] command /c del "C:\WINDOWS\system32\ddcCuVmJ.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7066] cmd /c del "C:\WINDOWS\system32\ddcCuVmJ.dll_old"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe -silent
O4 - HKCU\..\Run: [TotalSecure2009] C:\Program Files\TS-2009\scan.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB1645] command /c del "C:\WINDOWS\system32\ddcCuVmJ.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3100] cmd /c del "C:\WINDOWS\system32\ddcCuVmJ.dll_old"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v ... b56649.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O20 - AppInit_DLLs: pfgxgs.dll stsffy.dll ivuoaw.dll dllbfy.dll idixdi.dll jhhoik.dll lscehf.dll vliprn.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 5699 bytes
diablo343
Active Member
 
Posts: 8
Joined: November 1st, 2008, 2:46 pm
Advertisement
Register to Remove

Re: Total Secure 2009

Unread postby Odd dude » November 1st, 2008, 3:25 pm

Hello and welcome to the forums!

I'm Odd dude, pleased to meet you; if it helps, you can call me OD ;). I will be helping you with your infection. However, it is important to take note of ten things - quite the wall of text, I know, but please bear with me:

  • Logs from malware removal programs (Hijackthis is one of them) can take some time to analyze. I need you to be patient whilst I analyze any logs you post.
  • Please carefully read any instruction that I give you.
    Reading too lightly will cause you to miss important steps, which could have destructive effects.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • Only YOU must use these instructions, they are not suitable for any other computer with similar problems.
  • Do not do things I do not ask for, such as running a spyware scan. The one thing you should always do, though, is making sure that your antivirus definitions are up-to-date!
  • If I tell you to download a tool which you already have, please re-download it and do not use the copy you already have. This is because the tools are updated regularly.
  • In Windows Vista, all tools need to be started by right clicking and selecting Run as administrator!
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you were to do the same. From this point, we're in this together ;)
  • As I am still in training at the Malware Removal University, anything I do must be checked by an experienced malware fighter. This means there might be a slight delay in my answers.
  • Lastly, I am no magican. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system. Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

I am now analyzing your situation and hope to be back with you soon. While I am reviewing your situation, could you please do the following for me:

Make an Uninstall List
I need you to create an uninstall list so I can further analyze your situation.

  • Start HijackThis.
  • Click Open the Misc Tools section
  • Click Open Uninstall Manager
  • Click Save list...
  • Save the list to your desktop, or any other convenient place.
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: Total Secure 2009

Unread postby diablo343 » November 1st, 2008, 4:22 pm

When I click on Save list.... it closes the program and doesn't give me an option to save the list.
diablo343
Active Member
 
Posts: 8
Joined: November 1st, 2008, 2:46 pm

Re: Total Secure 2009

Unread postby Odd dude » November 2nd, 2008, 8:53 am

OK, then we will continue without the uninstall list. It's not required, just makes things a bit easier.

I will have instructions for you soon :)
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: Total Secure 2009

Unread postby Odd dude » November 2nd, 2008, 10:01 am

Hi diablo343

Malwarebytes' Anti-Malware
I need you to download Malwarebytes' Anti-Malware.

  • Install the program by following the prompts after double-clicking on mbam-setup.exe
  • Once you approach the final installation screen, put a check next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish
  • MBAM (that's an acronym of Malwarebytes' Anti-Malware) will now start. Choose Perform full scan and click Scan
  • Get a cup of coffee/tea/hot chocolate and watch some TV for about an hour.
  • Once the scan has finished, click OK, then Show Results.
  • Put a check next to everything, then click Remove selected.
  • Now, a log will open. Save this to your desktop and post it. Do not attach it.

Fixing malicious lines in Hijackthis
You must fix some malicious entries using Hijackthis.

  • Start HijackThis
  • Click Do a system scan only
  • Put a check next to the following items. If one of them isn't present, don't worry, just proceed to the next one.
      R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
      O1 - Hosts: 69.253.151.209 idenupdate.motorola.com
      O1 - Hosts: 216.19.0.250 idenupdate.motorola.com
      O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
      O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
      O4 - HKLM\..\RunOnce: [SpybotDeletingA9375] command /c del "C:\WINDOWS\system32\mlJApPjJ.dll_old"
      O4 - HKLM\..\RunOnce: [SpybotDeletingC2511] cmd /c del "C:\WINDOWS\system32\mlJApPjJ.dll_old"
      O4 - HKLM\..\RunOnce: [SpybotDeletingA3132] command /c del "C:\WINDOWS\system32\ddcCuVmJ.dll_old"
      O4 - HKLM\..\RunOnce: [SpybotDeletingC7066] cmd /c del "C:\WINDOWS\system32\ddcCuVmJ.dll_old"
      O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
      O20 - AppInit_DLLs: pfgxgs.dll stsffy.dll ivuoaw.dll dllbfy.dll idixdi.dll jhhoik.dll lscehf.dll vliprn.dll
  • Make sure that all other open windows are closed!
  • Press Fix checked.

Reboot.

Please post back:

- Log from Malwarebytes' Anti-Malware
- New hijackthis log
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: Total Secure 2009

Unread postby diablo343 » November 2nd, 2008, 2:01 pm

Malwarebytes' Anti-Malware 1.30
Database version: 1356
Windows 5.1.2600 Service Pack 3

11/2/2008 12:51:16 PM
mbam-log-2008-11-02 (12-51-16).txt

Scan type: Full Scan (C:\|)
Objects scanned: 111190
Time elapsed: 1 hour(s), 26 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 12
Registry Keys Infected: 48
Registry Values Infected: 3
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 93

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\awtrrqoo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\pfgxgs.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\stsffy.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ivuoaw.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\idixdi.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\jhhoik.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\lscehf.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\vliprn.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\zmhxtx.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\gzipmod.dll (Spyware.Goldun) -> Delete on reboot.
C:\WINDOWS\system32\qoMeDSkJ.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\sysbase32.dll (Trojan.FakeAlert) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{420959a7-1b3f-49ee-848e-6de631a39223} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\qomedskj (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{420959a7-1b3f-49ee-848e-6de631a39223} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b29d7145-425a-488e-b263-565c7735a81f} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{b29d7145-425a-488e-b263-565c7735a81f} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{d76a9c97-3893-4f31-93ea-db9a6f7ac2d0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5b6ce058-e478-44c8-85a2-3e1c15a65f3e} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{09112111-c29b-415b-89ad-43330816d56a} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d2c28666-f7c8-4a3e-b752-d3be8a4c0dce} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cfc6c1e8-c41e-40eb-8a6a-3485b8af6ee9} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4aefbbb0-841e-48eb-8cbb-11fbf33e6f54} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d63a7596-e9f8-4679-8ed4-9feec9bc026e} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6ae6e204-bc13-43de-8ed5-e326c70e2472} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\gzipmod (Spyware.Goldun) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{420959a7-1b3f-49ee-848e-6de631a39223} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b29d7145-425a-488e-b263-565c7735a81f} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{10026069-7a5f-4531-811e-c8df20643bee} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d71c4af2-9e0d-4eb3-98a6-f542e6f360d9} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c420cf9f-d9d6-421f-958f-aa59906c2b12} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c420cf9f-d9d6-421f-958f-aa59906c2b12} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c420cf9f-d9d6-421f-958f-aa59906c2b12} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\lospn (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\lsksaq.bho (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{21dc40e5-67b1-4301-9440-be5d2b46e3bd} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{a795d1ee-e258-491d-97fd-044d562b032e} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{822ca760-70e8-4b5a-b356-9ad09f31aecc} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{639f4f03-a901-4ac7-8f5a-7200949621b6} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{4cfc3ac6-5c4a-43e8-8066-b20c55b0b91a} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{01abeea5-df89-462d-a641-82d13bb82676} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f6a46966-773b-45dd-91c2-d0ddbdca613c} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{65c7685b-4229-4dc6-ae85-01b06204304f} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\wvfsrqab.bdrm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\wvfsrqab.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{420959a7-1b3f-49ee-848e-6de631a39223} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\TotalSecure2009 (Rogue.TotalSecure) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\awtrrqoo -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\awtrrqoo -> Delete on reboot.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\qoMeDSkJ.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\awtrrqoo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ooqrrtwa.ini (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ooqrrtwa.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\croblyef.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\feylborc.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ddcBusRL.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LRsuBcdd.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LRsuBcdd.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eungwylh.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hlywgnue.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\grbnqrfp.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pfrqnbrg.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gruqgsgo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ogsgqurg.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jciaiawt.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\twaiaicj.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\thvrllkd.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dkllrvht.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vtUlJbXq.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qXbJlUtv.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qXbJlUtv.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\mrxdavv.sys (Rootkit.Agent.H) -> Delete on reboot.
C:\WINDOWS\system32\pfgxgs.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\stsffy.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ivuoaw.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\idixdi.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\jhhoik.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\lscehf.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\vliprn.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\zmhxtx.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\gzipmod.dll (Spyware.Goldun) -> Delete on reboot.
C:\WINDOWS\system32\sysbase32.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
C:\MediaTube_ver1.1573.1.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\StarCodec_ver1.5897.0.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Local Settings\Temporary Internet Files\Content.IE5\6POZ2V8Z\CAOXW9O3 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Local Settings\Temporary Internet Files\Content.IE5\6POZ2V8Z\CA6745AH (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Local Settings\Temporary Internet Files\Content.IE5\SRIFKNU9\nd82m0[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Local Settings\Temporary Internet Files\Content.IE5\SRIFKNU9\4l1gd[1].dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Local Settings\Temporary Internet Files\Content.IE5\SRIFKNU9\CAMJWDY3 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Local Settings\Temporary Internet Files\Content.IE5\SRIFKNU9\upd105320[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Local Settings\Temporary Internet Files\Content.IE5\YFWR2NSP\CAY7LL3O (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Local Settings\Temporary Internet Files\Content.IE5\YFWR2NSP\CABN23TU (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\mr.exe (Backdoor.Haxdoor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\pwrmgr.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\BIT1FC.tmp (Trojan.Boaxxe) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temporary Internet Files\Content.IE5\514ZZGFS\upd105320[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temporary Internet Files\Content.IE5\9W8FHT4W\TotalSecure2009[2].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temporary Internet Files\Content.IE5\9W8FHT4W\CACTUBW5 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temporary Internet Files\Content.IE5\AT8B6DIT\kb20010911[1] (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temporary Internet Files\Content.IE5\AT8B6DIT\4l1gd[1].dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temporary Internet Files\Content.IE5\GXYF4HEB\nd82m0[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2C0F1277-76C0-4186-A509-CE72E8DD0095}\RP256\A0112163.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2C0F1277-76C0-4186-A509-CE72E8DD0095}\RP257\A0112196.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2C0F1277-76C0-4186-A509-CE72E8DD0095}\RP257\A0112198.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2C0F1277-76C0-4186-A509-CE72E8DD0095}\RP257\A0112199.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2C0F1277-76C0-4186-A509-CE72E8DD0095}\RP257\A0112201.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2C0F1277-76C0-4186-A509-CE72E8DD0095}\RP257\A0112202.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2C0F1277-76C0-4186-A509-CE72E8DD0095}\RP257\A0112203.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2C0F1277-76C0-4186-A509-CE72E8DD0095}\RP257\A0112211.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2C0F1277-76C0-4186-A509-CE72E8DD0095}\RP257\A0112212.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2C0F1277-76C0-4186-A509-CE72E8DD0095}\RP257\A0112213.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2C0F1277-76C0-4186-A509-CE72E8DD0095}\RP260\A0113444.exe (Rogue.TotalSecure) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2C0F1277-76C0-4186-A509-CE72E8DD0095}\RP260\A0113445.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2C0F1277-76C0-4186-A509-CE72E8DD0095}\RP265\A0115989.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2C0F1277-76C0-4186-A509-CE72E8DD0095}\RP267\A0116966.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2C0F1277-76C0-4186-A509-CE72E8DD0095}\RP267\A0116967.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\wfexqnrp.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\WINDOWS\enxa.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fiovwdqp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tduuosut.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fccyxvuu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iofftoud.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tngxstyu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jqnweoce.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sohbwiny.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qedwudce.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\twhbefhw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\udhywtgi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\k86.bin (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\hosts (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hosts (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vbagz.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\emnvoqgx.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\wvfsrqab.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\rsdgbtkqxve.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\k.txt (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Application Data\Adobe\Player.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\s1402.php (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\MediaCodec_Part1.5007.0.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ryan\Local Settings\Temp\MediaCodec_Part1.6601.0.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:00:38 PM, on 11/2/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Curse\CurseClient.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {420959A7-1B3F-49EE-848E-6DE631A39223} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {A7BF3E00-225A-4D77-A556-872B792D9565} - (no file)
O2 - BHO: (no name) - {BCD7ACE9-6AA6-4161-A630-66D2A8DDA8C3} - (no file)
O2 - BHO: (no name) - {C420CF9F-D9D6-421F-958F-AA59906C2B12} - (no file)
O2 - BHO: (no name) - {DE9942F3-716A-4970-82A4-6A35CDE1A1A6} - (no file)
O2 - BHO: (no name) - {ED2AB80A-3A44-4999-A7A6-2239947EA6E8} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Cleanup] C:\DOCUME~1\Ryan\LOCALS~1\Temp\2008118131844_mcappins.exe /v=3 /cleanup
O4 - HKLM\..\Run: [msci] C:\DOCUME~1\Ryan\LOCALS~1\Temp\200811813187_mcinfo.exe /insfin
O4 - HKLM\..\Run: [OpenDNS Update] "C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9375] command /c del "C:\WINDOWS\system32\mlJApPjJ.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2511] cmd /c del "C:\WINDOWS\system32\mlJApPjJ.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3132] command /c del "C:\WINDOWS\system32\ddcCuVmJ.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7066] cmd /c del "C:\WINDOWS\system32\ddcCuVmJ.dll_old"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe -silent
O4 - HKCU\..\Run: [TotalSecure2009] C:\Program Files\TS-2009\scan.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB1645] command /c del "C:\WINDOWS\system32\ddcCuVmJ.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3100] cmd /c del "C:\WINDOWS\system32\ddcCuVmJ.dll_old"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v ... b56649.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -
O20 - Winlogon Notify: qoMeDSkJ - C:\WINDOWS\
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 6438 bytes
diablo343
Active Member
 
Posts: 8
Joined: November 1st, 2008, 2:46 pm

Re: Total Secure 2009

Unread postby Odd dude » November 3rd, 2008, 8:18 am

Hi again :)

You have TeaTimer running
This is good as TeaTimer protects you from many malicious changes to your registry. However, TeaTimer is a computer program, which has no way of distinguishing between good or malicious intentions; this means it might hinder the modifications I need to make to your system.

This means that TeaTimer will need to be disabled until you have been cleaned of malware.

  1. Right-click on the Tea Timer icon in your system tray. It looks like this: Image
  2. If you have the new version 1.5: click once on Resident Protection, then right click the Spybot icon again and make sure Resident Protection is now unchecked. The Spybot icon in the System tray should now be now colourless.
  3. If you have Version 1.4, Click on Exit Spybot S&D Resident

This is not enough, there is a second step attached:

  • Open Spybot S&D
  • Click Mode, choose Advanced Mode
  • Go to the bottom of the vertical panel on the left and click Tools
  • Now, also in left panel, click Resident - the pictogram shows a red/white shield.
  • In the Resident protection status frame, uncheck the box labelled Resident "Tea-Timer"(Protection of over-all system settings) active
  • OK any prompts.
  • Use File, Exit to terminate Spybot
  • Reboot your machine for the changes to take effect.

When I give you the all-clear post, remember to reenable it!

You are not running antivirus software!
Every single file you download is a potential threat to your system. Every single file can contain malware. To be protected from this, you need good antivirus software.
Antivirus software does not only cure infections. More importantly, it removes infectors (= things that infect you) before you are infected. This means you won't need to be cured from viruses, instead, they won't get in in the first place.

I noticed you are not running antivirus software. This is very bad!

I want you to download and install one free antivirus program NOW! If you can't choose any, or don't know where to look, you can pick one of these:
Avira Antivir
Avast


Next, could you please inform me whether Windows Firewall is turned on? If not, turn it on please (if you need help with this I'll provide instructions for you).

Open hijackthis, put a check next to these lines and click Fix checked:

    R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: (no name) - {420959A7-1B3F-49EE-848E-6DE631A39223} - (no file)
    O2 - BHO: (no name) - {A7BF3E00-225A-4D77-A556-872B792D9565} - (no file)
    O2 - BHO: (no name) - {BCD7ACE9-6AA6-4161-A630-66D2A8DDA8C3} - (no file)
    O2 - BHO: (no name) - {C420CF9F-D9D6-421F-958F-AA59906C2B12} - (no file)
    O2 - BHO: (no name) - {DE9942F3-716A-4970-82A4-6A35CDE1A1A6} - (no file)
    O2 - BHO: (no name) - {ED2AB80A-3A44-4999-A7A6-2239947EA6E8} - (no file)
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O4 - HKLM\..\Run: [Cleanup] C:\DOCUME~1\Ryan\LOCALS~1\Temp\2008118131844_mcappins.exe /v=3 /cleanup
    O4 - HKLM\..\Run: [msci] C:\DOCUME~1\Ryan\LOCALS~1\Temp\200811813187_mcinfo.exe /insfin
    O4 - HKLM\..\RunOnce: [SpybotDeletingA9375] command /c del "C:\WINDOWS\system32\mlJApPjJ.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC2511] cmd /c del "C:\WINDOWS\system32\mlJApPjJ.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA3132] command /c del "C:\WINDOWS\system32\ddcCuVmJ.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC7066] cmd /c del "C:\WINDOWS\system32\ddcCuVmJ.dll_old"
    O4 - HKCU\..\Run: [TotalSecure2009] C:\Program Files\TS-2009\scan.exe
    O4 - HKCU\..\RunOnce: [SpybotDeletingB1645] command /c del "C:\WINDOWS\system32\ddcCuVmJ.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD3100] cmd /c del "C:\WINDOWS\system32\ddcCuVmJ.dll_old"
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -
    O20 - Winlogon Notify: qoMeDSkJ - C:\WINDOWS\

Reboot.

Deleting a bad folder

Double-click My Computer on your desktop. Please then delete the following folder:

    C:\Program Files\TS-2009

ATF-Cleaner
Download ATF-Cleaner by Atribune to your desktop.
Start the program and place a check next to the following items:
  • Windows Temp
  • Current User Temp
  • All Users Temp
  • Temporary Internet Files
  • Java Cache
  • Recycle Bin
Now click Empty Selected and click OK.

If you use FireFox, click the FireFox tab and place a check Select All. Click Empty Selected and answer No at the prompt.
If you use Opera, click the Opera tab and place a check Select All. Click Empty Selected and answer No at the prompt.

RSIT
Please download random/random's system information tool (RSIT) and run it. Click Continue at the disclaimer screen and let it run. It will produce two logs:

  • log.txt (will be maximized)
  • info.txt (will be minimized)

Please post both in your next reply. If they won't fit into one post, divide them over multiple posts :)

Post back:
- confirm Windows firewall is running
- RSIT logs
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: Total Secure 2009

Unread postby diablo343 » November 3rd, 2008, 11:31 am

Yes, I do have Windows Firewall running, I also have a wireless router which I've been told is the same as having a firewall.

info.txt logfile of random's system information tool 1.04 2008-11-03 10:29:21

======Uninstall list======

-->"C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Motorola Inc.\Motorola USB Modem Installation\Uninst.isu"
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->MsiExec /X{EFC1B35C-FFF2-41D8-A70A-CE6037F8040B}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ACDSee 5.0 PowerPack-->MsiExec.exe /I{5058B085-AA79-41E5-A726-681B4C4B846E}
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 6.0.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
AGEIA PhysX v7.07.24-->MsiExec.exe /X{EFC1B35C-FFF2-41D8-A70A-CE6037F8040B}
AIM 6-->C:\Program Files\AIM6\uninst.exe
Apple Mobile Device Support-->MsiExec.exe /I{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
BitPim 1.0.5-->"C:\Program Files\BitPim\unins000.exe"
BitTornado 0.3.17-->C:\Program Files\BitTornado\uninst.exe
Broadcom 440x 10/100 Integrated Controller-->MsiExec.exe /X{9C9D0F85-5658-4A5E-95A9-65F7DB2916EE}
Broadcom Management Programs-->MsiExec.exe /I{C99C0593-3B48-41D9-B42F-6E035B320449}
Conexant HDA D110 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028p.inf
Cool Edit Pro 2.0-->C:\Program Files\coolpro2\cep2unin.exe
Curse Client-->C:\Program Files\Curse\uninstall.exe
dBpowerAMP Music Converter-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
Dell Mobile Broadband Card Utility-->MsiExec.exe /X{DF62D775-BB7C-4AFA-9CA4-DDA1C4855F28}
Dell ResourceCD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
Dell Wireless WLAN Card-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
DellSupport-->MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Digimax Master-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}\Setup.exe" -l0x9 -removeonly
Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Photo and Imaging 2.0 - All-in-One Drivers-->MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
HP Photo and Imaging 2.0 - All-in-One-->MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
Inspector Parker-->C:\PROGRA~1\YAHOO!~1\INSPEC~1\UNWISE.EXE C:\PROGRA~1\YAHOO!~1\INSPEC~1\INSTALL.LOG
Intel(R) Graphics Media Accelerator Driver for Mobile-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592
iTunes-->MsiExec.exe /I{3DE0053C-FD9A-483E-B7C9-B06E4392206E}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Last.fm 1.5.1.30182-->"C:\Program Files\Last.fm\unins000.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
mDriver-->MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft ActiveSync-->MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Mouse Suite for Laptop Computers-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BF13AA9D-E4CE-4015-9778-ECC1D4FB06E4}\Setup.exe" -l0x9 -removeonly
Mozilla Firefox (2.0.0.16)-->F:\FirefoxPortable\App\firefox\uninstall\helper.exe
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
My HP Games-->"C:\Program Files\HP Games\Uninstall.exe"
myJAL Apollo Edition-->MsiExec.exe /I{AF828FFA-6824-4A89-8ECB-5AC275FF8C6E}
MyRate from Progressive Insurance-->MsiExec.exe /I{8DE3A849-D34F-42B0-834F-1C22AAACD0AE}
OpenDNS Updater 1.3-->"C:\Program Files\OpenDNS Updater\Uninstall.exe"
Peggle (remove only)-->C:\Program Files\Peggle\Uninstall.exe
Photo Viewer-->MsiExec.exe /X{48A34EA8-695B-48BE-B900-C0C44D5D518A}
PHP 4.3.3-->C:\WINDOWS\system32\UNWISE.EXE C:\WINDOWS\system32\INSTALL.LOG
PowerDVD 5.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickSet-->C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe -runfromtemp -l0x0009 APPDRVNT4 -removeonly
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
Roxio DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{E9ED0801-253D-4FE9-AB20-F63DEFE72547}
Samsung USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88C023FB-E7F6-4415-ACEF-82372B8A05A8}\Setup.exe"
Security Update for Microsoft .NET Framework 2.0 (KB928365)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Slingo Quest (remove only)-->"C:\Program Files\Slingo Quest\Uninstall.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster 4.1-->"C:\Program Files\SpywareBlaster\unins000.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
The Price is Right (remove only)-->"C:\Program Files\Yahoo! Games\The Price is Right\Uninstall.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Weather Pulse 2.10 build 5-->"C:\Program Files\Weather Pulse\unins000.exe"
Windows Driver Package - (mr7910) Image 06/28/2005 1.3.0.0-->C:\WINDOWS\system32\DRVSTORE\f1490bc41e7d27129cb157cba768cf63b89e7752\DPInst.exe /u mr7910_32bb2befe1e5d1d6012329af0300b36139b7b84a
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Women's Murder Club - Death in Scarlet (remove only)-->"C:\Documents and Settings\Andrea\Desktop\work\Women's Murder Club - Death in Scarlet\Uninstall.exe"
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Worms World Party-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A200E68-D5F4-4E70-910F-2871753A0E2B}\setup.exe"
XviD 1.1 final uninstall-->"C:\Program Files\XviD\unins000.exe"
Yahoo! Browser Services-->C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
YouSendIt Express-->C:\Program Files\InstallShield Installation Information\{FA362C5C-A5D2-470F-A2CC-F13546919D36}\setup.exe -runfromtemp -l0x0409

=====HijackThis Backups=====

O20 - AppInit_DLLs: pfgxgs.dll stsffy.dll ivuoaw.dll dllbfy.dll idixdi.dll jhhoik.dll lscehf.dll vliprn.dll zmhxtx.dll
O1 - Hosts: 216.19.0.250 idenupdate.motorola.com
O4 - HKLM\..\RunOnce: [SpybotDeletingA9375] command /c del "C:\WINDOWS\system32\mlJApPjJ.dll_old"
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -
O4 - HKLM\..\RunOnce: [SpybotDeletingC7066] cmd /c del "C:\WINDOWS\system32\ddcCuVmJ.dll_old"
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: 69.253.151.209 idenupdate.motorola.com
O4 - HKLM\..\RunOnce: [SpybotDeletingC2511] cmd /c del "C:\WINDOWS\system32\mlJApPjJ.dll_old"
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\RunOnce: [SpybotDeletingA3132] command /c del "C:\WINDOWS\system32\ddcCuVmJ.dll_old"
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {420959A7-1B3F-49EE-848E-6DE631A39223} - (no file)
O2 - BHO: (no name) - {C420CF9F-D9D6-421F-958F-AA59906C2B12} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -
O2 - BHO: (no name) - {BCD7ACE9-6AA6-4161-A630-66D2A8DDA8C3} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O4 - HKLM\..\Run: [msci] C:\DOCUME~1\Ryan\LOCALS~1\Temp\200811813187_mcinfo.exe /insfin
O2 - BHO: (no name) - {DE9942F3-716A-4970-82A4-6A35CDE1A1A6} - (no file)
O2 - BHO: (no name) - {A7BF3E00-225A-4D77-A556-872B792D9565} - (no file)
O2 - BHO: (no name) - {ED2AB80A-3A44-4999-A7A6-2239947EA6E8} - (no file)
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [Cleanup] C:\DOCUME~1\Ryan\LOCALS~1\Temp\2008118131844_mcappins.exe /v=3 /cleanup
O4 - HKCU\..\Run: [TotalSecure2009] C:\Program Files\TS-2009\scan.exe
O20 - Winlogon Notify: qoMeDSkJ - C:\WINDOWS\

======Security center information======

AV: Avira AntiVir PersonalEdition

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0d08
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------

Logfile of random's system information tool 1.04 (written by random/random)
Run by Ryan at 2008-11-03 10:29:12
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 26 GB (46%) free of 57 GB
Total RAM: 1015 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:29:18 AM, on 11/3/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Curse\CurseClient.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ryan\Desktop\New Folder\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Ryan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [OpenDNS Update] "C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe -silent
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v ... b56649.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 5518 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1217901634.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2006-10-31 198136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-11-07 110652]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2005-02-23 53248]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-11-07 122940]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-08 761947]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-03-24 282624]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2006-06-06 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2006-06-06 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2006-06-06 118784]
"PMX Daemon"=C:\WINDOWS\system32\ICO.EXE [2006-06-09 47104]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2007-03-16 1392640]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [2007-09-25 132496]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064]
"OpenDNS Update"=C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe [2008-10-16 281088]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Aim6"= []
"CurseClient"=C:\Program Files\Curse\CurseClient.exe [2008-10-10 4789760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-06-06 139264]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\s24trans.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\s24trans.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Documents and Settings\Ryan\Desktop\New Folder\MiniRacingOnline\MiniRacingOnline\MiniRacingOnLine.exe"="C:\Documents and Settings\Ryan\Desktop\New Folder\MiniRacingOnline\MiniRacingOnline\MiniRacingOnLine.exe:*:Enabled:MiniRacingOnLine"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe"="C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe:*:Enabled:LaunchPad"
"C:\Program Files\GameHouse\Wheel of Fortune\Wheel of Fortune.exe"="C:\Program Files\GameHouse\Wheel of Fortune\Wheel of Fortune.exe:*:Enabled:Wheel of Fortune"
"C:\Program Files\Yahoo! Games\Inspector Parker\Parker.exe"="C:\Program Files\Yahoo! Games\Inspector Parker\Parker.exe:*:Enabled:Inspector Parker Game Executable"
"C:\Program Files\GameHouse\PileUp\PileUp.exe"="C:\Program Files\GameHouse\PileUp\PileUp.exe:*:Disabled:Super PileUp!"
"C:\Program Files\Sony Pictures Games\JEOPARDY!\JEOPARDY!.exe"="C:\Program Files\Sony Pictures Games\JEOPARDY!\JEOPARDY!.exe:*:Enabled:JEOPARDY!"
"C:\Program Files\Starcraft\StarCraft.exe"="C:\Program Files\Starcraft\StarCraft.exe:*:Disabled:Starcraft"
"C:\Program Files\Lionhead Studios Ltd\Black & White\runblack.exe"="C:\Program Files\Lionhead Studios Ltd\Black & White\runblack.exe:*:Enabled:lh"
"C:\WINDOWS\system32\3DSolar.scr"="C:\WINDOWS\system32\3DSolar.scr:*:Enabled:3D Solar System (OpenGL Screen Saver)"
"C:\Program Files\BitTornado\btdownloadgui.exe"="C:\Program Files\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Curse\CurseClient.exe"="C:\Program Files\Curse\CurseClient.exe:*:Enabled:Curse Client"
"C:\Program Files\World of Warcraft\Repair.exe"="C:\Program Files\World of Warcraft\Repair.exe:*:Enabled:Blizzard Repair Utility"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:rundll32"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a02f9a6-cb05-11dc-8994-0015c56ac0c6}]
shell\AutoRun\command - F:\setupSNK.exe


======List of files/folders created in the last 1 months======

2008-11-08 13:26:17 ----D---- C:\Program Files\iPod
2008-11-03 10:29:12 ----D---- C:\rsit
2008-11-03 10:16:52 ----D---- C:\Program Files\Avira
2008-11-03 10:16:52 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2008-11-02 11:23:04 ----D---- C:\Documents and Settings\Ryan\Application Data\Malwarebytes
2008-11-02 11:22:43 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-02 11:22:43 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-01 13:41:00 ----SH---- C:\WINDOWS\system32\djnevqys.ini
2008-10-31 12:08:53 ----SH---- C:\WINDOWS\system32\cdnecrxa.ini
2008-10-30 16:33:35 ----ASH---- C:\WINDOWS\system32\JmVuCcdd.ini2
2008-10-30 16:33:34 ----ASH---- C:\WINDOWS\system32\JmVuCcdd.ini
2008-10-30 12:07:22 ----SH---- C:\WINDOWS\system32\rbrwjugn.ini
2008-10-30 12:07:12 ----A---- C:\WINDOWS\system32\nitcjakg.dll
2008-10-30 10:14:05 ----A---- C:\WINDOWS\Slingo Supreme Uninstall Log.txt
2008-10-30 10:09:49 ----SHD---- C:\Config.Msi
2008-10-29 17:52:43 ----ASH---- C:\WINDOWS\system32\JjPpAJlm.ini2
2008-10-29 17:52:42 ----ASH---- C:\WINDOWS\system32\JjPpAJlm.ini
2008-10-28 23:38:44 ----D---- C:\Program Files\SpywareBlaster
2008-10-28 23:22:37 ----D---- C:\Program Files\Trend Micro
2008-10-28 20:03:14 ----ASH---- C:\WINDOWS\system32\lVxGNqss.ini2
2008-10-28 12:17:44 ----A---- C:\WINDOWS\system32\ef3de062-.txt
2008-10-28 12:01:37 ----A---- C:\update.exe
2008-10-25 11:48:28 ----D---- C:\Team17
2008-10-25 08:16:35 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-16 08:13:22 ----D---- C:\Program Files\Curse
2008-10-16 08:11:53 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-16 08:10:40 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-16 08:09:22 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-16 08:08:05 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-16 08:05:50 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-16 07:57:19 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-10-14 11:59:39 ----D---- C:\Documents and Settings\All Users\Application Data\Blizzard
2008-10-04 19:00:47 ----A---- C:\ASLog.txt

======List of files/folders modified in the last 1 months======

2008-11-08 22:01:01 ----SD---- C:\WINDOWS\Tasks
2008-11-08 13:26:42 ----D---- C:\Program Files\iTunes
2008-11-08 13:24:42 ----D---- C:\Program Files\QuickTime
2008-11-08 13:21:46 ----A---- C:\WINDOWS\win.ini
2008-11-08 13:21:32 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-11-08 13:18:41 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-11-03 10:29:09 ----D---- C:\WINDOWS\Prefetch
2008-11-03 10:28:25 ----D---- C:\WINDOWS\system32
2008-11-03 10:28:24 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-03 10:27:03 ----D---- C:\WINDOWS\Temp
2008-11-03 10:25:40 ----D---- C:\Program Files\Mozilla Firefox
2008-11-03 10:24:16 ----D---- C:\WINDOWS
2008-11-03 10:23:22 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-03 10:21:11 ----D---- C:\WINDOWS\system32\drivers
2008-11-03 10:20:36 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-03 10:16:52 ----RD---- C:\Program Files
2008-11-03 10:03:48 ----D---- C:\Program Files\Weather Pulse
2008-10-31 08:17:29 ----A---- C:\WINDOWS\wininit.ini
2008-10-30 10:18:24 ----D---- C:\Program Files\EA GAMES
2008-10-30 10:17:03 ----SHD---- C:\WINDOWS\Installer
2008-10-30 10:16:28 ----D---- C:\Program Files\Lionhead Studios Ltd
2008-10-30 10:15:56 ----D---- C:\Documents and Settings\Ryan\Application Data\Lionhead Studios
2008-10-30 10:15:20 ----D---- C:\Program Files\Starcraft
2008-10-30 10:13:59 ----D---- C:\Program Files\GameHouse
2008-10-30 10:13:36 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-30 10:11:36 ----D---- C:\Fraps
2008-10-30 10:11:29 ----D---- C:\Program Files\Yahoo! Games
2008-10-30 10:11:29 ----D---- C:\Documents and Settings\Ryan\Application Data\PlayFirst
2008-10-30 10:11:05 ----D---- C:\Program Files\Diablo II
2008-10-29 09:01:03 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-29 08:56:30 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-10-28 23:43:43 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-28 23:04:45 ----D---- C:\WINDOWS\system32\config
2008-10-28 23:04:22 ----D---- C:\WINDOWS\system32\wbem
2008-10-28 23:04:21 ----D---- C:\WINDOWS\Registration
2008-10-28 23:03:27 ----D---- C:\WINDOWS\system32\Restore
2008-10-28 12:03:37 ----D---- C:\Documents and Settings\Ryan\Application Data\Adobe
2008-10-27 23:27:46 ----A---- C:\WINDOWS\EurekaLog.ini
2008-10-27 23:06:17 ----D---- C:\Program Files\World of Warcraft
2008-10-25 09:41:18 ----D---- C:\Program Files\OpenDNS Updater
2008-10-25 08:16:41 ----HD---- C:\WINDOWS\inf
2008-10-25 08:16:38 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-25 08:15:25 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-21 23:00:09 ----D---- C:\Documents and Settings\Ryan\Application Data\Apple Computer
2008-10-21 22:54:28 ----SD---- C:\Documents and Settings\Ryan\Application Data\Microsoft
2008-10-16 08:12:23 ----A---- C:\WINDOWS\imsins.BAK
2008-10-15 11:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-07 14:19:40 ----A---- C:\WINDOWS\system32\MRT.exe
2008-10-04 19:29:27 ----D---- C:\Program Files\Microsoft ActiveSync
2008-10-04 19:29:26 ----D---- C:\WINDOWS\Help
2008-10-04 19:29:25 ----D---- C:\WINDOWS\WinSxS
2008-10-04 18:48:34 ----D---- C:\Program Files\Common Files\Microsoft Shared

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-06-27 75072]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-11-18 5660]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-11-18 22684]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 OMCI;OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-11-07 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-11-07 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-11-07 86652]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-11-07 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-11-07 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-11-07 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-11-07 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-04 12544]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2007-03-16 604928]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2005-08-05 45312]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys [2005-12-01 936960]
R3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys [2005-12-01 192512]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-06-06 1168860]
R3 NWADI;NWADI Bus Enumerator; C:\WINDOWS\system32\DRIVERS\NWADIenum.sys [2006-03-27 74752]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-03-24 1156648]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-03-08 191872]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-01 669696]
S1 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-03-09 51024]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-03-09 16080]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-03-09 21456]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 mr7910;Photo Viewer; C:\WINDOWS\system32\DRIVERS\mr7910.sys [2005-06-28 113664]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 P2k;Motorola iDEN P2k Device; C:\WINDOWS\system32\DRIVERS\P2k.sys [2004-03-19 38912]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2007-07-03 80552]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2007-07-03 11944]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2007-07-03 106792]
S3 sscdserd;SAMSUNG Mobile Modem Diagnostic Serial Port (WDM); C:\WINDOWS\system32\DRIVERS\sscdserd.sys [2007-07-03 86824]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-07-10 32000]
S3 usbbus;LGE CDMA Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2004-08-10 20092]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBModem;LGE CDMA USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2004-08-10 41664]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbser;Motorola USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-13 26112]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-10-28 611664]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2007-03-16 20480]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-19 70656]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-03-09 65795]

-----------------EOF-----------------
diablo343
Active Member
 
Posts: 8
Joined: November 1st, 2008, 2:46 pm

Re: Total Secure 2009

Unread postby Odd dude » November 3rd, 2008, 3:46 pm

Yes, I do have Windows Firewall running, I also have a wireless router which I've been told is the same as having a firewall.

:thumbright:

You should uninstall Java update 3, it's outdated. Be sure to keep update 7!
To uninstall it: click Start :arrow: Control Panel :arrow: Add/Remove Programs :arrow: select Java(TM) 6 Update 3 :arrow: Remove

Update your Adobe Reader
Your version of Adobe Reader is old and may contain security leaks. Please first remove the older version, then download and install the newest version from here.

Kaspersky Online Scan
Please click HERE to be taken to the Kaspersky site.

  • The site will present you with a list of important items. Read those. If you're unsure about something, stop and ask! If you're sure everything is all right, close all other windows.
  • Now, click Accept.
  • It will start a download rougly 10 MB in size. If prompted by your firewall to allow internet access, allow.
  • Once the download has finished, click Next.
  • Under Please select a target to scan, choose My Computer
  • Get a cup of coffee and watch some TV. Do not use your computer! If you're on dial-up, you can now terminate the internet connection if you wish.
  • Once finished, you will be presented with the results. Click Save as text and save the log to your desktop.
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: Total Secure 2009

Unread postby diablo343 » November 4th, 2008, 1:09 am

Do not use your computer!

Oh man, I've got a level 68 Paladin that I need to get to 70 before next Tuesday. I guess I can stop playing for a little while. lol

Also you didn't say anything about posting the Kaspersky results. I'll just assume you want me to.
diablo343
Active Member
 
Posts: 8
Joined: November 1st, 2008, 2:46 pm

Re: Total Secure 2009

Unread postby diablo343 » November 4th, 2008, 8:45 am

Kaspersky Results:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, November 4, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, November 04, 2008 03:42:09
Records in database: 1369340
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 58974
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 01:24:01


File name / Threat name / Threats count
C:\update.exe Infected: Trojan-Downloader.Win32.Agent.alku 1

The selected area was scanned.
diablo343
Active Member
 
Posts: 8
Joined: November 1st, 2008, 2:46 pm

Re: Total Secure 2009

Unread postby Odd dude » November 5th, 2008, 2:26 am

Hi again!

The logs are looking good, there are only a few we need to clean up.

First of all.... I'm terribly sorry but I gave you the wrong link to the Adobe update page.... if you already installed the version 8 I linked to, please uninstall it and go to http://www.adobe.com/products/acrobat/readstep2.html to download version 9... again, I am REALLY sorry for this, completely my fault.

Show hidden files and folders
We need to slightly adjust your settings.

  • Open the Control Panel (Start :arrow: Control Panel)
  • Double-click Folder Settings
  • On the View tab, uncheck Hide protected system files (recommended). A warning will show, just click Yes.
  • Check Show the contents of system directories
  • Uncheck Hide extensions for known file types
  • Scroll down and choose Show hidden files and folders
  • Press OK to save changes.

Now double click My Computer and double click Local Disk (C).
This file - C:\update.exe - needs to be deleted from there.

Double click Windows and System32. Then please delete these files:
C:\WINDOWS\system32\djnevqys.ini
C:\WINDOWS\system32\cdnecrxa.ini
C:\WINDOWS\system32\JmVuCcdd.ini2
C:\WINDOWS\system32\JmVuCcdd.ini
C:\WINDOWS\system32\rbrwjugn.ini
C:\WINDOWS\system32\nitcjakg.dll
C:\WINDOWS\system32\lVxGNqss.ini2
C:\WINDOWS\system32\ef3de062-.txt


Empty recycle bin (right click it and choose Empty)

One more little issue we need to take care of... your firewall.

A wireless network's firewall is very good. But here's the thing - both this kind of firewall and the Windows XP Firewall only block incoming connections. This means that once malware gets in, it is free to 'phone home' or send data it may have collected to its makers.

Therefore, I suggest that you install a software firewall. Two excellent free for personal use products can be found here:
Comodo Personal Firewall
Online Armor Free

Please inform me how the computer is running and post a new RSIT log. Thanks :)
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: Total Secure 2009

Unread postby diablo343 » November 5th, 2008, 10:06 am

My computer has been running fine for a while now. I haven't noticed any major slowdowns or programs opening since around the time if your second post.
Heres the new RSIT log:

Logfile of random's system information tool 1.04 (written by random/random)
Run by Ryan at 2008-11-05 09:03:31
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 25 GB (44%) free of 57 GB
Total RAM: 1015 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:04:10 AM, on 11/5/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Curse\CurseClient.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ryan\Desktop\New Folder\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Ryan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [OpenDNS Update] "C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe -silent
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v ... b56649.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 6339 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1217901634.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2006-10-31 198136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-11-07 110652]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2005-02-23 53248]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-11-07 122940]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-08 761947]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-03-24 282624]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2006-06-06 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2006-06-06 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2006-06-06 118784]
"PMX Daemon"=C:\WINDOWS\system32\ICO.EXE [2006-06-09 47104]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2007-03-16 1392640]
"OpenDNS Update"=C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe [2008-10-16 281088]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-10-01 111936]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
"COMODO Firewall Pro"=C:\Program Files\COMODO\Firewall\cfp.exe [2008-11-05 1655552]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Aim6"= []
"CurseClient"=C:\Program Files\Curse\CurseClient.exe [2008-10-10 4789760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=" C:\WINDOWS\system32\guard32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-06-06 139264]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\s24trans.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\s24trans.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Documents and Settings\Ryan\Desktop\New Folder\MiniRacingOnline\MiniRacingOnline\MiniRacingOnLine.exe"="C:\Documents and Settings\Ryan\Desktop\New Folder\MiniRacingOnline\MiniRacingOnline\MiniRacingOnLine.exe:*:Enabled:MiniRacingOnLine"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe"="C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe:*:Enabled:LaunchPad"
"C:\Program Files\GameHouse\Wheel of Fortune\Wheel of Fortune.exe"="C:\Program Files\GameHouse\Wheel of Fortune\Wheel of Fortune.exe:*:Enabled:Wheel of Fortune"
"C:\Program Files\Yahoo! Games\Inspector Parker\Parker.exe"="C:\Program Files\Yahoo! Games\Inspector Parker\Parker.exe:*:Enabled:Inspector Parker Game Executable"
"C:\Program Files\GameHouse\PileUp\PileUp.exe"="C:\Program Files\GameHouse\PileUp\PileUp.exe:*:Disabled:Super PileUp!"
"C:\Program Files\Sony Pictures Games\JEOPARDY!\JEOPARDY!.exe"="C:\Program Files\Sony Pictures Games\JEOPARDY!\JEOPARDY!.exe:*:Enabled:JEOPARDY!"
"C:\Program Files\Starcraft\StarCraft.exe"="C:\Program Files\Starcraft\StarCraft.exe:*:Disabled:Starcraft"
"C:\Program Files\Lionhead Studios Ltd\Black & White\runblack.exe"="C:\Program Files\Lionhead Studios Ltd\Black & White\runblack.exe:*:Enabled:lh"
"C:\WINDOWS\system32\3DSolar.scr"="C:\WINDOWS\system32\3DSolar.scr:*:Enabled:3D Solar System (OpenGL Screen Saver)"
"C:\Program Files\BitTornado\btdownloadgui.exe"="C:\Program Files\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Curse\CurseClient.exe"="C:\Program Files\Curse\CurseClient.exe:*:Enabled:Curse Client"
"C:\Program Files\World of Warcraft\Repair.exe"="C:\Program Files\World of Warcraft\Repair.exe:*:Enabled:Blizzard Repair Utility"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:rundll32"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{27fd0e8a-9146-11dc-9ad1-806d6172696f}]
shell\AutoRun\command - D:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a02f9a6-cb05-11dc-8994-0015c56ac0c6}]
shell\AutoRun\command - F:\setupSNK.exe


======List of files/folders created in the last 1 months======

2008-11-05 08:57:42 ----D---- C:\Documents and Settings\Ryan\Application Data\Comodo
2008-11-05 08:57:37 ----D---- C:\Documents and Settings\All Users\Application Data\comodo
2008-11-05 08:57:37 ----A---- C:\WINDOWS\system32\guard32.dll
2008-11-05 08:57:36 ----D---- C:\Program Files\COMODO
2008-11-05 00:03:40 ----D---- C:\Program Files\Apple Software Update
2008-11-05 00:02:15 ----D---- C:\Program Files\iPod
2008-11-05 00:02:12 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-05 00:00:53 ----D---- C:\Program Files\Bonjour
2008-11-04 23:59:55 ----D---- C:\Program Files\QuickTime
2008-11-04 23:59:11 ----SHD---- C:\Config.Msi
2008-11-04 00:04:27 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-11-03 10:29:12 ----D---- C:\rsit
2008-11-03 10:16:52 ----D---- C:\Program Files\Avira
2008-11-03 10:16:52 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2008-11-02 11:23:04 ----D---- C:\Documents and Settings\Ryan\Application Data\Malwarebytes
2008-11-02 11:22:43 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-02 11:22:43 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-30 10:14:05 ----A---- C:\WINDOWS\Slingo Supreme Uninstall Log.txt
2008-10-29 17:52:43 ----ASH---- C:\WINDOWS\system32\JjPpAJlm.ini2
2008-10-29 17:52:42 ----ASH---- C:\WINDOWS\system32\JjPpAJlm.ini
2008-10-28 23:38:44 ----D---- C:\Program Files\SpywareBlaster
2008-10-28 23:22:37 ----D---- C:\Program Files\Trend Micro
2008-10-25 11:48:28 ----D---- C:\Team17
2008-10-25 08:16:35 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-16 08:13:22 ----D---- C:\Program Files\Curse
2008-10-16 08:11:53 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-16 08:10:40 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-16 08:09:22 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-16 08:08:05 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-16 08:05:50 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-16 07:57:19 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-10-14 11:59:39 ----D---- C:\Documents and Settings\All Users\Application Data\Blizzard

======List of files/folders modified in the last 1 months======

2008-11-08 13:21:46 ----A---- C:\WINDOWS\win.ini
2008-11-08 13:21:32 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-11-08 13:18:41 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-11-05 09:03:47 ----D---- C:\WINDOWS\Prefetch
2008-11-05 09:03:46 ----D---- C:\WINDOWS\system32
2008-11-05 09:03:46 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-05 09:01:14 ----D---- C:\Program Files\Mozilla Firefox
2008-11-05 09:00:05 ----D---- C:\WINDOWS\Temp
2008-11-05 08:59:41 ----D---- C:\WINDOWS
2008-11-05 08:58:42 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-05 08:57:37 ----D---- C:\WINDOWS\system32\drivers
2008-11-05 08:57:36 ----RD---- C:\Program Files
2008-11-05 08:45:37 ----SHD---- C:\WINDOWS\Installer
2008-11-05 08:45:37 ----D---- C:\WINDOWS\WinSxS
2008-11-05 08:45:16 ----D---- C:\Program Files\Adobe
2008-11-05 08:45:07 ----D---- C:\Program Files\Common Files\Adobe
2008-11-05 00:03:43 ----SD---- C:\WINDOWS\Tasks
2008-11-05 00:02:47 ----HD---- C:\WINDOWS\inf
2008-11-05 00:02:46 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-11-05 00:02:45 ----D---- C:\Program Files\iTunes
2008-11-05 00:00:00 ----D---- C:\Program Files\Common Files\Apple
2008-11-04 23:57:43 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-04 09:10:42 ----D---- C:\Program Files\World of Warcraft
2008-11-03 23:57:57 ----D---- C:\Program Files\Java
2008-11-03 10:03:48 ----D---- C:\Program Files\Weather Pulse
2008-11-02 12:51:15 ----D---- C:\Documents and Settings\Ryan\Application Data\Adobe
2008-10-31 08:17:29 ----A---- C:\WINDOWS\wininit.ini
2008-10-30 10:18:24 ----D---- C:\Program Files\EA GAMES
2008-10-30 10:16:28 ----D---- C:\Program Files\Lionhead Studios Ltd
2008-10-30 10:15:56 ----D---- C:\Documents and Settings\Ryan\Application Data\Lionhead Studios
2008-10-30 10:15:20 ----D---- C:\Program Files\Starcraft
2008-10-30 10:13:59 ----D---- C:\Program Files\GameHouse
2008-10-30 10:13:36 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-30 10:11:36 ----D---- C:\Fraps
2008-10-30 10:11:29 ----D---- C:\Program Files\Yahoo! Games
2008-10-30 10:11:29 ----D---- C:\Documents and Settings\Ryan\Application Data\PlayFirst
2008-10-30 10:11:05 ----D---- C:\Program Files\Diablo II
2008-10-29 09:01:03 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-29 08:56:30 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-10-28 23:43:43 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-28 23:04:45 ----D---- C:\WINDOWS\system32\config
2008-10-28 23:04:22 ----D---- C:\WINDOWS\system32\wbem
2008-10-28 23:04:21 ----D---- C:\WINDOWS\Registration
2008-10-28 23:03:27 ----D---- C:\WINDOWS\system32\Restore
2008-10-27 23:27:46 ----A---- C:\WINDOWS\EurekaLog.ini
2008-10-25 09:41:18 ----D---- C:\Program Files\OpenDNS Updater
2008-10-25 08:16:38 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-25 08:15:25 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-21 23:00:09 ----D---- C:\Documents and Settings\Ryan\Application Data\Apple Computer
2008-10-21 22:54:28 ----SD---- C:\Documents and Settings\Ryan\Application Data\Microsoft
2008-10-16 08:12:23 ----A---- C:\WINDOWS\imsins.BAK
2008-10-15 11:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-07 14:19:40 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-06-27 75072]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2008-11-05 87056]
R1 cmdHlp;COMODO Firewall Pro Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2008-11-05 24208]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-11-18 5660]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-11-18 22684]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 OMCI;OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-11-07 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-11-07 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-11-07 86652]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-11-07 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-11-07 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-11-07 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-11-07 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-04 12544]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2007-03-16 604928]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2005-08-05 45312]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys [2005-12-01 936960]
R3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys [2005-12-01 192512]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-06-06 1168860]
R3 NWADI;NWADI Bus Enumerator; C:\WINDOWS\system32\DRIVERS\NWADIenum.sys [2006-03-27 74752]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-03-24 1156648]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-03-08 191872]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-01 669696]
S1 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-03-09 51024]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-03-09 16080]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-03-09 21456]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 mr7910;Photo Viewer; C:\WINDOWS\system32\DRIVERS\mr7910.sys [2005-06-28 113664]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 P2k;Motorola iDEN P2k Device; C:\WINDOWS\system32\DRIVERS\P2k.sys [2004-03-19 38912]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2007-07-03 80552]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2007-07-03 11944]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2007-07-03 106792]
S3 sscdserd;SAMSUNG Mobile Modem Diagnostic Serial Port (WDM); C:\WINDOWS\system32\DRIVERS\sscdserd.sys [2007-07-03 86824]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-07-10 32000]
S3 usbbus;LGE CDMA Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2004-08-10 20092]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBModem;LGE CDMA USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2004-08-10 41664]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbser;Motorola USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-13 26112]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-10-28 611664]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 cmdAgent;COMODO Firewall Pro Helper Service; C:\Program Files\COMODO\Firewall\cmdagent.exe [2008-11-05 519936]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2007-03-16 20480]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-19 70656]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-03-09 65795]

-----------------EOF-----------------
diablo343
Active Member
 
Posts: 8
Joined: November 1st, 2008, 2:46 pm

Re: Total Secure 2009

Unread postby Odd dude » November 5th, 2008, 11:29 am

Hi diablo343

Delete some bad files
Please delete these files like you did before:

C:\WINDOWS\system32\JjPpAJlm.ini
C:\WINDOWS\system32\JjPpAJlm.ini2

Rehide hidden files and folders
Now let's reverse the changes we made.

  • Open the Control Panel (Start :arrow: Control Panel)
  • Double-click Folder Settings
  • On the View tab, check Hide protected system files (recommended). A warning will show, just click Yes.
  • Uncheck Show the contents of system directories
  • Check Hide extensions for known file types
  • Scroll down and choose Do not show hidden files and folders
  • Press OK to save changes.

Purge System Restore
We've now arrived at the stage where we can clean the System Restore points. Malware can easily hide itself in System Restore points. This is BAD. While inside the restore point, it is completely harmless. But once you restore from that restore point, the malware will spread again.
To purge System Restore, please do the following:
  • First, launch System Restore (Start :arrow: All Programs :arrow: Accessories :arrow: System Tools :arrow: System Restore).
  • Choose the second option: Create a restore point. Name it something like All Clean.

    Now, for the actual purging:

  • Click Start :arrow: All Programs :arrow: Accessories :arrow: Disk Cleaner.
  • Wait for the program to load... this will take a few seconds.
  • Click the More Options tab, and click the Cleanup button under the System Restore heading. Click Yes if you're prompted whether you're sure.

  • Don't close the program yet.


Clean up some more leftovers
  • Get back to the previous tab. Tick the following items:
    • Temporary Internet Files
    • Offline Web Pages
    • Recycle Bin
    • Temporary Files
    • WebClient/Publisher temporary files
  • Click OK. If you're asked whether you're sure, click Yes.


Congratulations!
:occasion6: :occasion6: :occasion6: :occasion6: :occasion6: :occasion6:

As far as I can tell, you are CLEAN!


:wav:


Have a big cup of :coffee: , give yourself a well-earned hug, and now please follow a few of the following tips; they will dramatically reduce your chance of getting infected again.


  • Turn on Automatic Updates if you have not done so. It is MANDATORY to keep your Windows updated, otherwise you are vulnerable to exploits! To turn on Automatic Updates: click Start :arrow: Control Panel :arrow: Security Centre :arrow: Automatic Updates.

Below are optional items. It's highly recommended to read them through, but decide for yourself how many of these recommendations (if any) you follow.

  • Run a regular scan with Malwarebytes' Anti-Malware - it's a great program which will neatly clean up a lot of malware.

  • Install WinPatrol from here. Instructions for use are here.

  • Install SpywareBlaster to protect you from bad sites. Download - How to use it

  • Install a custom hosts file. Let's say I have a directory of 640kb's worth of bad sites. Let's say I can make sure you will never be able to access those sites, so you will never get any infection from those sites. It's like blocking a site - without site blocking tools. How would you like to never be able to visit (a lot, but not all of the) malware-infected sites again? Well, now you can!
    First, we must disable a service, as Windows cannot work with a very large hosts file while that service is active. This will not affect anything else.
    The disabling routine:
    1. Click Start, then Run
    2. Copy and paste the following:
      Code: Select all
      sc config dnscache start= disabled
    3. Click OK.
    Next, you can download the custom hosts file from here. Installation instructions can be found there as well.

  • Install KeyScrambler. Keyloggers are the third biggest threats in the world of malware - next to backdoors & rootkits. KeyScrambler is an add-on that integrates with your browser and protects you from keyloggers; meaning safe online gaming, and safe online banking. There is also a paid version, which protects e-mail programs and Word, and a more expensive paid version that protects even more items! Download it from here. I recommend you to not use the IE version, as in the past this had caused crashes with IE 7+; yet it worked fine on IE 6. Though they could have fixed it by now.

Please note: you must NOT rely on programs like KeyScrambler for your protection. The program can protect against many types of keylogging software but no security program is 100% reliable and new malware is created every day. If you suspect your machine is infected with a keylogger you should immediately change all your passwords from a known clean machine and seek assistance with removing the malware.

Please reply to this thread once more so we know it can be archived

Happy surfing!! :)
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: Total Secure 2009

Unread postby Odd dude » November 7th, 2008, 3:00 pm

diablo343, are you still there?

Please reply to this thread once more so we know it can be archived
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 301 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware