Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Malware Removal Help!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Malware Removal Help!

Unread postby LukeB5301 » December 17th, 2008, 11:44 pm

Computers been acting slow lately and now is just going whack. Always opening new windows about how my computer is infected and all that BS. Its' also been screwing with other websites, mostly facebook it will make the page not load or load incorrectly, always login me out, etc. . . I'm somewhat good with computers just not this part :)

I've been able to figure out my problem is obviously this:
O4 - HKLM\..\Run: [CPM478b6033] Rundll32.exe "c:\windows\system32\vojateda.dll",a
O4 - HKLM\..\Run: [duhabozoke] Rundll32.exe "C:\WINDOWS\system32\bibafedo.dll",s

And of course I've tried removing it from startup on MSconfig and deleting from regedit but of course they just keep coming back :) Well anyways, heres my HiJack Log, Thanks for the help.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:39:46 PM, on 12/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://centurytel.myway.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {ff6f1fdb-0f89-45e3-b434-bb221d669fa3} - C:\WINDOWS\system32\hehujoji.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [CPM478b6033] Rundll32.exe "c:\windows\system32\vojateda.dll",a
O4 - HKLM\..\Run: [duhabozoke] Rundll32.exe "C:\WINDOWS\system32\bibafedo.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [duhabozoke] Rundll32.exe "C:\WINDOWS\system32\bibafedo.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [duhabozoke] Rundll32.exe "C:\WINDOWS\system32\bibafedo.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{917C3484-992D-456E-AE98-CE377445B456}: NameServer = 192.168.5.1,192.168.5.2
O20 - AppInit_DLLs: c:\windows\system32\vojateda.dll,C:\WINDOWS\system32\yozuzejo.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\vojateda.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\vojateda.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe

--
End of file - 7542 bytes



RSIT Logs:


info.txt logfile of random's system information tool 1.05 2008-12-18 15:43:53

======Uninstall list======

-->C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
-->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D7C06F60-C1A0-4D8C-85BA-15A18B93AA13}\setup.exe" -l0x9 -uninst -f"C:\Program Files\Scholastic's Clifford\Clifford Musical Memory Games\Uninst.isu" -c"C:\Program Files\Scholastic's Clifford\Clifford Musical Memory Games\_UnInstall.dll"
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2Moons-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1BD67531-A957-4592-9743-A2761BB4AC28}\setup.exe" -l0x9 -removeonly
Ad-Aware SE Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Acrobat 4.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.dll"
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
Advertisement Service-->C:\WINDOWS\system32\prunnet.exe Uninstall
ArcSoft PhotoStudio 2000-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ArcSoft\PhotoStudio 2000\Uninst.isu"
Arthur's 1st Grade-->C:\Program Files\The Learning Company\Arthur's 1st Grade\uninstall.exe
Arthur's Math Games-->C:\Program Files\Creative Wonders\Arthur's Math Games\uninstal.exe
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->MsiExec.exe /I{22C97984-6A68-4140-872E-B2F5123A7387}
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Babylon-->C:\Program Files\Babylon\Babylon-Pro\Utils\uninstbb.exe
Barbie(TM) as Rapunzel-->C:\Program Files\Common Files\Knowledge Adventure\Uninstall\RapunzelUn.exe
Barbie(TM) Fashion Show(TM) CD-ROM-->C:\Program Files\Common Files\Vivendi Universal Games\Uninstall\FashionUn.exe
Barbie(TM) of Swan Lake-->C:\Program Files\Common Files\Vivendi Universal Games\Uninstall\SwanLakeUn.exe
BitComet 0.94-->C:\Program Files\BitComet\uninst.exe
Bodog Poker Version 2.13.1.13-->"C:\Program Files\Bodog Poker\unins000.exe"
Canon S200-->C:\WINDOWS\system32\CNMCP3W.EXE -@C:\WINDOWS\IsUninst.exe -f"C:\BJPrinter\CNMWINDOWS\Canon S200 Installer\Inst\DeIsL1.isu" -pCanon S200-c"C:\BJPrinter\CNMWINDOWS\Canon S200 Installer\Inst\bjinst.dll
Canon ScanGear Toolbox CS 2.2-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\ScanGear Toolbox CS\Uninst.isu" -c"C:\Program Files\Canon\ScanGear Toolbox CS\uninst.dll"
Carrie the Caregiver(TM)-->C:\PROGRA~1\SHOCKW~1.COM\CARRIE~1\UNWISE.EXE C:\PROGRA~1\SHOCKW~1.COM\CARRIE~1\INSTALL.LOG
Clifford Musical Memory Games-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D7C06F60-C1A0-4D8C-85BA-15A18B93AA13}\setup.exe" -l0x9
Clifford Reading-->C:\WINDOWS\system32\Clifford Uninstall.exe C:\Program Files\Scholastic's Clifford\Clifford Reading\
Creating Keepsakes Scrapbook Designer-->MsiExec.exe /I{7E370E0D-004C-4DC8-9986-A43F8C79404E}
Creative Memories StoryBook Creator 2.0-->MsiExec.exe /I{A3C7B70F-E60A-4429-B0EF-D5289EF89C5B}
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter-->C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Dreamship Tales-->C:\WINDOWS\TLCUninstall.exe -f "C:\Program Files\The Learning Company\Dreamship Tales\Uninstall.xml"
DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
Express Burn-->C:\Program Files\NCH Swift Sound\ExpressBurn\uninst.exe
ffdshow [rev 1723] [2007-12-24]-->"C:\Program Files\K-Lite Codec Pack\ffdshow\unins000.exe"
Full Tilt Poker-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}\setup.exe" -l0x9 -removeonly
Hello Kitty Dream Carnival-->MsiExec.exe /I{900B84AB-6A80-49EE-B236-67F211190597}
HelloKitty (remove only)-->"C:\Program Files\ValuSoft\HelloKitty\uninstall.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB909394)-->"C:\WINDOWS\$NtUninstallKB909394$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Intel(R) PRO Network Connections Drivers-->Prounstl.exe
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
K-Lite Mega Codec Pack 3.5.7-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Lets Ride Corral Club-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{DB299A0A-69B8-4DD2-BB76-A17CF14CE649}
LimeWire 4.12.11-->"C:\Program Files\LimeWire\uninstall.exe"
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft .NET Framework 3.5-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
Microsoft ActiveSync-->MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Web Publishing Wizard 1.52-->RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall
Motorola Driver Installation-->MsiExec.exe /I{3EE117D4-CD47-4985-B507-BEA2DACC43BD}
Motorola Driver Installation-->MsiExec.exe /I{8F4507EF-C5F3-46CE-9718-9D3698821333}
Mozilla Firefox (2.0.0.19)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
My Fantasy Wedding-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3AC8DD1-A754-46D6-A777-6155D627D196}\Setup.exe" -l0x9
MySpaceIM-->C:\Program Files\MySpace\IM\Uninstall.exe
Nancy Drew: The Haunted Carousel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Nancy Drew\The Haunted Carousel\Setup.exe" -l0x9
Nero 8-->MsiExec.exe /X{3C5F1B30-B10B-4579-86DD-D00F662E1033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Netflix Movie Viewer-->MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}
OmniPage Pro 9.0-->C:\Program Files\Caere\OmniPagePro90\uninstall.exe -f"C:\Program Files\Caere\OmniPagePro90\DeIsL1.isu"
OpenOffice.org 2.3-->MsiExec.exe /I{2F29D6D2-824E-4FEF-8AED-7013F39F642A}
Operation-->C:\WINDOWS\uninst.exe -fc:\PROGRA~1\DeIsL1.isu
Pet Vet (remove only)-->C:\Program Files\Pet Vet\Uninstall.exe
PL-2303 USB-to-Serial-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\Setup.exe" -l0x9 Installed
PlayersOnly Poker-->C:\Program Files\PlayersOnly Poker\uninstall.exe
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
Reader Rabbit Learn To Read With Phonics-->C:\WINDOWS\TLCUninstall.exe -f "C:\Program Files\The Learning Company\Reader Rabbit Learn To Read With Phonics\Uninstall.xml"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918899)-->"C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920214)-->"C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925486)-->"C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Shockwave-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
TaxACT 2007-->C:\PROGRA~1\2NDSTO~1\TAXACT~1\Unta07.exe C:\PROGRA~1\2NDSTO~1\TAXACT~1\Install.log
TaxACT Wisconsin 2007-->C:\PROGRA~1\2NDSTO~1\TAXACT~1\Unst07.exe C:\PROGRA~1\2NDSTO~1\TAXACT~1\WI.log
Time, Money and Fractions-->C:\WINDOWS\unvise32.exe C:\Program Files\sz8057\uninstal.log
TVersity Codec Pack 1.2-->C:\Program Files\TVersity Codec Pack\uninst.exe
TVersity Media Server 1.0.0.7 RC4-->C:\Program Files\TVersity\Media Server\uninst.exe
UltimateBet-->C:\PROGRA~1\ULTIMA~1\UNWISE.EXE C:\PROGRA~1\ULTIMA~1\INSTALL.LOG
UltimateBuddy-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E8FC047-6855-4C53-87E8-845ECDE72B77}\setup.exe" -l0x9 -removeonly
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
V5386 Digital Camera Driver-->C:\PROGRA~1\V5386D~1\UNWISE.EXE C:\PROGRA~1\V5386D~1\INSTALL.LOG
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Vocabulary Puzzles-->C:\WINDOWS\unvise32.exe C:\Program Files\sz8058\uninstal.log
WavePad Uninstall-->C:\Program Files\NCH Swift Sound\WavePad\uninst.exe
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======Security center information======

AV: avast! antivirus 4.8.1229 [VPS 081218-0]

System event log

Computer Name: FAMILY
Event Code: 4199
Message: The system detected an address conflict for IP address 192.168.1.46 with the system
having network hardware address 00:14:6C:02:DB:87. Network operations on this system may
be disrupted as a result.

Record Number: 12465
Source Name: Tcpip
Time Written: 20080805201741.000000-300
Event Type: error
User:

Computer Name: FAMILY
Event Code: 26
Message: Application popup: Windows - System Error : There is an IP address conflict with another system on the network

Record Number: 12464
Source Name: Application Popup
Time Written: 20080805201736.000000-300
Event Type: information
User:

Computer Name: FAMILY
Event Code: 4199
Message: The system detected an address conflict for IP address 192.168.1.46 with the system
having network hardware address 00:14:6C:02:DB:87. Network operations on this system may
be disrupted as a result.

Record Number: 12463
Source Name: Tcpip
Time Written: 20080805201736.000000-300
Event Type: error
User:

Computer Name: FAMILY
Event Code: 4201
Message: The system detected that network adapter \DEVICE\TCPIP_{917C3484-992D-456E-AE98-CE377445B456} was connected to the network,
and has initiated normal operation over the network adapter.

Record Number: 12462
Source Name: Tcpip
Time Written: 20080805201730.000000-300
Event Type: information
User:

Computer Name: FAMILY
Event Code: 33
Message: Intel(R) PRO/1000 MT Network Connection
Link has been established: 100Mbps full duplex.

Record Number: 12461
Source Name: E1000
Time Written: 20080805201730.000000-300
Event Type: information
User:

Application event log

Computer Name: FAMILY
Event Code: 700
Message: MsnMsgr (1320) Online defragmentation is beginning a full pass on database '\\.\C:\Documents and Settings\Haylee\Local Settings\Application Data\Microsoft\Messenger\lukeb5301@hotmail.com\SharingMetadata\Working\database_4044_B858_44B8_5300\dfsr.db'.

Record Number: 12897
Source Name: ESENT
Time Written: 20081028060024.000000-360
Event Type: information
User:

Computer Name: FAMILY
Event Code: 701
Message: MsnMsgr (1320) Online defragmentation has completed a full pass on database '\\.\C:\Documents and Settings\Haylee\Local Settings\Application Data\Microsoft\Messenger\lukeb5301@hotmail.com\SharingMetadata\Working\database_4044_B858_44B8_5300\dfsr.db'.

Record Number: 12896
Source Name: ESENT
Time Written: 20081028050024.000000-360
Event Type: information
User:

Computer Name: FAMILY
Event Code: 700
Message: MsnMsgr (1320) Online defragmentation is beginning a full pass on database '\\.\C:\Documents and Settings\Haylee\Local Settings\Application Data\Microsoft\Messenger\lukeb5301@hotmail.com\SharingMetadata\Working\database_4044_B858_44B8_5300\dfsr.db'.

Record Number: 12895
Source Name: ESENT
Time Written: 20081028050024.000000-360
Event Type: information
User:

Computer Name: FAMILY
Event Code: 701
Message: MsnMsgr (1320) Online defragmentation has completed a full pass on database '\\.\C:\Documents and Settings\Haylee\Local Settings\Application Data\Microsoft\Messenger\lukeb5301@hotmail.com\SharingMetadata\Working\database_4044_B858_44B8_5300\dfsr.db'.

Record Number: 12894
Source Name: ESENT
Time Written: 20081028040024.000000-360
Event Type: information
User:

Computer Name: FAMILY
Event Code: 700
Message: MsnMsgr (1320) Online defragmentation is beginning a full pass on database '\\.\C:\Documents and Settings\Haylee\Local Settings\Application Data\Microsoft\Messenger\lukeb5301@hotmail.com\SharingMetadata\Working\database_4044_B858_44B8_5300\dfsr.db'.

Record Number: 12893
Source Name: ESENT
Time Written: 20081028040024.000000-360
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=1
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_LEVEL"=15
"PROCESSOR_REVISION"=0209
"TEMP"=C:\TEMP
"TMP"=C:\TEMP
"windir"=%SystemRoot%

-----------------EOF-----------------


Logfile of random's system information tool 1.05 (written by random/random)
Run by Haylee at 2008-12-18 15:43:28
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 9 GB (25%) free of 38 GB
Total RAM: 511 MB (25% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:43:45 PM, on 12/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Haylee\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Haylee.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://centurytel.myway.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {ff6f1fdb-0f89-45e3-b434-bb221d669fa3} - C:\WINDOWS\system32\hehujoji.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [duhabozoke] Rundll32.exe "C:\WINDOWS\system32\bibafedo.dll",s
O4 - HKLM\..\Run: [44b853af] rundll32.exe "C:\WINDOWS\system32\nojoredu.dll",b
O4 - HKLM\..\Run: [CPM478b6033] Rundll32.exe "c:\windows\system32\poliwape.dll",a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [duhabozoke] Rundll32.exe "C:\WINDOWS\system32\bibafedo.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [duhabozoke] Rundll32.exe "C:\WINDOWS\system32\bibafedo.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{917C3484-992D-456E-AE98-CE377445B456}: NameServer = 192.168.5.1,192.168.5.2
O20 - AppInit_DLLs: C:\WINDOWS\system32\yozuzejo.dll c:\windows\system32\poliwape.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\poliwape.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\poliwape.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe

--
End of file - 7703 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll [2007-09-28 521528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ff6f1fdb-0f89-45e3-b434-bb221d669fa3}]
C:\WINDOWS\system32\hehujoji.dll [2008-09-17 66191]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe [2006-05-10 90112]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [2007-09-25 132496]
"duhabozoke"=C:\WINDOWS\system32\bibafedo.dll [2008-09-17 66191]
"44b853af"=C:\WINDOWS\system32\nojoredu.dll [2008-12-18 85159]
"CPM478b6033"=c:\windows\system32\poliwape.dll [2008-12-18 97355]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2006-02-28 15360]
"msnmsgr"=C:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe [2008-03-11 3551456]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPM478b6033]
c:\windows\system32\vojateda.dll [2008-12-17 95288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DSS]
C:\WINDOWS\BBSTORE\DSS\DSSAGENT.EXE [2000-02-13 546304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\duhabozoke]
C:\WINDOWS\system32\bibafedo.dll [2008-09-17 66191]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-02-28 1828136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe [2008-02-01 8699904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-02-18 2221352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2008-04-28 570664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\prunnet]
C:\WINDOWS\system32\prunnet.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2006-12-26 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2005-01-12 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UltimateBuddy]
C:\Program Files\UltimateBuddy\UltimateBuddy.exe [2007-10-04 1029352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2008-08-03 36352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\READER~1.0\Reader\READER~1.EXE [2006-10-23 40048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
C:\PROGRA~1\Adobe\READER~1.0\Reader\ADOBEC~1.EXE [2006-10-23 734872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Creating Keepsakes Scrapbook Designer Event Reminder.lnk]
C:\PROGRA~1\SCRAPB~1\SCRAPR~1.EXE [2004-03-05 339968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Haylee^Start Menu^Programs^Startup^OpenOffice.org 2.0.lnk]
C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Haylee^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
C:\PROGRA~1\OPENOF~1.3\program\QUICKS~1.EXE [2007-08-17 393216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINDOWS\system32\yozuzejo.dll c:\windows\system32\poliwape.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-09-29 122880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\poliwape.dll [2008-12-18 97355]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\poliwape.dll [2008-12-18 97355]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\WINDOWS\system32\yozuzejo.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\Program Files\MySpace\IM\MySpaceIM.exe"="C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpace Instant Messenger"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Documents and Settings\Haylee\Desktop\utorrent.exe"="C:\Documents and Settings\Haylee\Desktop\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\TVersity\Media Server\MediaServer.exe"="C:\Program Files\TVersity\Media Server\MediaServer.exe:*:Enabled:TVersity Media Server"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"="C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe:*:Enabled:aswUpdSv"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a439b8b0-feb1-11dc-a280-0007e92636a1}]
shell\AutoRun\command - D:\Photokinz.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b30bb2c8-9a37-11dd-a29b-0007e92636a1}]
shell\AutoRun\command - D:\wd_windows_tools\WDSetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b5567891-685a-11db-8d69-806d6172696f}]
shell\AutoRun\command - R:\autorun.exe


======List of files/folders created in the last 1 months======

2008-12-18 15:43:28 ----D---- C:\rsit
2008-12-18 15:40:02 ----SH---- C:\WINDOWS\system32\uderojon.ini
2008-12-18 03:39:50 ----SH---- C:\WINDOWS\system32\udujihuj.ini
2008-12-17 21:37:52 ----D---- C:\Program Files\Trend Micro
2008-12-17 20:34:59 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-17 19:53:49 ----D---- C:\_OTMoveIt
2008-12-17 15:40:14 ----SH---- C:\WINDOWS\system32\agevojek.ini
2008-12-14 03:13:20 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-12-14 03:13:10 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-12-14 03:13:00 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-12-14 03:12:50 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-12-14 03:12:40 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-12-14 03:12:30 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-12-14 03:12:20 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-12-14 03:12:09 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-12-14 03:11:58 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-12-14 03:11:27 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-12-14 03:10:06 ----HDC---- C:\WINDOWS\$NtUninstallKB925720$
2008-12-14 03:09:38 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2008-12-14 03:08:58 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-12-14 03:08:47 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-12-14 03:08:34 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-12-14 03:08:22 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2008-12-14 03:07:43 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2008-12-14 03:06:54 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-12-14 03:06:44 ----D---- C:\WINDOWS\ie7updates
2008-12-14 03:06:25 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-12-14 03:03:04 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-12-14 03:02:49 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-12-14 03:02:09 ----D---- C:\Program Files\MSXML 4.0
2008-12-14 03:01:50 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-12-14 03:01:10 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2008-11-29 18:22:34 ----D---- C:\WINDOWS\system32\CatRoot_bak

======List of files/folders modified in the last 1 months======

2008-12-18 15:43:33 ----D---- C:\temp
2008-12-18 15:43:00 ----D---- C:\WINDOWS\Prefetch
2008-12-18 15:42:56 ----D---- C:\WINDOWS\system32
2008-12-18 15:40:01 ----ASH---- C:\WINDOWS\system32\nojoredu.dll
2008-12-18 15:40:00 ----ASH---- C:\WINDOWS\system32\poliwape.dll
2008-12-18 15:19:56 ----D---- C:\Documents and Settings\Haylee\Application Data\uTorrent
2008-12-18 03:39:47 ----ASH---- C:\WINDOWS\system32\wopuyajo.dll
2008-12-18 03:39:45 ----N---- C:\WINDOWS\system32\juhijudu.dll
2008-12-17 22:25:25 ----D---- C:\Program Files\Mozilla Firefox
2008-12-17 21:37:52 ----RD---- C:\Program Files
2008-12-17 21:32:33 ----D---- C:\WINDOWS\Debug
2008-12-17 20:52:01 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-17 20:52:01 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-17 20:51:14 ----SHD---- C:\WINDOWS\Installer
2008-12-17 20:51:09 ----D---- C:\Program Files\Common Files\Caere
2008-12-17 20:43:30 ----D---- C:\WINDOWS
2008-12-17 20:39:03 ----SHD---- C:\RECYCLER
2008-12-17 20:35:45 ----D---- C:\Documents and Settings
2008-12-17 20:33:13 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-17 20:33:12 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-17 19:54:05 ----D---- C:\WINDOWS\Temp
2008-12-17 19:51:09 ----SH---- C:\boot.ini
2008-12-17 19:51:09 ----A---- C:\WINDOWS\win.ini
2008-12-17 19:51:09 ----A---- C:\WINDOWS\system.ini
2008-12-17 19:15:34 ----D---- C:\Documents and Settings\Haylee\Application Data\Babylon
2008-12-17 19:10:51 ----D---- C:\Documents and Settings\All Users\Application Data\Babylon
2008-12-17 15:39:56 ----ASH---- C:\WINDOWS\system32\vojateda.dll
2008-12-17 15:39:54 ----ASH---- C:\WINDOWS\system32\mapuguki.dll
2008-12-17 15:39:52 ----ASH---- C:\WINDOWS\system32\kejovega.dll
2008-12-14 03:13:23 ----HD---- C:\WINDOWS\inf
2008-12-14 03:13:22 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-14 03:13:22 ----D---- C:\WINDOWS\system32\drivers
2008-12-14 03:13:18 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-14 03:13:14 ----A---- C:\WINDOWS\imsins.BAK
2008-12-14 03:13:02 ----D---- C:\Program Files\Messenger
2008-12-14 03:11:11 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-12-14 03:06:28 ----D---- C:\WINDOWS\WinSxS
2008-12-14 03:05:41 ----D---- C:\WINDOWS\Registration
2008-12-14 03:05:19 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-04 18:10:52 ----A---- C:\WINDOWS\NeroDigital.ini
2008-11-29 19:06:15 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-28 14:03:53 ----D---- C:\Program Files\PlayersOnly Poker
2008-11-24 15:54:13 ----A---- C:\WINDOWS\avisplitter.INI
2008-11-23 14:44:32 ----D---- C:\Program Files\Amblyopia_iNet
2008-11-20 18:23:45 ----D---- C:\WINDOWS\pss

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2006-02-28 36096]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-09-29 2456064]
R3 E1000;Intel(R) PRO/1000 Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1000325.sys [2004-11-22 176128]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-05-06 580992]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-02-28 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2006-12-13 20992]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 RT73;Belkin USB Network Adapter; C:\WINDOWS\system32\DRIVERS\rt73.sys [2005-08-02 232192]
S3 Ser2pl;Prolific Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2003-07-16 43264]
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2005-10-20 12800]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-09-29 483328]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-02-18 877864]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2006-02-28 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-08-22 520192]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]
S3 TVersityMediaServer;TVersityMediaServer; C:\Program Files\TVersity\Media Server\MediaServer.exe [2008-10-23 827392]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2006-02-28 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------
LukeB5301
Active Member
 
Posts: 14
Joined: December 17th, 2008, 11:34 pm
Advertisement
Register to Remove

Re: Malware Removal Help!

Unread postby Shaba » December 20th, 2008, 5:55 am

Hi LukeB5301

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

BitComet 0.94
LimeWire 4.12.11


I'd like you to read the MRU policy for P2P Programs.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Delete info.txt from c:\rsit folder

Please run a new RSIT scan when finished and post the log back here.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Malware Removal Help!

Unread postby LukeB5301 » December 20th, 2008, 4:42 pm

Removed both Limewire and Bitcomet

Info.txt
info.txt logfile of random's system information tool 1.05 2008-12-20 14:41:24

======Uninstall list======

-->C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
-->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D7C06F60-C1A0-4D8C-85BA-15A18B93AA13}\setup.exe" -l0x9 -uninst -f"C:\Program Files\Scholastic's Clifford\Clifford Musical Memory Games\Uninst.isu" -c"C:\Program Files\Scholastic's Clifford\Clifford Musical Memory Games\_UnInstall.dll"
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2Moons-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1BD67531-A957-4592-9743-A2761BB4AC28}\setup.exe" -l0x9 -removeonly
Ad-Aware SE Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Acrobat 4.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.dll"
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
Advertisement Service-->C:\WINDOWS\system32\prunnet.exe Uninstall
ArcSoft PhotoStudio 2000-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ArcSoft\PhotoStudio 2000\Uninst.isu"
Arthur's 1st Grade-->C:\Program Files\The Learning Company\Arthur's 1st Grade\uninstall.exe
Arthur's Math Games-->C:\Program Files\Creative Wonders\Arthur's Math Games\uninstal.exe
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->MsiExec.exe /I{22C97984-6A68-4140-872E-B2F5123A7387}
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Babylon-->C:\Program Files\Babylon\Babylon-Pro\Utils\uninstbb.exe
Barbie(TM) as Rapunzel-->C:\Program Files\Common Files\Knowledge Adventure\Uninstall\RapunzelUn.exe
Barbie(TM) Fashion Show(TM) CD-ROM-->C:\Program Files\Common Files\Vivendi Universal Games\Uninstall\FashionUn.exe
Barbie(TM) of Swan Lake-->C:\Program Files\Common Files\Vivendi Universal Games\Uninstall\SwanLakeUn.exe
Bodog Poker Version 2.13.1.13-->"C:\Program Files\Bodog Poker\unins000.exe"
Canon S200-->C:\WINDOWS\system32\CNMCP3W.EXE -@C:\WINDOWS\IsUninst.exe -f"C:\BJPrinter\CNMWINDOWS\Canon S200 Installer\Inst\DeIsL1.isu" -pCanon S200-c"C:\BJPrinter\CNMWINDOWS\Canon S200 Installer\Inst\bjinst.dll
Canon ScanGear Toolbox CS 2.2-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\ScanGear Toolbox CS\Uninst.isu" -c"C:\Program Files\Canon\ScanGear Toolbox CS\uninst.dll"
Carrie the Caregiver(TM)-->C:\PROGRA~1\SHOCKW~1.COM\CARRIE~1\UNWISE.EXE C:\PROGRA~1\SHOCKW~1.COM\CARRIE~1\INSTALL.LOG
Clifford Musical Memory Games-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D7C06F60-C1A0-4D8C-85BA-15A18B93AA13}\setup.exe" -l0x9
Clifford Reading-->C:\WINDOWS\system32\Clifford Uninstall.exe C:\Program Files\Scholastic's Clifford\Clifford Reading\
Creating Keepsakes Scrapbook Designer-->MsiExec.exe /I{7E370E0D-004C-4DC8-9986-A43F8C79404E}
Creative Memories StoryBook Creator 2.0-->MsiExec.exe /I{A3C7B70F-E60A-4429-B0EF-D5289EF89C5B}
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter-->C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Dreamship Tales-->C:\WINDOWS\TLCUninstall.exe -f "C:\Program Files\The Learning Company\Dreamship Tales\Uninstall.xml"
DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
Express Burn-->C:\Program Files\NCH Swift Sound\ExpressBurn\uninst.exe
ffdshow [rev 1723] [2007-12-24]-->"C:\Program Files\K-Lite Codec Pack\ffdshow\unins000.exe"
Full Tilt Poker-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}\setup.exe" -l0x9 -removeonly
Hello Kitty Dream Carnival-->MsiExec.exe /I{900B84AB-6A80-49EE-B236-67F211190597}
HelloKitty (remove only)-->"C:\Program Files\ValuSoft\HelloKitty\uninstall.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB909394)-->"C:\WINDOWS\$NtUninstallKB909394$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Intel(R) PRO Network Connections Drivers-->Prounstl.exe
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
K-Lite Mega Codec Pack 3.5.7-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Lets Ride Corral Club-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{DB299A0A-69B8-4DD2-BB76-A17CF14CE649}
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft .NET Framework 3.5-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
Microsoft ActiveSync-->MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Web Publishing Wizard 1.52-->RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall
Motorola Driver Installation-->MsiExec.exe /I{3EE117D4-CD47-4985-B507-BEA2DACC43BD}
Motorola Driver Installation-->MsiExec.exe /I{8F4507EF-C5F3-46CE-9718-9D3698821333}
Mozilla Firefox (2.0.0.20)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
My Fantasy Wedding-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3AC8DD1-A754-46D6-A777-6155D627D196}\Setup.exe" -l0x9
MySpaceIM-->C:\Program Files\MySpace\IM\Uninstall.exe
Nancy Drew: The Haunted Carousel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Nancy Drew\The Haunted Carousel\Setup.exe" -l0x9
Nero 8-->MsiExec.exe /X{3C5F1B30-B10B-4579-86DD-D00F662E1033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Netflix Movie Viewer-->MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}
OmniPage Pro 9.0-->C:\Program Files\Caere\OmniPagePro90\uninstall.exe -f"C:\Program Files\Caere\OmniPagePro90\DeIsL1.isu"
OpenOffice.org 2.3-->MsiExec.exe /I{2F29D6D2-824E-4FEF-8AED-7013F39F642A}
Operation-->C:\WINDOWS\uninst.exe -fc:\PROGRA~1\DeIsL1.isu
Pet Vet (remove only)-->C:\Program Files\Pet Vet\Uninstall.exe
PL-2303 USB-to-Serial-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\Setup.exe" -l0x9 Installed
PlayersOnly Poker-->C:\Program Files\PlayersOnly Poker\uninstall.exe
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
Reader Rabbit Learn To Read With Phonics-->C:\WINDOWS\TLCUninstall.exe -f "C:\Program Files\The Learning Company\Reader Rabbit Learn To Read With Phonics\Uninstall.xml"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918899)-->"C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920214)-->"C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925486)-->"C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Shockwave-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
TaxACT 2007-->C:\PROGRA~1\2NDSTO~1\TAXACT~1\Unta07.exe C:\PROGRA~1\2NDSTO~1\TAXACT~1\Install.log
TaxACT Wisconsin 2007-->C:\PROGRA~1\2NDSTO~1\TAXACT~1\Unst07.exe C:\PROGRA~1\2NDSTO~1\TAXACT~1\WI.log
Time, Money and Fractions-->C:\WINDOWS\unvise32.exe C:\Program Files\sz8057\uninstal.log
TVersity Codec Pack 1.2-->C:\Program Files\TVersity Codec Pack\uninst.exe
TVersity Media Server 1.0.0.7 RC4-->C:\Program Files\TVersity\Media Server\uninst.exe
UltimateBet-->C:\PROGRA~1\ULTIMA~1\UNWISE.EXE C:\PROGRA~1\ULTIMA~1\INSTALL.LOG
UltimateBuddy-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E8FC047-6855-4C53-87E8-845ECDE72B77}\setup.exe" -l0x9 -removeonly
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
V5386 Digital Camera Driver-->C:\PROGRA~1\V5386D~1\UNWISE.EXE C:\PROGRA~1\V5386D~1\INSTALL.LOG
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Vocabulary Puzzles-->C:\WINDOWS\unvise32.exe C:\Program Files\sz8058\uninstal.log
WavePad Uninstall-->C:\Program Files\NCH Swift Sound\WavePad\uninst.exe
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======Security center information======

AV: avast! antivirus 4.8.1229 [VPS 081220-0]

System event log

Computer Name: FAMILY
Event Code: 8033
Message: The browser has forced an election on network \Device\NetBT_Tcpip_{917C3484-992D-456E-AE98-CE377445B456} because a master browser was stopped.

Record Number: 12546
Source Name: BROWSER
Time Written: 20080805212311.000000-300
Event Type: information
User:

Computer Name: FAMILY
Event Code: 4202
Message: The system detected that network adapter \DEVICE\TCPIP_{917C3484-992D-456E-AE98-CE377445B456} was disconnected from the network,
and the adapter's network configuration has been released. If the network
adapter was not disconnected, this may indicate that it has malfunctioned.
Please contact your vendor for updated drivers.

Record Number: 12545
Source Name: Tcpip
Time Written: 20080805212311.000000-300
Event Type: information
User:

Computer Name: FAMILY
Event Code: 27
Message: Intel(R) PRO/1000 MT Network Connection
Link has been disconnected.

Record Number: 12544
Source Name: E1000
Time Written: 20080805212302.000000-300
Event Type: warning
User:

Computer Name: FAMILY
Event Code: 7036
Message: The HTTP SSL service entered the running state.

Record Number: 12543
Source Name: Service Control Manager
Time Written: 20080805211809.000000-300
Event Type: information
User:

Computer Name: FAMILY
Event Code: 7035
Message: The HTTP SSL service was successfully sent a start control.

Record Number: 12542
Source Name: Service Control Manager
Time Written: 20080805211809.000000-300
Event Type: information
User: NT AUTHORITY\LOCAL SERVICE

Application event log

Computer Name: FAMILY
Event Code: 701
Message: MsnMsgr (1340) Online defragmentation has completed a full pass on database '\\.\C:\Documents and Settings\Haylee\Local Settings\Application Data\Microsoft\Messenger\lukeb5301@hotmail.com\SharingMetadata\Working\database_4044_B858_44B8_5300\dfsr.db'.

Record Number: 13038
Source Name: ESENT
Time Written: 20081103030002.000000-360
Event Type: information
User:

Computer Name: FAMILY
Event Code: 700
Message: MsnMsgr (1340) Online defragmentation is beginning a full pass on database '\\.\C:\Documents and Settings\Haylee\Local Settings\Application Data\Microsoft\Messenger\lukeb5301@hotmail.com\SharingMetadata\Working\database_4044_B858_44B8_5300\dfsr.db'.

Record Number: 13037
Source Name: ESENT
Time Written: 20081103030002.000000-360
Event Type: information
User:

Computer Name: FAMILY
Event Code: 701
Message: MsnMsgr (1340) Online defragmentation has completed a full pass on database '\\.\C:\Documents and Settings\Haylee\Local Settings\Application Data\Microsoft\Messenger\lukeb5301@hotmail.com\SharingMetadata\Working\database_4044_B858_44B8_5300\dfsr.db'.

Record Number: 13036
Source Name: ESENT
Time Written: 20081103020002.000000-360
Event Type: information
User:

Computer Name: FAMILY
Event Code: 700
Message: MsnMsgr (1340) Online defragmentation is beginning a full pass on database '\\.\C:\Documents and Settings\Haylee\Local Settings\Application Data\Microsoft\Messenger\lukeb5301@hotmail.com\SharingMetadata\Working\database_4044_B858_44B8_5300\dfsr.db'.

Record Number: 13035
Source Name: ESENT
Time Written: 20081103020002.000000-360
Event Type: information
User:

Computer Name: FAMILY
Event Code: 701
Message: MsnMsgr (1340) Online defragmentation has completed a full pass on database '\\.\C:\Documents and Settings\Haylee\Local Settings\Application Data\Microsoft\Messenger\lukeb5301@hotmail.com\SharingMetadata\Working\database_4044_B858_44B8_5300\dfsr.db'.

Record Number: 13034
Source Name: ESENT
Time Written: 20081103010002.000000-360
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=1
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_LEVEL"=15
"PROCESSOR_REVISION"=0209
"TEMP"=C:\TEMP
"TMP"=C:\TEMP
"windir"=%SystemRoot%

-----------------EOF-----------------


Log.txt

Logfile of random's system information tool 1.05 (written by random/random)
Run by Haylee at 2008-12-20 14:40:40
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 9 GB (25%) free of 38 GB
Total RAM: 511 MB (15% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:41:00 PM, on 12/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Documents and Settings\Haylee\Desktop\RSIT.exe
C:\TEMP\jre-6u11-windows-i586-p-iftw_196cf524.exe
C:\Program Files\Trend Micro\HijackThis\Haylee.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://centurytel.myway.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {ff6f1fdb-0f89-45e3-b434-bb221d669fa3} - C:\WINDOWS\system32\hehujoji.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [duhabozoke] Rundll32.exe "C:\WINDOWS\system32\bibafedo.dll",s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [44b853af] rundll32.exe "C:\WINDOWS\system32\rayawubu.dll",b
O4 - HKLM\..\Run: [CPM478b6033] Rundll32.exe "c:\windows\system32\kiganido.dll",a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [duhabozoke] Rundll32.exe "C:\WINDOWS\system32\bibafedo.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [duhabozoke] Rundll32.exe "C:\WINDOWS\system32\bibafedo.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{917C3484-992D-456E-AE98-CE377445B456}: NameServer = 192.168.5.1,192.168.5.2
O20 - AppInit_DLLs: C:\WINDOWS\system32\yozuzejo.dll c:\windows\system32\kiganido.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\kiganido.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\kiganido.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe

--
End of file - 7331 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ff6f1fdb-0f89-45e3-b434-bb221d669fa3}]
C:\WINDOWS\system32\hehujoji.dll [2008-09-17 66191]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe [2006-05-10 90112]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [2007-09-25 132496]
"duhabozoke"=C:\WINDOWS\system32\bibafedo.dll [2008-09-17 66191]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-12-26 98304]
"44b853af"=C:\WINDOWS\system32\rayawubu.dll [2008-12-20 87341]
"CPM478b6033"=c:\windows\system32\kiganido.dll [2008-12-20 97995]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2006-02-28 15360]
"msnmsgr"=C:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe [2008-03-11 3551456]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPM478b6033]
c:\windows\system32\vojateda.dll [2008-12-17 95288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DSS]
C:\WINDOWS\BBSTORE\DSS\DSSAGENT.EXE [2000-02-13 546304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\duhabozoke]
C:\WINDOWS\system32\bibafedo.dll [2008-09-17 66191]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-02-28 1828136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe [2008-02-01 8699904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-02-18 2221352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2008-04-28 570664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\prunnet]
C:\WINDOWS\system32\prunnet.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2006-12-26 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2005-01-12 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UltimateBuddy]
C:\Program Files\UltimateBuddy\UltimateBuddy.exe [2007-10-04 1029352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2008-08-03 36352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\READER~1.0\Reader\READER~1.EXE [2006-10-23 40048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
C:\PROGRA~1\Adobe\READER~1.0\Reader\ADOBEC~1.EXE [2006-10-23 734872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Creating Keepsakes Scrapbook Designer Event Reminder.lnk]
C:\PROGRA~1\SCRAPB~1\SCRAPR~1.EXE [2004-03-05 339968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Haylee^Start Menu^Programs^Startup^OpenOffice.org 2.0.lnk]
C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Haylee^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
C:\PROGRA~1\OPENOF~1.3\program\QUICKS~1.EXE [2007-08-17 393216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINDOWS\system32\yozuzejo.dll c:\windows\system32\kiganido.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-09-29 122880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\kiganido.dll [2008-12-20 97995]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\kiganido.dll [2008-12-20 97995]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\WINDOWS\system32\yozuzejo.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\Program Files\MySpace\IM\MySpaceIM.exe"="C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpace Instant Messenger"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Documents and Settings\Haylee\Desktop\utorrent.exe"="C:\Documents and Settings\Haylee\Desktop\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\TVersity\Media Server\MediaServer.exe"="C:\Program Files\TVersity\Media Server\MediaServer.exe:*:Enabled:TVersity Media Server"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"="C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe:*:Enabled:aswUpdSv"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a439b8b0-feb1-11dc-a280-0007e92636a1}]
shell\AutoRun\command - D:\Photokinz.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b30bb2c8-9a37-11dd-a29b-0007e92636a1}]
shell\AutoRun\command - D:\wd_windows_tools\WDSetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b5567891-685a-11db-8d69-806d6172696f}]
shell\AutoRun\command - R:\autorun.exe


======List of files/folders created in the last 1 months======

2008-12-20 03:40:50 ----SH---- C:\WINDOWS\system32\ubuwayar.ini
2008-12-19 15:40:32 ----SH---- C:\WINDOWS\system32\apobaroz.ini
2008-12-19 03:40:19 ----SH---- C:\WINDOWS\system32\ihohoyok.ini
2008-12-18 15:43:28 ----D---- C:\rsit
2008-12-18 15:40:02 ----SH---- C:\WINDOWS\system32\uderojon.ini
2008-12-18 03:39:50 ----SH---- C:\WINDOWS\system32\udujihuj.ini
2008-12-17 21:37:52 ----D---- C:\Program Files\Trend Micro
2008-12-17 20:34:59 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-17 19:53:49 ----D---- C:\_OTMoveIt
2008-12-17 15:40:14 ----SH---- C:\WINDOWS\system32\agevojek.ini
2008-12-14 03:13:20 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-12-14 03:13:10 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-12-14 03:13:00 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-12-14 03:12:50 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-12-14 03:12:40 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-12-14 03:12:30 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-12-14 03:12:20 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-12-14 03:12:09 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-12-14 03:11:58 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-12-14 03:11:27 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-12-14 03:10:06 ----HDC---- C:\WINDOWS\$NtUninstallKB925720$
2008-12-14 03:09:38 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2008-12-14 03:08:58 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-12-14 03:08:47 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-12-14 03:08:34 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-12-14 03:08:22 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2008-12-14 03:07:43 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2008-12-14 03:06:54 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-12-14 03:06:44 ----D---- C:\WINDOWS\ie7updates
2008-12-14 03:06:25 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-12-14 03:03:04 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-12-14 03:02:49 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-12-14 03:02:09 ----D---- C:\Program Files\MSXML 4.0
2008-12-14 03:01:50 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-12-14 03:01:10 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2008-11-29 18:22:34 ----D---- C:\WINDOWS\system32\CatRoot_bak

======List of files/folders modified in the last 1 months======

2008-12-20 14:40:48 ----D---- C:\temp
2008-12-20 14:40:34 ----D---- C:\WINDOWS\Prefetch
2008-12-20 14:40:03 ----RD---- C:\Program Files
2008-12-20 14:37:35 ----D---- C:\Program Files\Mozilla Firefox
2008-12-20 14:35:34 ----D---- C:\WINDOWS
2008-12-20 14:33:30 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-20 14:22:06 ----D---- C:\WINDOWS\system32
2008-12-20 14:22:06 ----D---- C:\Program Files\BitComet
2008-12-20 03:40:45 ----ASH---- C:\WINDOWS\system32\rayawubu.dll
2008-12-20 03:40:45 ----ASH---- C:\WINDOWS\system32\kiganido.dll
2008-12-19 15:40:30 ----N---- C:\WINDOWS\system32\zorabopa.dll
2008-12-19 15:40:30 ----ASH---- C:\WINDOWS\system32\nageyefu.dll
2008-12-19 03:40:15 ----N---- C:\WINDOWS\system32\koyohohi.dll
2008-12-19 03:40:15 ----ASH---- C:\WINDOWS\system32\jujiyaki.dll
2008-12-18 15:57:21 ----A---- C:\WINDOWS\NeroDigital.ini
2008-12-18 15:40:01 ----N---- C:\WINDOWS\system32\nojoredu.dll
2008-12-18 15:40:00 ----ASH---- C:\WINDOWS\system32\poliwape.dll
2008-12-18 15:19:56 ----D---- C:\Documents and Settings\Haylee\Application Data\uTorrent
2008-12-18 03:39:47 ----ASH---- C:\WINDOWS\system32\wopuyajo.dll
2008-12-18 03:39:45 ----N---- C:\WINDOWS\system32\juhijudu.dll
2008-12-17 21:32:33 ----D---- C:\WINDOWS\Debug
2008-12-17 20:52:01 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-17 20:52:01 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-17 20:51:14 ----SHD---- C:\WINDOWS\Installer
2008-12-17 20:51:09 ----D---- C:\Program Files\Common Files\Caere
2008-12-17 20:39:03 ----SHD---- C:\RECYCLER
2008-12-17 20:35:45 ----D---- C:\Documents and Settings
2008-12-17 20:33:12 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-17 19:54:05 ----D---- C:\WINDOWS\Temp
2008-12-17 19:51:09 ----SH---- C:\boot.ini
2008-12-17 19:51:09 ----A---- C:\WINDOWS\win.ini
2008-12-17 19:51:09 ----A---- C:\WINDOWS\system.ini
2008-12-17 19:15:34 ----D---- C:\Documents and Settings\Haylee\Application Data\Babylon
2008-12-17 19:10:51 ----D---- C:\Documents and Settings\All Users\Application Data\Babylon
2008-12-17 15:39:56 ----ASH---- C:\WINDOWS\system32\vojateda.dll
2008-12-17 15:39:54 ----ASH---- C:\WINDOWS\system32\mapuguki.dll
2008-12-17 15:39:52 ----ASH---- C:\WINDOWS\system32\kejovega.dll
2008-12-14 03:13:23 ----HD---- C:\WINDOWS\inf
2008-12-14 03:13:22 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-14 03:13:22 ----D---- C:\WINDOWS\system32\drivers
2008-12-14 03:13:18 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-14 03:13:14 ----A---- C:\WINDOWS\imsins.BAK
2008-12-14 03:13:02 ----D---- C:\Program Files\Messenger
2008-12-14 03:11:11 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-12-14 03:06:28 ----D---- C:\WINDOWS\WinSxS
2008-12-14 03:05:41 ----D---- C:\WINDOWS\Registration
2008-12-14 03:05:19 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-29 19:06:15 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-28 14:03:53 ----D---- C:\Program Files\PlayersOnly Poker
2008-11-24 15:54:13 ----A---- C:\WINDOWS\avisplitter.INI
2008-11-23 14:44:32 ----D---- C:\Program Files\Amblyopia_iNet

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2006-02-28 36096]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-09-29 2456064]
R3 E1000;Intel(R) PRO/1000 Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1000325.sys [2004-11-22 176128]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-05-06 580992]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-02-28 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2006-12-13 20992]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 RT73;Belkin USB Network Adapter; C:\WINDOWS\system32\DRIVERS\rt73.sys [2005-08-02 232192]
S3 Ser2pl;Prolific Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2003-07-16 43264]
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2005-10-20 12800]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-09-29 483328]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-02-18 877864]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2006-02-28 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-08-22 520192]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]
S3 TVersityMediaServer;TVersityMediaServer; C:\Program Files\TVersity\Media Server\MediaServer.exe [2008-10-23 827392]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2006-02-28 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------
LukeB5301
Active Member
 
Posts: 14
Joined: December 17th, 2008, 11:34 pm

Re: Malware Removal Help!

Unread postby Shaba » December 20th, 2008, 4:55 pm

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Malware Removal Help!

Unread postby LukeB5301 » December 20th, 2008, 5:36 pm

Combofix.txt

ComboFix 08-12-20.01 - Haylee 2008-12-20 15:25:53.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.156 [GMT -6:00]
Running from: c:\documents and settings\Haylee\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\bibafedo.dll
c:\windows\system32\hehujoji.dll
c:\windows\system32\juhijudu.dll
c:\windows\system32\kejovega.dll
c:\windows\system32\mapuguki.dll
c:\windows\system32\vojateda.dll
c:\windows\system32\wopuyajo.dll
c:\windows\system32\yozuzejo.dll

.
((((((((((((((((((((((((( Files Created from 2008-11-20 to 2008-12-20 )))))))))))))))))))))))))))))))
.

2008-12-20 15:32 . 2008-12-20 15:32 16,384 --a----t- c:\temp\Perflib_Perfdata_1c8.dat
2008-12-20 15:31 . 2008-12-20 15:32 <DIR> d-------- c:\temp\_av_proI.tm~a01448
2008-12-20 15:30 . 2008-12-20 15:30 <DIR> d-------- c:\temp\WPDNSE
2008-12-20 15:30 . 2008-12-20 15:30 53,248 --a------ c:\temp\catchme.dll
2008-12-20 15:30 . 2008-12-20 15:30 16,384 --a----t- c:\temp\Perflib_Perfdata_768.dat
2008-12-20 15:30 . 2008-12-20 15:30 16,384 --a----t- c:\temp\Perflib_Perfdata_5ec.dat
2008-12-20 15:00 . 2008-12-20 15:30 <DIR> d-------- c:\temp\plugtmp
2008-12-20 14:49 . 2008-12-20 14:49 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-20 14:37 . 2008-12-20 15:30 <DIR> d-------- c:\temp\flashgot.mv5qfoeg.default
2008-12-20 14:22 . 2008-12-20 15:30 <DIR> d-------- c:\temp\~nsu.tmp
2008-12-20 03:40 . 2008-12-20 03:41 1,604,418 ---hs---- c:\windows\system32\ubuwayar.ini
2008-12-19 19:50 . 2008-12-20 14:51 <DIR> d-------- c:\temp\hsperfdata_Haylee
2008-12-19 15:41 . 2008-12-19 15:41 <DIR> d-------- c:\temp\nro.log
2008-12-19 15:40 . 2008-12-19 20:00 1,604,436 ---hs---- c:\windows\system32\apobaroz.ini
2008-12-19 03:40 . 2008-12-19 03:40 1,604,418 ---hs---- c:\windows\system32\ihohoyok.ini
2008-12-18 15:43 . 2008-12-20 14:41 <DIR> d-------- C:\rsit
2008-12-18 15:40 . 2008-12-18 15:42 1,604,418 ---hs---- c:\windows\system32\uderojon.ini
2008-12-18 03:39 . 2008-12-18 03:39 1,603,835 ---hs---- c:\windows\system32\udujihuj.ini
2008-12-17 21:37 . 2008-12-17 21:37 <DIR> d-------- c:\program files\Trend Micro
2008-12-17 21:32 . 2008-12-20 15:30 <DIR> d-------- c:\temp\WER5d6d.dir00
2008-12-17 21:29 . 2008-12-17 21:29 <DIR> d-------- c:\temp\bc_tmp
2008-12-17 21:29 . 2008-12-17 21:29 <DIR> d-------- c:\temp\bc_cache
2008-12-17 20:35 . 2008-12-17 20:35 <DIR> d-------- c:\documents and settings\Administrator
2008-12-17 20:02 . 2008-12-20 15:30 <DIR> d-------- c:\temp\MessengerCache
2008-12-17 19:53 . 2008-12-17 19:53 <DIR> d-------- C:\_OTMoveIt
2008-12-17 15:40 . 2008-12-17 15:40 1,603,835 ---hs---- c:\windows\system32\agevojek.ini
2008-12-16 17:21 . 2008-12-16 17:21 0 --a------ c:\windows\ativpsrm.bin
2008-12-14 03:02 . 2008-12-14 03:02 <DIR> d-------- c:\program files\MSXML 4.0
2008-11-29 18:22 . 2008-11-29 19:06 <DIR> d-------- c:\windows\system32\CatRoot_bak
2008-11-29 18:15 . 2008-06-13 07:10 272,128 --------- c:\windows\system32\drivers\bthport.sys
2008-11-29 18:15 . 2008-06-13 07:10 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-11-29 18:08 . 2008-08-14 04:00 2,180,352 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-11-29 18:08 . 2008-08-14 03:58 2,136,064 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-11-29 18:08 . 2008-08-14 03:22 2,057,728 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-11-29 18:08 . 2008-08-14 03:22 2,015,744 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-11-20 16:04 . 2008-11-20 16:04 115,016 --a------ c:\windows\system32\MSINET.OCX
2008-11-20 16:04 . 2008-11-20 16:04 29,184 --a------ c:\windows\system32\MSINET.oca
2008-11-20 16:04 . 2008-11-20 16:04 2,407 --a------ c:\windows\system32\MSINET.DEP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-20 20:49 --------- d-----w c:\program files\Java
2008-12-20 20:22 --------- d-----w c:\program files\BitComet
2008-12-18 21:19 --------- d-----w c:\documents and settings\Haylee\Application Data\uTorrent
2008-12-18 02:52 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-18 02:52 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-18 02:51 --------- d-----w c:\program files\Common Files\Caere
2008-12-18 01:15 --------- d-----w c:\documents and settings\Haylee\Application Data\Babylon
2008-12-18 01:10 --------- d-----w c:\documents and settings\All Users\Application Data\Babylon
2008-11-28 20:03 --------- d-----w c:\program files\PlayersOnly Poker
2008-11-23 20:44 --------- d-----w c:\program files\Amblyopia_iNet
2008-11-14 23:53 --------- d-----w c:\program files\Babylon
2008-11-13 00:10 --------- d-----w c:\documents and settings\Haylee\Application Data\Winamp
2008-11-12 22:46 --------- d-----w c:\program files\Winamp
2008-11-11 23:59 --------- d-----w c:\program files\Common Files\Adobe
2008-11-10 22:54 --------- d-----w c:\program files\Microsoft ActiveSync
2008-11-10 22:31 --------- d-----w c:\program files\MSBuild
2008-11-10 22:30 --------- d-----w c:\program files\Reference Assemblies
2008-11-10 22:17 --------- d-----w c:\program files\MSXML 6.0
2008-11-08 01:14 --------- d-----w c:\program files\TVersity Codec Pack
2008-11-08 01:07 --------- d-----w c:\program files\TVersity
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-02-03 17:17 2,496 ----a-w c:\program files\DeIsL1.isu
1998-07-25 04:20 465,920 ----a-w c:\program files\Operation.exe
1998-07-23 00:20 15,360 ----a-w c:\program files\Readme.doc
1998-07-22 22:55 25,740,678 ----a-w c:\program files\OpCache.ief
1998-07-16 23:12 95,232 ----a-w c:\program files\SMACKW32.DLL
1998-07-16 23:12 1,844 ----a-w c:\program files\Operation.txt
2008-12-19 21:34 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-12-19 21:34 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-19 21:34 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-12-19 21:34 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-12-19 21:34 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-02-28 15360]
"msnmsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-20 136600]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-12-26 98304]
"44b853af"="c:\windows\system32\rayawubu.dll" [2008-12-20 87341]
"CPM478b6033"="c:\windows\system32\kiganido.dll" [2008-12-20 97995]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-02-01 8699904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}"= "c:\windows\system32\kiganido.dll" [2008-12-20 97995]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"SSODL"= {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\kiganido.dll [2008-12-20 97995]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Creating Keepsakes Scrapbook Designer Event Reminder.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Creating Keepsakes Scrapbook Designer Event Reminder.lnk
backup=c:\windows\pss\Creating Keepsakes Scrapbook Designer Event Reminder.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Haylee^Start Menu^Programs^Startup^OpenOffice.org 2.0.lnk]
path=c:\documents and settings\Haylee\Start Menu\Programs\Startup\OpenOffice.org 2.0.lnk
backup=c:\windows\pss\OpenOffice.org 2.0.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Haylee^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
path=c:\documents and settings\Haylee\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk
backup=c:\windows\pss\OpenOffice.org 2.3.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]
--a------ 2008-03-11 09:23 3551456 c:\program files\Babylon\Babylon-Pro\Babylon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DSS]
--a------ 2000-02-13 11:38 546304 c:\windows\BBSTORE\DSS\DSSAGENT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-11-13 13:39 1289000 c:\program files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2008-02-28 17:07 1828136 c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 10:24 1694208 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 11:54 5674352 c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
--a------ 2008-02-01 14:32 8699904 c:\program files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2008-02-18 16:29 2221352 c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2008-04-28 16:14 570664 c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-12-26 16:07 98304 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2005-01-12 03:01 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UltimateBuddy]
--a------ 2007-10-04 08:20 1029352 c:\program files\UltimateBuddy\UltimateBuddy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-08-03 17:02 36352 c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Haylee\\Desktop\\utorrent.exe"=
"c:\\Program Files\\TVersity\\Media Server\\MediaServer.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Alwil Software\\Avast4\\aswUpdSv.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8633:TCP"= 8633:TCP:BitComet 8633 TCP
"8633:UDP"= 8633:UDP:BitComet 8633 UDP
"25890:TCP"= 25890:TCP:BitComet 25890 TCP
"25890:UDP"= 25890:UDP:BitComet 25890 UDP
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-07-03 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-07-03 20560]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a439b8b0-feb1-11dc-a280-0007e92636a1}]
\Shell\AutoRun\command - D:\Photokinz.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b30bb2c8-9a37-11dd-a29b-0007e92636a1}]
\Shell\AutoRun\command - d:\wd_windows_tools\WDSetup.exe
.
- - - - ORPHANS REMOVED - - - -

BHO-{ff6f1fdb-0f89-45e3-b434-bb221d669fa3} - c:\windows\system32\hehujoji.dll
MSConfigStartUp-CPM478b6033 - c:\windows\system32\vojateda.dll
MSConfigStartUp-duhabozoke - c:\windows\system32\bibafedo.dll
MSConfigStartUp-prunnet - c:\windows\system32\prunnet.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://centurytel.myway.com
IE: Translate with &Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
TCP: {917C3484-992D-456E-AE98-CE377445B456} = 192.168.5.1,192.168.5.2
FF - ProfilePath - c:\documents and settings\Haylee\Application Data\Mozilla\Firefox\Profiles\mv5qfoeg.default\
FF - prefs.js: browser.startup.homepage - hxxp://centurytel.myway.com
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-20 15:30:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(700)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
c:\windows\system32\rundll32.exe
c:\progra~1\MICROS~2\rapimgr.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
.
**************************************************************************
.
Completion time: 2008-12-20 15:36:16 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-20 21:36:06

Pre-Run: 16,238,682,112 bytes free
Post-Run: 16,216,039,424 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

244 --- E O F --- 2008-12-14 09:13:24
LukeB5301
Active Member
 
Posts: 14
Joined: December 17th, 2008, 11:34 pm

Re: Malware Removal Help!

Unread postby LukeB5301 » December 20th, 2008, 6:43 pm

Sorry forgot the Hijack log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:45:26 PM, on 12/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://centurytel.myway.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [44b853af] rundll32.exe "C:\WINDOWS\system32\rayawubu.dll",b
O4 - HKLM\..\Run: [CPM478b6033] Rundll32.exe "c:\windows\system32\kiganido.dll",a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{917C3484-992D-456E-AE98-CE377445B456}: NameServer = 192.168.5.1,192.168.5.2
O20 - AppInit_DLLs: c:\windows\system32\kiganido.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\kiganido.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\kiganido.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe

--
End of file - 6890 bytes
LukeB5301
Active Member
 
Posts: 14
Joined: December 17th, 2008, 11:34 pm

Re: Malware Removal Help!

Unread postby Shaba » December 21st, 2008, 5:40 am

Open notepad and copy/paste the text in the codebox below into it:

Code: Select all
File::
c:\windows\system32\ubuwayar.ini 
c:\windows\system32\apobaroz.ini
c:\windows\system32\ihohoyok.ini
c:\windows\system32\uderojon.ini
c:\windows\system32\udujihuj.ini
c:\windows\system32\agevojek.ini
c:\windows\system32\rayawubu.dll
c:\windows\system32\kiganido.dll

Folder::
c:\program files\BitComet
c:\documents and settings\Haylee\Application Data\uTorrent
c:\Program Files\uTorrent

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"44b853af"=-
"CPM478b6033"=-

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"SSODL"=-

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\uTorrent.exe"=-

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8633:TCP"=-
"8633:UDP"=-
"25890:TCP"=-
"25890:UDP"=-


Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Malware Removal Help!

Unread postby LukeB5301 » December 21st, 2008, 4:02 pm

ComboFix Log:

ComboFix 08-12-20.01 - Haylee 2008-12-21 13:51:00.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.110 [GMT -6:00]
Running from: c:\documents and settings\Haylee\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Haylee\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\windows\system32\agevojek.ini
c:\windows\system32\apobaroz.ini
c:\windows\system32\ihohoyok.ini
c:\windows\system32\kiganido.dll
c:\windows\system32\rayawubu.dll
c:\windows\system32\ubuwayar.ini
c:\windows\system32\uderojon.ini
c:\windows\system32\udujihuj.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Haylee\Application Data\uTorrent
c:\documents and settings\Haylee\Application Data\uTorrent\1200_Plugins_for_Photoshop_CS3.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\24-Redemption.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\27 Dresses[2008]DvDrip[Eng]-FXG.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\3 10 to Yuma[2007]DvDrip[Eng]-FXG.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\50 Cent- Get Up_www.newhiphoprbrapmusic.blogspot.com.mp3.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\50 Cent Full Discography.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\88.Minutes[2007]DvDrip[Eng]-aXXo.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\A Complete History Of My Sexual Failures KLAXXON.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\AC-DC - Black Ice [2008][CD+SkidVid_XviD+Cov]320Kbps.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\adobe photoshop cs3 books.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\Adobe.Photoshop.Elements.v7.0.BiLiNGUAL-TIw.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\Akon-Freedom-2008-[NoFS].torrent
c:\documents and settings\Haylee\Application Data\uTorrent\American Gangster[2007][Unrated Edition]DvDrip[Eng]-FXG.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\Andrea Bocelli - Incanto 2008 Reource RG Music.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\ATHF.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\Avenged Sevenfold Discography - MP3@320.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\Babylon 7 Pro MultiLanguage Instant Translator 75 Lang..torrent
c:\documents and settings\Haylee\Application Data\uTorrent\Babylon.A.D.[2008]DvDrip-aXXo.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\Babysitters.XViD-PORNOLATiON.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\Bam.Margera.Presents.Where.The..Is.Santa.2008.STV.DVDRip.PROPER.XviD-iFN.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\Bangkok.Dangerous[2008]DvDrip-aXXo.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\Barbie.And.The.Diamond.Castle.2008.DVDRiP.XViD.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\Batman-Gotham.Knight[2008]DvDrip-aXXo.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\Beer For My Horses 2008 DVDRip H264 AAC-SecretMyth (Kingdom-Release).torrent
c:\documents and settings\Haylee\Application Data\uTorrent\Beyonce - I Am... Sasha Fierce (Deluxe Edition).torrent
c:\documents and settings\Haylee\Application Data\uTorrent\BREAKING BENJAMIN - DISCOGRAPHY [CHANNEL NEO].torrent
c:\documents and settings\Haylee\Application Data\uTorrent\Breaking Benjamin - Phobia.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\Britney.Spears.Circus.2008.Album.Leak.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\Christina Aguilera - Keeps Gettin Better [2008] [192kbps].torrent
c:\documents and settings\Haylee\Application Data\uTorrent\City of God[2002]DvDrip[Port]-FXG.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\Dark Horse.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\David Archuleta 2008 Full Album- 4 Extra Tracks.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\DAVID_BANNER-THE GREATEST STORY EVER TOLD_320KBPS.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\Death.Race.[2008.Eng].DVD.R5.Rip.DivX-LTT.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\Deception[2008]DvDrip-aXXo.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\Definitely,Maybe[2008]DvDrip-aXXo.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\dht.dat
c:\documents and settings\Haylee\Application Data\uTorrent\dht.dat.old
c:\documents and settings\Haylee\Application Data\uTorrent\Dido - Safe Trip Home [2008] [128kpbs].torrent
c:\documents and settings\Haylee\Application Data\uTorrent\DJ_31_Degreez_&_50_Cent_-_50_Is_President-2008-MIXFIEND.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\Dr. Dre Discography.(4 Albums).moXXon.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\Eagle Eye 2008 cam XviD-KingBen (Kingdom-Release).torrent
c:\documents and settings\Haylee\Application Data\uTorrent\Eagle.Eye[2008]DvDrip-aXXo.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\Elvis Presley - Christmas Duets (2008) NLT-Release.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\Eminem - Having A Relapse (Prod. Eminem).torrent
c:\documents and settings\Haylee\Application Data\uTorrent\Eminem Complete Discography [100% ACCURATE].torrent
c:\documents and settings\Haylee\Application Data\uTorrent\Family.Guy.S06E10.PDTV.XviD-XOR.avi.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\Family.Guy.S06E11.PDTV.XviD-XOR.avi.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\Family.Guy.S06E12.PROPER.PDTV.XviD-E7.avi.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\Family.Guy.S07E01.REPACK.PDTV.XviD-ETACH.avi.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\Family.Guy.S07E02.READNFO.PDTV.XviD-SYS.avi.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\Family.Guy.S07E03.PDTV.XviD-LOL.avi.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\Family.Guy.S07E04.PDTV.XviD-2HD.avi.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\Family.Guy.S07E05.PDTV.XviD-LOL.avi.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\Family.Guy.S07E06.PROPER.REPACK.PDTV.XviD-XOR.avi.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\Fred.Claus[2007]DvDrip-aXXo.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\FTV Girls - Jenna Presley - Orgasm & Squirt.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\Ghost.Town[2008]DvDrip-aXXo.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\Guns.N.Roses-Chinese.Democracy.320kpbs-ViSUAL.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\Hancock[2008]DvDrip-aXXo.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\Harold & Kumar Go To White Castle [Extreme Unrated].torrent
c:\documents and settings\Haylee\Application Data\uTorrent\Harold.and.Kumar.Escape.from.Guantanamo.Bay.UNRATED.DVDRip.XviD-DiAMOND.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\Hellboy.2-The.Golden.Army[2008]DvDrip-aXXo.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\High School Musical 3 [2008] [192kbps].torrent
c:\documents and settings\Haylee\Application Data\uTorrent\HSM 3.1.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\HSM 3.2.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\HSM 3.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\Iron.Man[2008]DvDrip-aXXo.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\Jeff.Dunham's.Very.Special.Christmas.Special[2008]DvDrip-aXXo.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\Jeff.Dunhams.Very.Special.Christmas.Special.2008.DVDRip.XviD-DOMiNO.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\Jumper[2008]DvDrip.AC3-aXXo.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\Juno[2007]DvDrip[Eng]-aXXo.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\Justin.Timberlake.-.Mr.Timberlake.(2008).R&B.WwW.Mixermusic.net.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\Kanye_West-808s_And_Heartbreaks-2008-H3X.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\Kemper.2008.DVDRip.XviD-VoMiT.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\Leatherheads[2008]DvDrip-aXXo.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\Loaded[2008]DvDrip-aXXo.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\Los Extraterrestres.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\Mamma Mia![2008]DvDrip[Eng]-FXG.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\Metallica - Death Magnetic [2008][CD+SkidVid_XviD+Cov].torrent
c:\documents and settings\Haylee\Application Data\uTorrent\Miley Cyrus - Breakout [2008][CD+SkidVid_XviD+Cov]320Kbps.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\Mirrors[2008]DvDrip[Eng]-FXG.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\Mudvayne-The New Game 2008.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\Nautica Thorn - Mixed Asian Latina Honey.mpg.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\No Country for Old Men[2007]DvDrip[Eng]-FXG.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\Passengers[2008]DvDrip-aXXo.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\Pink - Funhouse.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\Playboy.Playmate.Calendar.2009.pdf.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\Prom Night KLAXXON.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\Puffball[2007]DvDrip-aXXo.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\Raising.Jeffrey.Dahmer.2006.DVDRip.XviD-FRAGMENT.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\Redline.2007.DvDRip.Eng-FxM.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\Resident.Evil-Degeneration[2008]DvDrip-aXXo.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\Restraint[2008]DvDrip-aXXo.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\resume.dat
c:\documents and settings\Haylee\Application Data\uTorrent\resume.dat.1.bad
c:\documents and settings\Haylee\Application Data\uTorrent\resume.dat.old
c:\documents and settings\Haylee\Application Data\uTorrent\Rosetta Stone Spanish Latin America.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\Rosetta.Stone.V3.English(American).Level.3.iso.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\Rosetta_Stone_Version_3_crack.zip.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\rss.dat
c:\documents and settings\Haylee\Application Data\uTorrent\rss.dat.old
c:\documents and settings\Haylee\Application Data\uTorrent\settings.dat
c:\documents and settings\Haylee\Application Data\uTorrent\settings.dat.old
c:\documents and settings\Haylee\Application Data\uTorrent\Shrek The Third[2007]DvDrip AC3[Eng]-FXG.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\Space.Chimps[2008]DvDrip-aXXo.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\Star.Wars-The.Clone.Wars[2008]DvDrip-aXXo.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\Street.Kings[2008]DvDrip-aXXo.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\Surfer,Dude[2008]DvDrip-aXXo.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\Surveillance.2008.DVDRip.XviD-VoMiT.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\T-Pain-Thr33_Ringz-2008_www.newhiphoprbrapmusic.blogspot.com.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\Taylor Swift - Fearless.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\The Bucket List KLAXXON.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\The Elite Squad[2007]DVDrip[AC-3(5.1)ENG][a UKB-RG Xvid by]- keltz.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\The Eye[2008]DvDrip[Eng]-FXG.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\The Prestige DvDrip[Eng][fast.seed].torrent
c:\documents and settings\Haylee\Application Data\uTorrent\The Rosetta Stone v3 - English (American) - Level 1.iso.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\The Rosetta Stone v3 - English (American) - Level 2.iso.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\The Rosetta Stone Version 3 Application (Mac Win).iso.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\The Santa Clause 3 The Escape Clause KLAXXON.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\The Shawshank Redemption KLAXXON.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\The Strangers[2008][Unrated Edition]DvDrip[Eng]-FXG.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\The.Chronicles.Of.Narnia-Prince.Caspian[2008]DvDrip-aXXo.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\The.Dark.Knight[2008]DvDrip-aXXo.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\The.Happening[2008]DvDrip-aXXo.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\The.House.Bunny[2008]DvDrip-aXXo.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\The.Illusionist[2006]DvDrip[Eng]-aXXo.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\The.Love.Guru[2008]DvDrip-aXXo.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\The.Memory.Keeper's.Daughter[2008]DvDrip-aXXo.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\The.Mutant.Chronicles[2008]DvDrip-aXXo.1.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\The.Mutant.Chronicles[2008]DvDrip-aXXo.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\The.Santa.Clause.3.The.Escape.Clause.YoshiDream.DVDRIP.avi.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\The.Simpsons.S20E04.PDTV.XviD-LOL.avi.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\The.Simpsons.S20E05.PDTV.XviD-LOL.avi.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\The.Simpsons.S20E06.PDTV.XviD-LOL.avi.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\The.Simpsons.S20E07.PDTV.XviD-LOL.avi.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\The.Simpsons.S20E08.The.Burns.and.the.Bees.PDTV.XviD-FQM.avi.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\Time Life Collection Elvis-Presley.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\TOP 125 HipHop RnB 2008-11-08 Billboard - Torrent Tatty Feat RIAA Stars @224.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\Traitor[2008]DvDrip-aXXo.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\Traitor[2008]DvDrip[Eng]-FXG.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\Transsiberian[2008]DvDrip-aXXo.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\Tropic.Thunder[2008]DvDrip-aXXo.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\True Blood.1.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\True Blood.2.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\True Blood.3.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\True Blood.4.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\True Blood.5.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\True Blood.6.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\True Blood.7.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\True Blood.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\True.Blood.S01E01.HDTV.XviD-0TV.avi.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\True.Blood.S01E02.HDTV.XviD-0TV.avi.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\True.Blood.S01E03.HDTV.XviD-0TV.avi.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\True.Blood.S01E04.HDTV.XviD-NoTV.avi.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\True.Blood.S01E05.HDTV.XviD-0TV.avi.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\True.Blood.S01E06.HDTV.XviD-2HD.avi.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\True.Blood.S01E07.HDTV.XviD-0TV.avi.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\True.Blood.S01E08.HDTV.XviD-0TV.avi.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\True.Blood.S01E09.HDTV.XviD-0TV.avi.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\True.Blood.S01E10.REPACK.HDTV.XviD-0TV.avi.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\True.Blood.S01E11.HDTV.XviD-0TV.avi.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\True.Blood.S01E12.Season.Finale.HDTV.XviD-0TV.avi.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\Ultimate boot DVD Windows XP Pro-Home Editions SP3 Retail-Corporate X86 (8 in 1).torrent
c:\documents and settings\Haylee\Application Data\uTorrent\Untraceable[2008]DvDrip[Eng]-FXG.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\Wall-E[2008]DvDrip-aXXo.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\Windows XP Home SP2 [OEM Edition].torrent
c:\documents and settings\Haylee\Application Data\uTorrent\Wisin.Y.Yandel.Present.-.La.Mente.Maestra.(2008).WwW.Mixermusic.net.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\Year Zero.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\Zack.and.Miri.Make.A.Porno.R5.LINE.XViD-BaLD.torrent
c:\documents and settings\Haylee\Application Data\uTorrent\Zombie.Strippers[2008]DvDrip-aXXo.torrent
c:\program files\BitComet
c:\program files\BitComet\BitComet.xml
c:\program files\BitComet\Downloads.xml
c:\program files\BitComet\Favourite.xml
c:\program files\BitComet\rules\dhtnodes.dat
c:\program files\BitComet\tools\BitCometBHO_1.1.9.24.dll
c:\program files\BitComet\torrents\NF_Movie_Player_211.msi.xml
c:\program files\BitComet\torrents\SBC2UpdateSetup.exe.xml
c:\program files\BitComet\torrents\StoryBookCreator2.exe.xml
c:\program files\uTorrent
c:\program files\uTorrent\uTorrent.exe
c:\windows\system32\agevojek.ini
c:\windows\system32\apobaroz.ini
c:\windows\system32\ihohoyok.ini
c:\windows\system32\kiganido.dll
c:\windows\system32\rayawubu.dll
c:\windows\system32\ubuwayar.ini
c:\windows\system32\uderojon.ini
c:\windows\system32\udujihuj.ini

.
((((((((((((((((((((((((( Files Created from 2008-11-21 to 2008-12-21 )))))))))))))))))))))))))))))))
.

2008-12-21 13:57 . 2008-12-21 13:57 16,384 --a----t- c:\temp\Perflib_Perfdata_618.dat
2008-12-21 13:56 . 2008-12-21 13:56 <DIR> d-------- c:\temp\WPDNSE
2008-12-21 13:56 . 2008-12-21 13:56 53,248 --a------ c:\temp\catchme.dll
2008-12-21 13:56 . 2008-12-21 13:56 16,384 --a----t- c:\temp\Perflib_Perfdata_7ec.dat
2008-12-21 13:55 . 2008-12-21 13:55 16,384 --a----t- c:\temp\Perflib_Perfdata_5e8.dat
2008-12-21 13:47 . 2008-12-21 13:56 <DIR> d-------- c:\temp\flashgot.mv5qfoeg.default
2008-12-20 15:00 . 2008-12-20 15:30 <DIR> d-------- c:\temp\plugtmp
2008-12-20 14:49 . 2008-12-20 14:49 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-20 14:22 . 2008-12-20 15:30 <DIR> d-------- c:\temp\~nsu.tmp
2008-12-19 19:50 . 2008-12-20 14:51 <DIR> d-------- c:\temp\hsperfdata_Haylee
2008-12-19 15:41 . 2008-12-19 15:41 <DIR> d-------- c:\temp\nro.log
2008-12-18 15:43 . 2008-12-20 14:41 <DIR> d-------- C:\rsit
2008-12-17 21:37 . 2008-12-17 21:37 <DIR> d-------- c:\program files\Trend Micro
2008-12-17 21:32 . 2008-12-20 15:30 <DIR> d-------- c:\temp\WER5d6d.dir00
2008-12-17 21:29 . 2008-12-17 21:29 <DIR> d-------- c:\temp\bc_tmp
2008-12-17 21:29 . 2008-12-17 21:29 <DIR> d-------- c:\temp\bc_cache
2008-12-17 20:35 . 2008-12-17 20:35 <DIR> d-------- c:\documents and settings\Administrator
2008-12-17 20:02 . 2008-12-20 15:30 <DIR> d-------- c:\temp\MessengerCache
2008-12-17 19:53 . 2008-12-17 19:53 <DIR> d-------- C:\_OTMoveIt
2008-12-16 17:21 . 2008-12-16 17:21 0 --a------ c:\windows\ativpsrm.bin
2008-12-14 03:02 . 2008-12-14 03:02 <DIR> d-------- c:\program files\MSXML 4.0
2008-11-29 18:22 . 2008-11-29 19:06 <DIR> d-------- c:\windows\system32\CatRoot_bak
2008-11-29 18:15 . 2008-06-13 07:10 272,128 --------- c:\windows\system32\drivers\bthport.sys
2008-11-29 18:15 . 2008-06-13 07:10 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-11-29 18:08 . 2008-08-14 04:00 2,180,352 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-11-29 18:08 . 2008-08-14 03:58 2,136,064 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-11-29 18:08 . 2008-08-14 03:22 2,057,728 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-11-29 18:08 . 2008-08-14 03:22 2,015,744 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-20 20:49 --------- d-----w c:\program files\Java
2008-12-18 02:52 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-18 02:52 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-18 02:51 --------- d-----w c:\program files\Common Files\Caere
2008-12-18 01:15 --------- d-----w c:\documents and settings\Haylee\Application Data\Babylon
2008-12-18 01:10 --------- d-----w c:\documents and settings\All Users\Application Data\Babylon
2008-11-28 20:03 --------- d-----w c:\program files\PlayersOnly Poker
2008-11-23 20:44 --------- d-----w c:\program files\Amblyopia_iNet
2008-11-14 23:53 --------- d-----w c:\program files\Babylon
2008-11-13 00:10 --------- d-----w c:\documents and settings\Haylee\Application Data\Winamp
2008-11-12 22:46 --------- d-----w c:\program files\Winamp
2008-11-11 23:59 --------- d-----w c:\program files\Common Files\Adobe
2008-11-10 22:54 --------- d-----w c:\program files\Microsoft ActiveSync
2008-11-10 22:31 --------- d-----w c:\program files\MSBuild
2008-11-10 22:30 --------- d-----w c:\program files\Reference Assemblies
2008-11-10 22:17 --------- d-----w c:\program files\MSXML 6.0
2008-11-08 01:14 --------- d-----w c:\program files\TVersity Codec Pack
2008-11-08 01:07 --------- d-----w c:\program files\TVersity
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-02-03 17:17 2,496 ----a-w c:\program files\DeIsL1.isu
1998-07-25 04:20 465,920 ----a-w c:\program files\Operation.exe
1998-07-23 00:20 15,360 ----a-w c:\program files\Readme.doc
1998-07-22 22:55 25,740,678 ----a-w c:\program files\OpCache.ief
1998-07-16 23:12 95,232 ----a-w c:\program files\SMACKW32.DLL
1998-07-16 23:12 1,844 ----a-w c:\program files\Operation.txt
2008-12-19 21:34 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-12-19 21:34 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-19 21:34 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-12-19 21:34 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-12-19 21:34 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-02-28 15360]
"msnmsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-20 136600]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-12-26 98304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-02-01 8699904]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Creating Keepsakes Scrapbook Designer Event Reminder.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Creating Keepsakes Scrapbook Designer Event Reminder.lnk
backup=c:\windows\pss\Creating Keepsakes Scrapbook Designer Event Reminder.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Haylee^Start Menu^Programs^Startup^OpenOffice.org 2.0.lnk]
path=c:\documents and settings\Haylee\Start Menu\Programs\Startup\OpenOffice.org 2.0.lnk
backup=c:\windows\pss\OpenOffice.org 2.0.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Haylee^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
path=c:\documents and settings\Haylee\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk
backup=c:\windows\pss\OpenOffice.org 2.3.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]
--a------ 2008-03-11 09:23 3551456 c:\program files\Babylon\Babylon-Pro\Babylon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DSS]
--a------ 2000-02-13 11:38 546304 c:\windows\BBSTORE\DSS\DSSAGENT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-11-13 13:39 1289000 c:\program files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2008-02-28 17:07 1828136 c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 10:24 1694208 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 11:54 5674352 c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
--a------ 2008-02-01 14:32 8699904 c:\program files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2008-02-18 16:29 2221352 c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2008-04-28 16:14 570664 c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-12-26 16:07 98304 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2005-01-12 03:01 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UltimateBuddy]
--a------ 2007-10-04 08:20 1029352 c:\program files\UltimateBuddy\UltimateBuddy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-08-03 17:02 36352 c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Documents and Settings\\Haylee\\Desktop\\utorrent.exe"=
"c:\\Program Files\\TVersity\\Media Server\\MediaServer.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Alwil Software\\Avast4\\aswUpdSv.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-07-03 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-07-03 20560]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a439b8b0-feb1-11dc-a280-0007e92636a1}]
\Shell\AutoRun\command - D:\Photokinz.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b30bb2c8-9a37-11dd-a29b-0007e92636a1}]
\Shell\AutoRun\command - d:\wd_windows_tools\WDSetup.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://centurytel.myway.com
IE: Translate with &Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
TCP: {917C3484-992D-456E-AE98-CE377445B456} = 192.168.5.1,192.168.5.2
FF - ProfilePath - c:\documents and settings\Haylee\Application Data\Mozilla\Firefox\Profiles\mv5qfoeg.default\
FF - prefs.js: browser.startup.homepage - hxxp://centurytel.myway.com
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-21 13:56:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(696)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
c:\progra~1\MICROS~2\rapimgr.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
.
**************************************************************************
.
Completion time: 2008-12-21 14:01:30 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-21 20:01:20
ComboFix2.txt 2008-12-20 21:36:19

Pre-Run: 16,277,647,360 bytes free
Post-Run: 16,264,663,040 bytes free

402 --- E O F --- 2008-12-14 09:13:24


HiJack Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:04:28 PM, on 12/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://centurytel.myway.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{917C3484-992D-456E-AE98-CE377445B456}: NameServer = 192.168.5.1,192.168.5.2
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe

--
End of file - 6425 bytes
LukeB5301
Active Member
 
Posts: 14
Joined: December 17th, 2008, 11:34 pm

Re: Malware Removal Help!

Unread postby Shaba » December 21st, 2008, 4:15 pm

Please go to Kaspersky website and perform an online antivirus scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select ''Run as administrator'' to perform this scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply along with a fresh HijackThis log.

If you need a tutorial, see here
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Malware Removal Help!

Unread postby LukeB5301 » December 22nd, 2008, 3:11 pm

Hijack:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:12:27 PM, on 12/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://centurytel.myway.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{917C3484-992D-456E-AE98-CE377445B456}: NameServer = 192.168.5.1,192.168.5.2
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe

--
End of file - 6329 bytes



Kaspersky:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, December 22, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, December 21, 2008 19:08:11
Records in database: 1496979
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
R:\

Scan statistics:
Files scanned: 54350
Threat name: 3
Infected objects: 7
Suspicious objects: 0
Duration of the scan: 02:03:03


File name / Threat name / Threats count
C:\Qoobox\Quarantine\C\WINDOWS\system32\bibafedo.dll.vir Infected: Trojan.Win32.Monder.aedd 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\hehujoji.dll.vir Infected: Trojan.Win32.Monder.aedd 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\mapuguki.dll.vir Infected: Trojan.Win32.Monder.aedd 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\vojateda.dll.vir Infected: Trojan.Win32.Monder.aedg 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\wopuyajo.dll.vir Infected: Trojan.Win32.Monder.aedg 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\yozuzejo.dll.vir Infected: Trojan.Win32.Monder.aedd 1
C:\WINDOWS\BBSTORE\DSS\DSSAGENT.EXE Infected: not-a-virus:AdWare.Win32.Background 1

The selected area was scanned.
LukeB5301
Active Member
 
Posts: 14
Joined: December 17th, 2008, 11:34 pm

Re: Malware Removal Help!

Unread postby Shaba » December 22nd, 2008, 3:23 pm

I'd like you to check a file for malware.
C:\WINDOWS\BBSTORE\DSS\DSSAGENT.EXE

  • Copy/Paste the first file on the list into the white Upload a file box.
  • Click Send/Submit, and the file will upload to VirusTotal/Jotti, where it will be scanned by several anti-virus programmes.
  • After a while, a window will open, with details of what the scans found.
  • Save the complete results in a Notepad/Word document on your desktop.
  • Post back results, please.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Malware Removal Help!

Unread postby LukeB5301 » December 22nd, 2008, 3:26 pm

http://www.virustotal.com/analisis/d81e1245dc35b774a999b7a9e5a06e04


File DSSAGENT.EXE received on 11.12.2008 23:19:31 (CET)
Current status: finished
Result: 28/35 (80.00%)
Compact Compact
Print results Print results
Antivirus Version Last Update Result
AhnLab-V3 2008.11.13.0 2008.11.12 -
AntiVir 7.9.0.31 2008.11.12 ADSPY/Background.A
Authentium 5.1.0.4 2008.11.12 W32/Adware.PAP
Avast 4.8.1248.0 2008.11.12 -
AVG 8.0.0.199 2008.11.12 Generic.IEV
BitDefender 7.2 2008.11.12 Adware.Background.A
CAT-QuickHeal 9.50 2008.11.12 AdWare.Background (Not a Virus)
ClamAV 0.94.1 2008.11.12 -
DrWeb 4.44.0.09170 2008.11.12 Adware.DSSAgent
eSafe 7.0.17.0 2008.11.12 -
eTrust-Vet 31.6.6204 2008.11.11 -
Ewido 4.0 2008.11.12 Adware.Background
F-Prot 4.4.4.56 2008.11.12 W32/Adware.PAP
F-Secure 8.0.14332.0 2008.11.12 AdWare.Win32.Background
Fortinet 3.117.0.0 2008.11.12 Misc/Generic.88F4
GData 19 2008.11.12 Adware.Background.A
Ikarus T3.1.1.45.0 2008.11.12 not-a-virus:AdWare.Win32.Background
K7AntiVirus 7.10.523 2008.11.12 Non-Virus:AdWare.Win32.Background
Kaspersky 7.0.0.125 2008.11.12 not-a-virus:AdWare.Win32.Background
McAfee 5431 2008.11.12 potentially unwanted program DSSAgent
Microsoft 1.4104 2008.11.12 Spyware:Win32/BrodcastDSSAGENT
NOD32 3607 2008.11.12 Win32/Adware.DSSAgent
Norman 5.80.02 2008.11.12 W32/Background.A
Panda 9.0.0.4 2008.11.12 Adware/DSSAgent
PCTools 4.4.2.0 2008.11.12 Adware.DSSAgent
Prevx1 V2 2008.11.12 Adware
Rising 21.03.22.00 2008.11.12 -
SecureWeb-Gateway 6.7.6 2008.11.12 Ad-Spyware.Background.A
Sophos 4.35.0 2008.11.12 Troj/SpyAgent-M
Sunbelt 3.1.1785.2 2008.11.11 Brodcast DSSAGENT
TheHacker 6.3.1.1.149 2008.11.12 Adware/Background
TrendMicro 8.700.0.1004 2008.11.12 -
VBA32 3.12.8.9 2008.11.11 AdWare.Background
ViRobot 2008.11.12.1463 2008.11.12 Adware.Background.546304
VirusBuster 4.5.11.0 2008.11.12 Adware.Background.A
Additional information
File size: 546304 bytes
MD5...: b55c6df7fdfbafe93ecb36db98d07d12
SHA1..: ddff6521a379be4e555c2389e26889acb6081f3d
SHA256: 85e8b55652b55bf2f179ba481702c8f1b8f2501b658cf2b6e7e645e21dba2033
SHA512: d0f0ea3a182b4c2e959ef97a02c834c688d521109d70ba0f2654e7e64756d5df
ad70619ea395878be1dbdc180a444ca3c14692c10735df47b1ab161fe84296d5
PEiD..: InstallShield 2000
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x463810
timedatestamp.....: 0x3655ef17 (Fri Nov 20 22:37:11 1998)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x72625 0x72800 6.54 5809ed516ea8d5b89659d9fb47fb6797
.rdata 0x74000 0xa268 0xa400 6.01 09875d5718e65001b98af7b8329931e1
.data 0x7f000 0xe3d0 0x8200 4.46 cda5bcebd1a87492c573501ae28a0f11
.rsrc 0x8e000 0x390 0x400 3.00 64e4a112f1c568caaa09f42cf932a5f5

( 4 imports )
> KERNEL32.dll: GetProcAddress, LoadLibraryA, SetErrorMode, FreeLibrary, GetDiskFreeSpaceA, GetWindowsDirectoryA, GetCurrentDirectoryA, SetCurrentDirectoryA, SetEvent, WaitForSingleObject, ResetEvent, ResumeThread, SuspendThread, GetExitCodeThread, GetModuleFileNameA, GetCurrentThreadId, GetTickCount, Sleep, DeleteFileA, OutputDebugStringA, GetFileSize, CloseHandle, WriteFile, ReadFile, CreateDirectoryA, CreateEventA, ExitThread, UnhandledExceptionFilter, HeapSize, GetFullPathNameA, PeekNamedPipe, GetFileInformationByHandle, GetDriveTypeA, FileTimeToLocalFileTime, FileTimeToSystemTime, RemoveDirectoryA, VirtualLock, GetVersionExA, VirtualUnlock, GetSystemTime, QueryPerformanceCounter, GetLastError, FindFirstFileA, FindNextFileA, FindClose, ReleaseMutex, CreateMutexA, InitializeCriticalSection, GetCurrentProcessId, GetModuleHandleA, TerminateThread, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, OpenFile, WritePrivateProfileStringA, GetPrivateProfileStringA, GetPrivateProfileIntA, GetSystemDirectoryA, WinExec, RtlUnwind, GetFileAttributesA, GetTimeZoneInformation, GetLocalTime, CreateThread, TlsSetValue, CreateFileA, GetStartupInfoA, GetCommandLineA, GetVersion, ExitProcess, TerminateProcess, GetCurrentProcess, InterlockedDecrement, InterlockedIncrement, HeapAlloc, HeapReAlloc, HeapFree, MoveFileA, SetEndOfFile, GetFileType, TlsAlloc, SetLastError, TlsGetValue, IsBadReadPtr, IsBadWritePtr, FreeEnvironmentStringsA, MultiByteToWideChar, FreeEnvironmentStringsW, GetEnvironmentStrings, GetEnvironmentStringsW, WideCharToMultiByte, GetCPInfo, GetACP, GetOEMCP, SetHandleCount, GetStdHandle, HeapDestroy, HeapCreate, VirtualFree, GetStringTypeA, GetStringTypeW, LCMapStringA, LCMapStringW, VirtualAlloc, SetFilePointer, SetStdHandle, FlushFileBuffers, SetUnhandledExceptionFilter, GetLocaleInfoA, GetLocaleInfoW, IsBadCodePtr, SetEnvironmentVariableA, CompareStringA, CompareStringW
> USER32.dll: SetWindowLongA, DestroyWindow, IsWindow, PostMessageA, PeekMessageA, SendMessageA, PostQuitMessage, EnumWindows, SetForegroundWindow, IsIconic, GetWindowLongA, DefWindowProcA, wsprintfA, LoadCursorA, DispatchMessageA, TranslateMessage, GetMessageA, CreateWindowExA, RegisterClassA, FindWindowA, PostThreadMessageA
> ADVAPI32.dll: RegCloseKey, RegOpenKeyA, RegQueryValueExA, RegSetValueExA, RegOpenKeyExA, RegCreateKeyA, RegDeleteValueA, RegEnumKeyExA, RegDeleteKeyA, RegCreateKeyExA, RegEnumValueA, RegQueryInfoKeyA
> SHELL32.dll: ShellExecuteA

( 0 exports )
ThreatExpert info: http://www.threatexpert.com/report.aspx ... db98d07d12
Prevx info: http://info.prevx.com/aboutprogramtext. ... 00CCA48AA0
LukeB5301
Active Member
 
Posts: 14
Joined: December 17th, 2008, 11:34 pm

Re: Malware Removal Help!

Unread postby Shaba » December 22nd, 2008, 3:30 pm

Thank you :)

Do you recognize this folder?

C:\WINDOWS\BBSTORE\DSS
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Malware Removal Help!

Unread postby LukeB5301 » December 22nd, 2008, 3:32 pm

Not really?
I see under BBSTORE\SCOPEUSR is some files relating to my sisters little learning/school programs
LukeB5301
Active Member
 
Posts: 14
Joined: December 17th, 2008, 11:34 pm

Re: Malware Removal Help!

Unread postby Shaba » December 22nd, 2008, 3:42 pm

So then delete it and this as well:

C:\Qoobox\Quarantine\

Empty recycle bin.

Still problems?
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 492 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware