Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

another blighted by the mundo [Solved]

Started by mishuhome , Dec 12 2008 06:18 PM

  • This topic is locked This topic is locked

#1
mishuhome
Posted 12 December 2008 - 06:18 PM

mishuhome

    Member

  • Member
  • PipPip
  • 17 posts
Here is the log file:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:13:22 PM, on 12/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\All Downloads\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cbc.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {26B454CA-084A-4F0A-BCB9-CA4CB63F1E9C} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {fd5beef0-6cef-458b-ab65-ba499e760e73} - C:\WINDOWS\system32\fupilito.dll (file missing)
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [tibopomisa] Rundll32.exe "C:\WINDOWS\system32\lamisefi.dll",s
O4 - HKLM\..\Run: [CPMeb58d793] Rundll32.exe "c:\windows\system32\wejiwulo.dll",a
O4 - HKLM\..\Run: [SpywareBot] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\OFFICE~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\OFFICE~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\OFFICE~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\OFFICE~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1175003273562
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Typer%20Shark/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Office Enterprise 2007\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll,C:\WINDOWS\system32\fetezeme.dll
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Creative Centrale Media Server (CTUPnPSv) - Creative Technology Ltd - C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

--
End of file - 5574 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:13:22 PM, on 12/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\All Downloads\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cbc.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {26B454CA-084A-4F0A-BCB9-CA4CB63F1E9C} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {fd5beef0-6cef-458b-ab65-ba499e760e73} - C:\WINDOWS\system32\fupilito.dll (file missing)
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [tibopomisa] Rundll32.exe "C:\WINDOWS\system32\lamisefi.dll",s
O4 - HKLM\..\Run: [CPMeb58d793] Rundll32.exe "c:\windows\system32\wejiwulo.dll",a
O4 - HKLM\..\Run: [SpywareBot] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\OFFICE~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\OFFICE~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\OFFICE~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\OFFICE~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1175003273562
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Typer%20Shark/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Office Enterprise 2007\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll,C:\WINDOWS\system32\fetezeme.dll
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Creative Centrale Media Server (CTUPnPSv) - Creative Technology Ltd - C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

--
End of file - 5574 bytes
Thank you for your time and energy. I can't believe how malicious these guys are. Michele

Attached Files

  • Attached File  VBG.TXT   2.58KB   203 downloads

  • 0

Advertisements

#2
fenzodahl512
Posted 13 December 2008 - 12:19 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello, my name is fenzodahl512 and welcome to Geekstogo.. Please do the following...


Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.




NEXT


Please download GMER and unzip it to your Desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.



Post these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GMER report
  • 0

#3
mishuhome
Posted 13 December 2008 - 10:00 AM

mishuhome

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Malwarebytes' Anti-Malware 1.31
Thank you again for your help and most of all for your time. Here is the first MBAM log and I will proceed with the rest of the downloads. Michele

Database version: 1495
Windows 5.1.2600 Service Pack 3

12/13/2008 7:51:02 AM
mbam-log-2008-12-13 (07-51-02).txt

Scan type: Full Scan (C:\|)
Objects scanned: 115971
Time elapsed: 35 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 5
Registry Values Infected: 4
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\WINDOWS\system32\hajakari.dll (Trojan.BHO) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fd5beef0-6cef-458b-ab65-ba499e760e73} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{fd5beef0-6cef-458b-ab65-ba499e760e73} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tibopomisa (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpmeb58d793 (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.BHO) -> Delete on reboot.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.BHO) -> Data: c:\windows\system32\hajakari.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.BHO) -> Data: system32\hajakari.dll -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\wikufalu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ulafukiw.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\hajakari.dll (Trojan.BHO) -> Delete on reboot.
  • 0

#4
mishuhome
Posted 13 December 2008 - 10:03 AM

mishuhome

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
RSIT log as requested


Logfile of random's system information tool 1.04 (written by random/random)
Run by Mishu at 2008-12-13 08:02:13
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 60 GB (77%) free of 79 GB
Total RAM: 1982 MB (72% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:02:27 AM, on 12/13/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Mishu\Desktop\RSIT.exe
C:\All Downloads\Mishu.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cbc.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {26B454CA-084A-4F0A-BCB9-CA4CB63F1E9C} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {fd5beef0-6cef-458b-ab65-ba499e760e73} - C:\WINDOWS\system32\fupilito.dll (file missing)
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [SpywareBot] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [tibopomisa] Rundll32.exe "C:\WINDOWS\system32\lamisefi.dll",s
O4 - HKLM\..\Run: [CPMeb58d793] Rundll32.exe "c:\windows\system32\wejiwulo.dll",a
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AutorunsDisabled
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\OFFICE~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\OFFICE~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\OFFICE~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\OFFICE~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1175003273562
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Typer%20Shark/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Office Enterprise 2007\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll C:\WINDOWS\system32\fetezeme.dll c:\windows\system32\woyadolu.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\woyadolu.dll
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Creative Centrale Media Server (CTUPnPSv) - Creative Technology Ltd - C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

--
End of file - 5684 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Microsoft_Hardware_Launch_IType_exe.job
C:\WINDOWS\tasks\nnhghnha.job
C:\WINDOWS\tasks\RegCure Program Check.job
C:\WINDOWS\tasks\RegCure.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{26B454CA-084A-4F0A-BCB9-CA4CB63F1E9C}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fd5beef0-6cef-458b-ab65-ba499e760e73}]
C:\WINDOWS\system32\fupilito.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ClamWin"=C:\Program Files\ClamWin\bin\ClamTray.exe [2008-11-09 86016]
"SpywareBot"=C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2005-10-26 159744]
"tibopomisa"=C:\WINDOWS\system32\lamisefi.dll []
"CPMeb58d793"=c:\windows\system32\woyadolu.dll [2008-12-13 91745]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-11-07 21633320]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2007-04-03 644696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tibopomisa]
C:\WINDOWS\system32\lamisefi.dll []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^RAMIdle.lnk]
C:\Tweaks\CUSTOM~1\RAMIdle.exe [2001-09-27 160256]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mishu^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk]
C:\PROGRA~1\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup
AutorunsDisabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll C:\WINDOWS\system32\fetezeme.dll c:\windows\system32\woyadolu.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\woyadolu.dll [2008-12-13 91745]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\woyadolu.dll [2008-12-13 91745]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Office Enterprise 2007\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\WINDOWS\system32\fetezeme.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoInstrumentation"=1
"NoToolbarCustomize"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Ovis\bin\OvisPdf-Office.exe"="C:\Program Files\Ovis\bin\OvisPdf-Office.exe:*:Disabled:OvisPdf-Office"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\id Software\Quake 4\Quake4Ded.exe"="C:\Program Files\id Software\Quake 4\Quake4Ded.exe:*:Disabled:Quake 4"
"C:\Program Files\Quake III Arena\quake3.exe"="C:\Program Files\Quake III Arena\quake3.exe:*:Disabled:quake3"
"C:\Program Files\Tremulous\tremulous.exe"="C:\Program Files\Tremulous\tremulous.exe:*:Disabled:tremulous"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\WINDOWS\system32\rtcshare.exe"="C:\WINDOWS\system32\rtcshare.exe:*:Enabled:RTC App Sharing"
"C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®"
"C:\Program Files\Shaw Messenger\bin\SMC.exe"="C:\Program Files\Shaw Messenger\bin\SMC.exe:*:Enabled:Shaw Messenger"
"C:\Program Files\Shareaza.exe"="C:\Program Files\Shareaza.exe:*:Enabled:Shareaza"
"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Office Enterprise 2007\Office12\OUTLOOK.EXE"="C:\Office Enterprise 2007\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Office Enterprise 2007\Office12\GROOVE.EXE"="C:\Office Enterprise 2007\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Office Enterprise 2007\Office12\ONENOTE.EXE"="C:\Office Enterprise 2007\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\WINDOWS\system32\lsass.exe"="C:\WINDOWS\system32\lsass.exe:*:Enabled:lsass"
"C:\Program Files\Microsoft IntelliType Pro\itype.exe"="C:\Program Files\Microsoft IntelliType Pro\itype.exe:*:Enabled:itype"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\Program Files\ClamWin\bin\ClamTray.exe"="C:\Program Files\ClamWin\bin\ClamTray.exe:*:Enabled:ClamTray"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\WINDOWS\system32\services.exe"="C:\WINDOWS\system32\services.exe:*:Enabled:services"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 3 months======

2008-12-13 07:31:18 ----SH---- C:\WINDOWS\system32\imilapoy.ini
2008-12-12 18:25:35 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-12 16:26:50 ----D---- C:\WINDOWS\ERDNT
2008-12-12 16:26:49 ----D---- C:\Documents and Settings\Mishu\Application Data\Sony Ericsson
2008-12-12 16:08:06 ----D---- C:\Program Files\ERUNT
2008-12-12 15:29:07 ----D---- C:\Documents and Settings\Mishu\Application Data\Malwarebytes
2008-12-12 15:29:00 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-12-12 15:28:59 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-12 12:22:05 ----D---- C:\My Downloads
2008-12-12 12:22:05 ----D---- C:\Documents and Settings\Mishu\Application Data\Shareaza
2008-12-12 12:09:08 ----D---- C:\Program Files\trend micro
2008-12-12 12:08:46 ----A---- C:\log.txt
2008-12-12 12:07:37 ----D---- C:\rsit
2008-12-12 08:55:24 ----D---- C:\Documents and Settings\Mishu\Application Data\skypePM
2008-12-11 13:24:45 ----SH---- C:\WINDOWS\system32\amomapad.ini
2008-12-10 23:35:00 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-10 23:35:00 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-12-10 23:25:13 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2008-12-10 08:09:31 ----A---- C:\WINDOWS\system32\ivvcvj.dll
2008-12-10 08:09:31 ----A---- C:\WINDOWS\system32\ceqtduon.dll
2008-12-10 08:06:31 ----N---- C:\WINDOWS\system32\jcodbclj.dll
2008-12-08 08:17:30 ----D---- C:\WINDOWS\system32\Abdio
2008-12-08 07:56:27 ----D---- C:\Documents and Settings\Mishu\Application Data\.clamwin
2008-12-08 07:56:16 ----D---- C:\Program Files\ClamWin
2008-12-05 21:31:52 ----A---- C:\WINDOWS\system32\e3482071-.txt
2008-12-05 21:26:29 ----D---- C:\Program Files\PDF Editor 2
2008-12-05 21:26:29 ----A---- C:\WINDOWS\cadkasdeinst01e.exe
2008-12-05 14:35:41 ----D---- C:\Documents and Settings\Mishu\Application Data\Skype
2008-12-05 14:35:24 ----D---- C:\Program Files\Skype
2008-12-05 14:35:24 ----D---- C:\Program Files\Common Files\Skype
2008-12-05 14:35:15 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype
2008-12-05 14:29:26 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2008-12-05 14:25:08 ----SHDC---- C:\Program Files\Common Files\WindowsLiveInstaller
2008-12-05 14:25:01 ----D---- C:\Program Files\Windows Live
2008-12-05 14:24:43 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller
2008-12-04 14:22:35 ----D---- C:\Program Files\Windows Desktop Search
2008-12-04 14:22:34 ----D---- C:\WINDOWS\system32\GroupPolicy
2008-12-04 12:02:01 ----HD---- C:\$AVG8.VAULT$
2008-12-03 20:59:34 ----A---- C:\WINDOWS\system32\msonpmon.dll
2008-12-03 20:55:13 ----D---- C:\Office Enterprise 2007
2008-12-03 20:24:26 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
2008-12-03 15:52:30 ----D---- C:\Program Files\Foxit PDF Creator
2008-12-03 15:31:42 ----N---- C:\WINDOWS\system32\avgrsstx.dll.install_backup
2008-12-03 15:31:29 ----D---- C:\Program Files\AVG
2008-12-03 15:31:29 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8
2008-12-03 10:22:53 ----D---- C:\Program Files\Foxit Software
2008-12-03 09:31:12 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\pdf995
2008-12-03 09:31:12 ----A---- C:\WINDOWS\system32\pdfmona.dll
2008-12-03 09:31:12 ----A---- C:\WINDOWS\system32\pdf995mon.dll
2008-12-03 09:28:22 ----D---- C:\Documents and Settings\Mishu\Application Data\eXPert PDF Reader
2008-12-03 09:18:17 ----D---- C:\Documents and Settings\Mishu\Application Data\Foxit
2008-12-03 09:02:56 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\ScanSoft
2008-12-01 08:42:43 ----D---- C:\Documents and Settings\Mishu\Application Data\Creative
2008-12-01 08:38:25 ----N---- C:\WINDOWS\Ctregrun.exe
2008-12-01 08:35:24 ----N---- C:\WINDOWS\system32\msxml3a.dll
2008-12-01 08:33:32 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Creative
2008-12-01 08:33:08 ----HD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\{C39CADE8-EC32-4A3E-ADF3-99FB5B7A317D}
2008-12-01 08:32:21 ----D---- C:\Program Files\Creative
2008-12-01 08:32:13 ----HD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\{90F3B5EB-A471-42F9-A905-991C2DB2312C}
2008-11-21 06:39:23 ----A---- C:\WINDOWS\system32\dzip32.dll
2008-11-21 06:39:23 ----A---- C:\WINDOWS\system32\dunzip32.dll
2008-11-21 06:39:11 ----D---- C:\Program Files\Windows Media Bonus Pack for Windows XP
2008-11-20 08:23:23 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-11-20 08:09:56 ----D---- C:\Documents and Settings\Mishu\Application Data\Real
2008-11-12 07:57:55 ----D---- C:\Dhamma Talks
2008-11-03 20:42:51 ----A---- C:\WINDOWS\system32\MFCANS32.DLL
2008-11-03 20:42:44 ----A---- C:\WINDOWS\WFXDEL.BAT
2008-09-30 16:43:34 ----A---- C:\WINDOWS\system32\msxml4.dll

======List of files/folders modified in the last 3 months======

2008-12-13 08:02:18 ----D---- C:\All Downloads
2008-12-13 08:02:04 ----D---- C:\WINDOWS\Prefetch
2008-12-13 07:57:10 ----D---- C:\Program Files\Mozilla Firefox
2008-12-13 07:56:48 ----D---- C:\WINDOWS\Temp
2008-12-13 07:56:27 ----D---- C:\WINDOWS\Debug
2008-12-13 07:56:08 ----RD---- C:\Program Files
2008-12-13 07:56:08 ----D---- C:\WINDOWS\system32\drivers
2008-12-13 07:56:08 ----D---- C:\WINDOWS\system32
2008-12-13 07:31:15 ----ASH---- C:\WINDOWS\system32\yopalimi.dll
2008-12-13 07:31:15 ----ASH---- C:\WINDOWS\system32\woyadolu.dll
2008-12-13 06:45:46 ----D---- C:\WINDOWS\network diagnostic
2008-12-12 18:25:47 ----D---- C:\WINDOWS
2008-12-12 16:28:21 ----D---- C:\WINDOWS\pss
2008-12-12 16:00:57 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-12 12:02:38 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-12 08:32:36 ----A---- C:\WINDOWS\WININIT.INI
2008-12-12 08:25:16 ----D---- C:\Documents and Settings
2008-12-11 14:52:02 ----D---- C:\temp
2008-12-11 11:50:29 ----SD---- C:\WINDOWS\Tasks
2008-12-11 00:06:26 ----ASH---- C:\WINDOWS\system32\yumaluso.dll
2008-12-11 00:06:24 ----ASH---- C:\WINDOWS\system32\gukehere.dll
2008-12-10 23:33:42 ----SHD---- C:\WINDOWS\Installer
2008-12-10 23:33:41 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-10 23:33:41 ----D---- C:\Config.Msi
2008-12-10 22:51:19 ----D---- C:\Program Files\CCleaner
2008-12-10 22:48:27 ----D---- C:\WINDOWS\tracing
2008-12-08 12:05:25 ----ASH---- C:\WINDOWS\system32\mebokewe.dll
2008-12-08 11:00:06 ----D---- C:\All My Stuff
2008-12-08 08:37:29 ----SD---- C:\Documents and Settings\Mishu\Application Data\Microsoft
2008-12-06 17:29:22 ----D---- C:\WINDOWS\ie7updates
2008-12-06 17:22:50 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-06 17:22:25 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-06 17:22:19 ----D---- C:\Program Files\Internet Explorer
2008-12-06 17:21:15 ----HD---- C:\WINDOWS\inf
2008-12-06 17:21:15 ----D---- C:\WINDOWS\system32\wbem
2008-12-06 17:21:15 ----D---- C:\WINDOWS\system32\en-US
2008-12-06 17:20:36 ----D---- C:\WINDOWS\WinSxS
2008-12-06 17:20:35 ----D---- C:\Program Files\Common Files
2008-12-05 18:15:33 ----SD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft
2008-12-05 14:32:32 ----D---- C:\Images
2008-12-05 14:30:22 ----D---- C:\WINDOWS\system32\DirectX
2008-12-05 14:28:51 ----D---- C:\Program Files\MSN Messenger
2008-12-05 14:27:54 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-12-04 14:51:37 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-04 14:38:18 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-04 14:32:12 ----A---- C:\WINDOWS\win.ini
2008-12-04 14:23:02 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-04 14:13:19 ----HD---- C:\WINDOWS\ShellNew
2008-12-04 14:06:24 ----D---- C:\Program Files\MSBuild
2008-12-04 14:05:19 ----RSD---- C:\WINDOWS\Fonts
2008-12-04 14:04:14 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-04 14:04:13 ----D---- C:\Program Files\Microsoft Office
2008-12-04 14:03:43 ----D---- C:\Program Files\Microsoft Works
2008-12-04 14:03:40 ----D---- C:\WINDOWS\Help
2008-12-04 13:52:15 ----D---- C:\WINDOWS\Media
2008-12-03 21:49:15 ----D---- C:\Program Files\Common Files\Designer
2008-12-03 20:59:15 ----D---- C:\WINDOWS\system32\config
2008-12-03 15:03:58 ----D---- C:\Program Files\Common Files\Logitech
2008-12-03 15:02:23 ----D---- C:\Program Files\Common Files\Logishrd
2008-12-03 09:36:33 ----D---- C:\Program Files\Windows Media Player
2008-12-03 09:14:27 ----D---- C:\Program Files\Adobe
2008-11-24 08:12:26 ----A---- C:\WINDOWS\NeroDigital.ini
2008-11-16 08:05:37 ----D---- C:\Program Files\Mozilla Thunderbird
2008-11-16 07:54:40 ----D---- C:\Program Files\lg_fwupdate
2008-11-16 07:54:35 ----A---- C:\WINDOWS\lgfwup.ini
2008-11-16 07:48:54 ----D---- C:\Documents and Settings\Mishu\Application Data\InterTrust
2008-11-15 17:46:41 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-11-15 17:45:17 ----D---- C:\Program Files\Common Files\Real
2008-11-11 09:57:25 ----A---- C:\WINDOWS\SYSTEM.INI
2008-11-02 13:19:11 ----D---- C:\Program Files\Setup Files
2008-11-01 09:53:40 ----D---- C:\Program Files\Microsoft Windows Vista Upgrade Advisor
2008-11-01 09:53:40 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Corporation
2008-11-01 09:50:49 ----D---- C:\Program Files\Google
2008-11-01 09:44:41 ----D---- C:\Program Files\Logitech
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-10-16 14:12:22 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-10-16 14:12:20 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wups2.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\cdm.dll
2008-10-16 14:09:40 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-10-16 14:08:58 ----A---- C:\WINDOWS\system32\wups.dll
2008-10-16 14:07:44 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-10-16 14:07:14 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\muweb.dll
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-10-15 08:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-08 36352]
R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2005-07-08 29696]
R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2006-03-13 28672]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2006-06-05 30556]
R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5b.sys [2004-04-14 42496]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-11-15 4225920]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 S3G700;S3G700; C:\WINDOWS\system32\DRIVERS\S3G700m.sys [2005-12-13 794624]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2005-07-08 99584]
S2 LBeepKE;LBeepKE; C:\WINDOWS\System32\Drivers\LBeepKE.sys []
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 jbridgep;jbridgep; \??\C:\DOCUME~1\Mishu\LOCALS~1\Temp\jbridgep.sys []
S3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2008-02-29 20240]
S3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2008-02-29 63120]
S3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-02-29 35344]
S3 LHidKe;Logitech SetPoint HID Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidKE.Sys [2006-05-10 27264]
S3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-02-29 36880]
S3 LMouKE;SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2008-02-29 79120]
S3 MSICPL;MSICPL; \??\C:\Documents and Settings\Mishu\install4\MSICPL.sys []
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 NTACCESS;NTACCESS; \??\D:\NTACCESS.sys []
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 w300bus;Sony Ericsson W300 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\w300bus.sys [2006-03-13 60800]
S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\w300mdfl.sys [2006-03-13 9264]
S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\w300mdm.sys [2006-03-13 96352]
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\w300mgmt.sys [2006-03-13 87824]
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\w300obex.sys [2006-03-13 85696]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CTDevice_Srv;CT Device Query service; C:\Program Files\Creative\Shared Files\CTDevSrv.exe [2007-04-01 61440]
R2 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2005-07-08 871424]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-19 322120]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 CTUPnPSv;Creative Centrale Media Server; C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe [2008-05-21 64000]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Office Enterprise 2007\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------
  • 0

#5
mishuhome
Posted 13 December 2008 - 10:06 AM

mishuhome

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Did not find and info file after the RSIT did its thing. Please Advise
  • 0

#6
mishuhome
Posted 13 December 2008 - 10:19 AM

mishuhome

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-12-13 08:17:31
Windows 5.1.2600 Service Pack 3


---- Kernel code sections - GMER 1.0.14 ----

? nnrk.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.14 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[2732] kernel32.dll!ExitProcess 7C81CAFA 5 Bytes JMP 002D2482 c:\windows\system32\woyadolu.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[2732] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 002D2AA1 c:\windows\system32\woyadolu.dll

---- EOF - GMER 1.0.14 ----
  • 0

#7
fenzodahl512
Posted 13 December 2008 - 12:42 PM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Please show hidden files and folders
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:

    • C:\WINDOWS\cadkasdeinst01e.exe
  • Click on the Upload button
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.
If VirScan.org server is too busy, please submit the file to VirusTotal instead.




NEXT


Please download the OTMoveIt3 by OldTimer
  • Save it to your Desktop.
  • Please double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Let the Unregister Dll's and Ocx's remain ticked and Zip Files After Moves remain unticked..
  • Copy the codebox contents and paste it to the "Paste List of Files/Folders to Move" window (under the light Yellow bar)

    :processes
explorer.exe

:services
jbridgep

:files
C:\WINDOWS\tasks\nnhghnha.job
C:\WINDOWS\system32\fupilito.dll
C:\WINDOWS\system32\lamisefi.dll
c:\windows\system32\woyadolu.dll
C:\WINDOWS\system32\fetezeme.dll
C:\WINDOWS\system32\imilapoy.ini
C:\WINDOWS\system32\amomapad.ini
C:\WINDOWS\system32\ivvcvj.dll
C:\WINDOWS\system32\ceqtduon.dll
C:\WINDOWS\system32\jcodbclj.dll
C:\WINDOWS\system32\e3482071-.txt
C:\WINDOWS\system32\yopalimi.dll
C:\WINDOWS\system32\yumaluso.dll
C:\WINDOWS\system32\gukehere.dll
C:\WINDOWS\system32\mebokewe.dll
C:\Documents and Settings\Mishu\Local Settings\temp\jbridgep.sys

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fd5beef0-6cef-458b-ab65-ba499e760e73}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"tibopomisa"=-
"CPMeb58d793"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tibopomisa]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"SSODL"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
"{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Notification Packages"=hex(7):73,63,65,63,6c,69,00,00

:commands
[purity]
[emptytemp]
[start explorer]
[reboot]
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Run RSIT again.. Post these logs in your next reply... Post each log in separate post..

1. VirScan.org result
2. OTMoveIt3
3. RSIT log.txt
  • 0

#8
mishuhome
Posted 13 December 2008 - 09:55 PM

mishuhome

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Scanner results : All Scanners reported not find malware!
Time : 2008/12/13 19:48:52 (PST)
Scanner ↓ Engine Ver Sig Ver Sig Date Scan result Time
a-squared 4.0.0.28 20081214053138 2008-12-14
-
3.970
AhnLab V3 2008.12.13.02 2008.12.13 2008-12-13
-
1.236
AntiVir 7.9.0.45 7.1.0.229 2008-12-12
-
1.578
Antiy 2.0.18 20081212.1836056 2008-12-12
-
0.120
Arcavir 1.0.5 200812121258 2008-12-12
-
1.237
Authentium 5.1.1 200812131030 2008-12-13
-
1.080
AVAST! 3.0.1 081213-0 2008-12-13
-
0.753
AVG 7.5.52.442 270.9.17/1847 2008-12-13
-
1.779
BitDefender 7.81008.2349957 7.22512 2008-12-14
-
2.146
CA (VET) 9.0.0.143 31.6.6258 2008-12-12
-
4.121
ClamAV 0.94.1 8753 2008-12-14
-
0.022
Comodo 3.0 749 2008-12-13
-
0.949
CP Secure 1.1.0.715 2008.12.12 2008-12-12
-
6.054
Dr.Web 4.44.0.9170 2008.12.13 2008-12-13
-
3.699
ewido 4.0.0.2 2008.12.13 2008-12-13
-
3.426
F-Prot 4.4.4.56 20081213 2008-12-13
-
1.071
F-Secure 5.51.6100 2008.12.13.07 2008-12-13
-
0.048
Fortinet 2.81-3.117 9.813 2008-12-13
-
0.237
GData 19.1901/19.144 20081214 2008-12-14
-
3.553
Ikarus T3.1.01.45 2008.12.14.72004 2008-12-14
-
4.187
JiangMin 11.0.706 2008.12.13 2008-12-13
-
1.408
Kaspersky 5.5.10 2008.12.13 2008-12-13
-
0.040
KingSoft 2008.9.8.18 2008.12.12.20 2008-12-12
-
0.641
McAfee 5.3.00 5463 2008-12-13
-
2.615
Microsoft 1.4205 2008.12.13 2008-12-13
-
4.519
mks_vir 2.01 2008.12.14 2008-12-14
-
2.719
Norman 5.93.01 5.93.00 2008-12-12
-
5.971
nProtect 12-12-2008.00 2764376 12-12-2008
-
5.872
Panda 9.05.01 2008.12.13 2008-12-13
-
2.477
Quick Heal 10.00 2008.12.13 2008-12-13
-
1.112
Rising 20.0 21.07.52.00 2008-12-13
-
0.773
Sophos 2.81.2 4.36 2008-12-14
-
2.130
Sunbelt 4754 4754 2008-12-10
-
2.621
Symantec 1.3.0.24 20081213.002 2008-12-13
-
0.454
The Hacker 6.3.1.2 v00186 2008-12-12
-
0.963
Trend Micro 8.700-1004 5.708.15 2008-12-13
-
0.030
VBA32 3.12.8.10 20081213.0847 2008-12-13
-
1.491
ViRobot 20081212 2008.12.12 2008-12-12
-
1.023
VirusBuster 4.5.11.10 10.95.6/730338 2008-12-13
-
1.018
Note: this file has been scanned before. Therefore, this file's scan result will not be stored in the database
  • 0

#9
mishuhome
Posted 13 December 2008 - 10:03 PM

mishuhome

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
Service jbridgep stopped successfully.
Service jbridgep deleted successfully.
========== FILES ==========
C:\WINDOWS\tasks\nnhghnha.job moved successfully.
File/Folder C:\WINDOWS\system32\fupilito.dll not found.
File/Folder C:\WINDOWS\system32\lamisefi.dll not found.
DllUnregisterServer procedure not found in c:\windows\system32\woyadolu.dll
c:\windows\system32\woyadolu.dll NOT unregistered.
c:\windows\system32\woyadolu.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\fetezeme.dll
C:\WINDOWS\system32\fetezeme.dll NOT unregistered.
C:\WINDOWS\system32\fetezeme.dll moved successfully.
C:\WINDOWS\system32\imilapoy.ini moved successfully.
C:\WINDOWS\system32\amomapad.ini moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ivvcvj.dll
C:\WINDOWS\system32\ivvcvj.dll NOT unregistered.
C:\WINDOWS\system32\ivvcvj.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ceqtduon.dll
C:\WINDOWS\system32\ceqtduon.dll NOT unregistered.
C:\WINDOWS\system32\ceqtduon.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\jcodbclj.dll
C:\WINDOWS\system32\jcodbclj.dll NOT unregistered.
C:\WINDOWS\system32\jcodbclj.dll moved successfully.
C:\WINDOWS\system32\e3482071-.txt moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\yopalimi.dll
C:\WINDOWS\system32\yopalimi.dll NOT unregistered.
C:\WINDOWS\system32\yopalimi.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\yumaluso.dll
C:\WINDOWS\system32\yumaluso.dll NOT unregistered.
C:\WINDOWS\system32\yumaluso.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\gukehere.dll
C:\WINDOWS\system32\gukehere.dll NOT unregistered.
C:\WINDOWS\system32\gukehere.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\mebokewe.dll
C:\WINDOWS\system32\mebokewe.dll NOT unregistered.
C:\WINDOWS\system32\mebokewe.dll moved successfully.
File/Folder C:\Documents and Settings\Mishu\Local Settings\temp\jbridgep.sys not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fd5beef0-6cef-458b-ab65-ba499e760e73}\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tibopomisa deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\CPMeb58d793 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tibopomisa\\ deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_DLLS"|"avgrsstx.dll" /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\SSODL not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler\\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\"Notification Packages"|hex(7):73,63,65,63,6c,69,00,00 /E : value set successfully!
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Mishu\LOCALS~1\Temp\ClamWin1.log scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Mishu\LOCALS~1\Temp\etilqs_KOaJULHJnBQBFw8mZvbo scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Mishu\Local Settings\Application Data\Mozilla\Firefox\Profiles\px782s8g.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mishu\Local Settings\Application Data\Mozilla\Firefox\Profiles\px782s8g.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mishu\Local Settings\Application Data\Mozilla\Firefox\Profiles\px782s8g.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mishu\Local Settings\Application Data\Mozilla\Firefox\Profiles\px782s8g.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mishu\Local Settings\Application Data\Mozilla\Firefox\Profiles\px782s8g.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mishu\Local Settings\Application Data\Mozilla\Firefox\Profiles\px782s8g.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12132008_195724

Files moved on Reboot...
C:\DOCUME~1\Mishu\LOCALS~1\Temp\ClamWin1.log moved successfully.
File C:\DOCUME~1\Mishu\LOCALS~1\Temp\etilqs_KOaJULHJnBQBFw8mZvbo not found!
C:\Documents and Settings\Mishu\Local Settings\Application Data\Mozilla\Firefox\Profiles\px782s8g.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Mishu\Local Settings\Application Data\Mozilla\Firefox\Profiles\px782s8g.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Mishu\Local Settings\Application Data\Mozilla\Firefox\Profiles\px782s8g.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Mishu\Local Settings\Application Data\Mozilla\Firefox\Profiles\px782s8g.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Mishu\Local Settings\Application Data\Mozilla\Firefox\Profiles\px782s8g.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Mishu\Local Settings\Application Data\Mozilla\Firefox\Profiles\px782s8g.default\XUL.mfl moved successfully.
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
Service jbridgep stopped successfully.
Service jbridgep deleted successfully.
========== FILES ==========
C:\WINDOWS\tasks\nnhghnha.job moved successfully.
File/Folder C:\WINDOWS\system32\fupilito.dll not found.
File/Folder C:\WINDOWS\system32\lamisefi.dll not found.
DllUnregisterServer procedure not found in c:\windows\system32\woyadolu.dll
c:\windows\system32\woyadolu.dll NOT unregistered.
c:\windows\system32\woyadolu.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\fetezeme.dll
C:\WINDOWS\system32\fetezeme.dll NOT unregistered.
C:\WINDOWS\system32\fetezeme.dll moved successfully.
C:\WINDOWS\system32\imilapoy.ini moved successfully.
C:\WINDOWS\system32\amomapad.ini moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ivvcvj.dll
C:\WINDOWS\system32\ivvcvj.dll NOT unregistered.
C:\WINDOWS\system32\ivvcvj.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ceqtduon.dll
C:\WINDOWS\system32\ceqtduon.dll NOT unregistered.
C:\WINDOWS\system32\ceqtduon.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\jcodbclj.dll
C:\WINDOWS\system32\jcodbclj.dll NOT unregistered.
C:\WINDOWS\system32\jcodbclj.dll moved successfully.
C:\WINDOWS\system32\e3482071-.txt moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\yopalimi.dll
C:\WINDOWS\system32\yopalimi.dll NOT unregistered.
C:\WINDOWS\system32\yopalimi.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\yumaluso.dll
C:\WINDOWS\system32\yumaluso.dll NOT unregistered.
C:\WINDOWS\system32\yumaluso.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\gukehere.dll
C:\WINDOWS\system32\gukehere.dll NOT unregistered.
C:\WINDOWS\system32\gukehere.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\mebokewe.dll
C:\WINDOWS\system32\mebokewe.dll NOT unregistered.
C:\WINDOWS\system32\mebokewe.dll moved successfully.
File/Folder C:\Documents and Settings\Mishu\Local Settings\temp\jbridgep.sys not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fd5beef0-6cef-458b-ab65-ba499e760e73}\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tibopomisa deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\CPMeb58d793 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tibopomisa\\ deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_DLLS"|"avgrsstx.dll" /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\SSODL not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler\\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\"Notification Packages"|hex(7):73,63,65,63,6c,69,00,00 /E : value set successfully!
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Mishu\LOCALS~1\Temp\ClamWin1.log scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Mishu\LOCALS~1\Temp\etilqs_KOaJULHJnBQBFw8mZvbo scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Mishu\Local Settings\Application Data\Mozilla\Firefox\Profiles\px782s8g.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mishu\Local Settings\Application Data\Mozilla\Firefox\Profiles\px782s8g.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mishu\Local Settings\Application Data\Mozilla\Firefox\Profiles\px782s8g.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mishu\Local Settings\Application Data\Mozilla\Firefox\Profiles\px782s8g.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mishu\Local Settings\Application Data\Mozilla\Firefox\Profiles\px782s8g.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mishu\Local Settings\Application Data\Mozilla\Firefox\Profiles\px782s8g.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12132008_195724

Files moved on Reboot...
C:\DOCUME~1\Mishu\LOCALS~1\Temp\ClamWin1.log moved successfully.
File C:\DOCUME~1\Mishu\LOCALS~1\Temp\etilqs_KOaJULHJnBQBFw8mZvbo not found!
C:\Documents and Settings\Mishu\Local Settings\Application Data\Mozilla\Firefox\Profiles\px782s8g.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Mishu\Local Settings\Application Data\Mozilla\Firefox\Profiles\px782s8g.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Mishu\Local Settings\Application Data\Mozilla\Firefox\Profiles\px782s8g.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Mishu\Local Settings\Application Data\Mozilla\Firefox\Profiles\px782s8g.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Mishu\Local Settings\Application Data\Mozilla\Firefox\Profiles\px782s8g.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Mishu\Local Settings\Application Data\Mozilla\Firefox\Profiles\px782s8g.default\XUL.mfl moved successfully.
  • 0

#10
mishuhome
Posted 13 December 2008 - 10:05 PM

mishuhome

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Logfile of random's system information tool 1.04 (written by random/random)
Run by Mishu at 2008-12-13 20:05:03
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 60 GB (77%) free of 79 GB
Total RAM: 1982 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:05:16 PM, on 12/13/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Mishu\Desktop\RSIT.exe
C:\Program Files\trend micro\Mishu.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cbc.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {26B454CA-084A-4F0A-BCB9-CA4CB63F1E9C} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {fd5beef0-6cef-458b-ab65-ba499e760e73} - C:\WINDOWS\system32\fupilito.dll (file missing)
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [SpywareBot] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [CPMeb58d793] Rundll32.exe "c:\windows\system32\vufulowe.dll",a
O4 - HKLM\..\Run: [tibopomisa] Rundll32.exe "C:\WINDOWS\system32\lamisefi.dll",s
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AutorunsDisabled
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\OFFICE~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\OFFICE~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\OFFICE~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\OFFICE~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1175003273562
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Typer%20Shark/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Office Enterprise 2007\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll c:\windows\system32\vufulowe.dll,C:\WINDOWS\system32\fetezeme.dll c:\windows\system32\woyadolu.dll c:\windows\system32\gukehere.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\vufulowe.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\vufulowe.dll
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Creative Centrale Media Server (CTUPnPSv) - Creative Technology Ltd - C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

--
End of file - 5924 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Microsoft_Hardware_Launch_IType_exe.job
C:\WINDOWS\tasks\RegCure Program Check.job
C:\WINDOWS\tasks\RegCure.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{26B454CA-084A-4F0A-BCB9-CA4CB63F1E9C}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fd5beef0-6cef-458b-ab65-ba499e760e73}]
C:\WINDOWS\system32\fupilito.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ClamWin"=C:\Program Files\ClamWin\bin\ClamTray.exe [2008-11-09 86016]
"SpywareBot"=C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2005-10-26 159744]
"CPMeb58d793"=c:\windows\system32\vufulowe.dll [2008-12-13 91934]
"tibopomisa"=C:\WINDOWS\system32\lamisefi.dll []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-11-07 21633320]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2007-04-03 644696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^RAMIdle.lnk]
C:\Tweaks\CUSTOM~1\RAMIdle.exe [2001-09-27 160256]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mishu^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk]
C:\PROGRA~1\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup
AutorunsDisabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll c:\windows\system32\vufulowe.dll,C:\WINDOWS\system32\fetezeme.dll c:\windows\system32\woyadolu.dll c:\windows\system32\gukehere.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\vufulowe.dll [2008-12-13 91934]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\vufulowe.dll [2008-12-13 91934]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Office Enterprise 2007\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\WINDOWS\system32\fetezeme.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoInstrumentation"=1
"NoToolbarCustomize"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Ovis\bin\OvisPdf-Office.exe"="C:\Program Files\Ovis\bin\OvisPdf-Office.exe:*:Disabled:OvisPdf-Office"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\id Software\Quake 4\Quake4Ded.exe"="C:\Program Files\id Software\Quake 4\Quake4Ded.exe:*:Disabled:Quake 4"
"C:\Program Files\Quake III Arena\quake3.exe"="C:\Program Files\Quake III Arena\quake3.exe:*:Disabled:quake3"
"C:\Program Files\Tremulous\tremulous.exe"="C:\Program Files\Tremulous\tremulous.exe:*:Disabled:tremulous"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\WINDOWS\system32\rtcshare.exe"="C:\WINDOWS\system32\rtcshare.exe:*:Enabled:RTC App Sharing"
"C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®"
"C:\Program Files\Shaw Messenger\bin\SMC.exe"="C:\Program Files\Shaw Messenger\bin\SMC.exe:*:Enabled:Shaw Messenger"
"C:\Program Files\Shareaza.exe"="C:\Program Files\Shareaza.exe:*:Enabled:Shareaza"
"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Office Enterprise 2007\Office12\OUTLOOK.EXE"="C:\Office Enterprise 2007\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Office Enterprise 2007\Office12\GROOVE.EXE"="C:\Office Enterprise 2007\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Office Enterprise 2007\Office12\ONENOTE.EXE"="C:\Office Enterprise 2007\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\WINDOWS\system32\lsass.exe"="C:\WINDOWS\system32\lsass.exe:*:Enabled:lsass"
"C:\Program Files\Microsoft IntelliType Pro\itype.exe"="C:\Program Files\Microsoft IntelliType Pro\itype.exe:*:Enabled:itype"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\Program Files\ClamWin\bin\ClamTray.exe"="C:\Program Files\ClamWin\bin\ClamTray.exe:*:Enabled:ClamTray"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\WINDOWS\system32\services.exe"="C:\WINDOWS\system32\services.exe:*:Enabled:services"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:rundll32"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 3 months======

2008-12-13 20:03:46 ----D---- C:\WINDOWS\LastGood
2008-12-13 19:57:24 ----D---- C:\_OTMoveIt
2008-12-13 19:31:18 ----SH---- C:\WINDOWS\system32\oheroyod.ini
2008-12-13 08:06:53 ----A---- C:\WINDOWS\gmer.ini
2008-12-13 08:06:51 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2008-12-13 08:06:51 ----A---- C:\WINDOWS\gmer.exe
2008-12-13 08:06:51 ----A---- C:\WINDOWS\gmer.dll
2008-12-12 18:25:35 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-12 16:26:50 ----D---- C:\WINDOWS\ERDNT
2008-12-12 16:26:49 ----D---- C:\Documents and Settings\Mishu\Application Data\Sony Ericsson
2008-12-12 16:08:06 ----D---- C:\Program Files\ERUNT
2008-12-12 15:29:07 ----D---- C:\Documents and Settings\Mishu\Application Data\Malwarebytes
2008-12-12 15:29:00 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-12-12 15:28:59 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-12 12:22:05 ----D---- C:\My Downloads
2008-12-12 12:22:05 ----D---- C:\Documents and Settings\Mishu\Application Data\Shareaza
2008-12-12 12:09:08 ----D---- C:\Program Files\trend micro
2008-12-12 12:08:46 ----A---- C:\log.txt
2008-12-12 12:07:37 ----D---- C:\rsit
2008-12-12 08:55:24 ----D---- C:\Documents and Settings\Mishu\Application Data\skypePM
2008-12-10 23:35:00 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-10 23:35:00 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-12-10 23:25:13 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2008-12-08 08:17:30 ----D---- C:\WINDOWS\system32\Abdio
2008-12-08 07:56:27 ----D---- C:\Documents and Settings\Mishu\Application Data\.clamwin
2008-12-08 07:56:16 ----D---- C:\Program Files\ClamWin
2008-12-05 21:26:29 ----D---- C:\Program Files\PDF Editor 2
2008-12-05 21:26:29 ----A---- C:\WINDOWS\cadkasdeinst01e.exe
2008-12-05 14:35:41 ----D---- C:\Documents and Settings\Mishu\Application Data\Skype
2008-12-05 14:35:24 ----D---- C:\Program Files\Skype
2008-12-05 14:35:24 ----D---- C:\Program Files\Common Files\Skype
2008-12-05 14:35:15 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype
2008-12-05 14:29:26 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2008-12-05 14:25:08 ----SHDC---- C:\Program Files\Common Files\WindowsLiveInstaller
2008-12-05 14:25:01 ----D---- C:\Program Files\Windows Live
2008-12-05 14:24:43 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller
2008-12-04 14:22:35 ----D---- C:\Program Files\Windows Desktop Search
2008-12-04 14:22:34 ----D---- C:\WINDOWS\system32\GroupPolicy
2008-12-04 12:02:01 ----HD---- C:\$AVG8.VAULT$
2008-12-03 20:59:34 ----A---- C:\WINDOWS\system32\msonpmon.dll
2008-12-03 20:55:13 ----D---- C:\Office Enterprise 2007
2008-12-03 20:24:26 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
2008-12-03 15:52:30 ----D---- C:\Program Files\Foxit PDF Creator
2008-12-03 15:31:42 ----N---- C:\WINDOWS\system32\avgrsstx.dll.install_backup
2008-12-03 15:31:29 ----D---- C:\Program Files\AVG
2008-12-03 15:31:29 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8
2008-12-03 10:22:53 ----D---- C:\Program Files\Foxit Software
2008-12-03 09:31:12 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\pdf995
2008-12-03 09:31:12 ----A---- C:\WINDOWS\system32\pdfmona.dll
2008-12-03 09:31:12 ----A---- C:\WINDOWS\system32\pdf995mon.dll
2008-12-03 09:28:22 ----D---- C:\Documents and Settings\Mishu\Application Data\eXPert PDF Reader
2008-12-03 09:18:17 ----D---- C:\Documents and Settings\Mishu\Application Data\Foxit
2008-12-03 09:02:56 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\ScanSoft
2008-12-01 08:42:43 ----D---- C:\Documents and Settings\Mishu\Application Data\Creative
2008-12-01 08:38:25 ----N---- C:\WINDOWS\Ctregrun.exe
2008-12-01 08:35:24 ----N---- C:\WINDOWS\system32\msxml3a.dll
2008-12-01 08:33:32 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Creative
2008-12-01 08:33:08 ----HD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\{C39CADE8-EC32-4A3E-ADF3-99FB5B7A317D}
2008-12-01 08:32:21 ----D---- C:\Program Files\Creative
2008-12-01 08:32:13 ----HD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\{90F3B5EB-A471-42F9-A905-991C2DB2312C}
2008-11-21 06:39:23 ----A---- C:\WINDOWS\system32\dzip32.dll
2008-11-21 06:39:23 ----A---- C:\WINDOWS\system32\dunzip32.dll
2008-11-21 06:39:11 ----D---- C:\Program Files\Windows Media Bonus Pack for Windows XP
2008-11-20 08:23:23 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-11-20 08:09:56 ----D---- C:\Documents and Settings\Mishu\Application Data\Real
2008-11-12 07:57:55 ----D---- C:\Dhamma Talks
2008-11-03 20:42:51 ----A---- C:\WINDOWS\system32\MFCANS32.DLL
2008-11-03 20:42:44 ----A---- C:\WINDOWS\WFXDEL.BAT
2008-09-30 16:43:34 ----A---- C:\WINDOWS\system32\msxml4.dll

======List of files/folders modified in the last 3 months======

2008-12-13 20:04:52 ----HD---- C:\WINDOWS\inf
2008-12-13 20:04:52 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-13 20:04:52 ----D---- C:\WINDOWS
2008-12-13 20:04:51 ----D---- C:\WINDOWS\system32
2008-12-13 20:04:08 ----D---- C:\WINDOWS\Prefetch
2008-12-13 20:04:04 ----D---- C:\WINDOWS\system32\drivers
2008-12-13 20:03:42 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-13 20:01:23 ----D---- C:\Program Files\Mozilla Firefox
2008-12-13 20:00:50 ----D---- C:\WINDOWS\Temp
2008-12-13 19:59:15 ----D---- C:\WINDOWS\Debug
2008-12-13 19:57:24 ----SD---- C:\WINDOWS\Tasks
2008-12-13 19:31:16 ----ASH---- C:\WINDOWS\system32\vufulowe.dll
2008-12-13 19:31:15 ----ASH---- C:\WINDOWS\system32\doyoreho.dll
2008-12-13 08:04:31 ----D---- C:\All Downloads
2008-12-13 07:56:08 ----RD---- C:\Program Files
2008-12-13 06:45:46 ----D---- C:\WINDOWS\network diagnostic
2008-12-12 16:28:21 ----D---- C:\WINDOWS\pss
2008-12-12 12:02:38 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-12 08:32:36 ----A---- C:\WINDOWS\WININIT.INI
2008-12-12 08:25:16 ----D---- C:\Documents and Settings
2008-12-11 14:52:02 ----D---- C:\temp
2008-12-10 23:33:42 ----SHD---- C:\WINDOWS\Installer
2008-12-10 23:33:41 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-10 23:33:41 ----D---- C:\Config.Msi
2008-12-10 22:51:19 ----D---- C:\Program Files\CCleaner
2008-12-10 22:48:27 ----D---- C:\WINDOWS\tracing
2008-12-08 11:00:06 ----D---- C:\All My Stuff
2008-12-08 08:37:29 ----SD---- C:\Documents and Settings\Mishu\Application Data\Microsoft
2008-12-06 17:29:22 ----D---- C:\WINDOWS\ie7updates
2008-12-06 17:22:50 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-06 17:22:25 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-06 17:22:19 ----D---- C:\Program Files\Internet Explorer
2008-12-06 17:21:15 ----D---- C:\WINDOWS\system32\wbem
2008-12-06 17:21:15 ----D---- C:\WINDOWS\system32\en-US
2008-12-06 17:20:36 ----D---- C:\WINDOWS\WinSxS
2008-12-06 17:20:35 ----D---- C:\Program Files\Common Files
2008-12-05 18:15:33 ----SD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft
2008-12-05 14:32:32 ----D---- C:\Images
2008-12-05 14:30:22 ----D---- C:\WINDOWS\system32\DirectX
2008-12-05 14:28:51 ----D---- C:\Program Files\MSN Messenger
2008-12-05 14:27:54 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-12-04 14:51:37 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-04 14:32:12 ----A---- C:\WINDOWS\win.ini
2008-12-04 14:23:02 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-04 14:13:19 ----HD---- C:\WINDOWS\ShellNew
2008-12-04 14:06:24 ----D---- C:\Program Files\MSBuild
2008-12-04 14:05:19 ----RSD---- C:\WINDOWS\Fonts
2008-12-04 14:04:14 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-04 14:04:13 ----D---- C:\Program Files\Microsoft Office
2008-12-04 14:03:43 ----D---- C:\Program Files\Microsoft Works
2008-12-04 14:03:40 ----D---- C:\WINDOWS\Help
2008-12-04 13:52:15 ----D---- C:\WINDOWS\Media
2008-12-03 21:49:15 ----D---- C:\Program Files\Common Files\Designer
2008-12-03 20:59:15 ----D---- C:\WINDOWS\system32\config
2008-12-03 15:03:58 ----D---- C:\Program Files\Common Files\Logitech
2008-12-03 15:02:23 ----D---- C:\Program Files\Common Files\Logishrd
2008-12-03 09:36:33 ----D---- C:\Program Files\Windows Media Player
2008-12-03 09:14:27 ----D---- C:\Program Files\Adobe
2008-11-24 08:12:26 ----A---- C:\WINDOWS\NeroDigital.ini
2008-11-16 08:05:37 ----D---- C:\Program Files\Mozilla Thunderbird
2008-11-16 07:54:40 ----D---- C:\Program Files\lg_fwupdate
2008-11-16 07:54:35 ----A---- C:\WINDOWS\lgfwup.ini
2008-11-16 07:48:54 ----D---- C:\Documents and Settings\Mishu\Application Data\InterTrust
2008-11-15 17:46:41 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-11-15 17:45:17 ----D---- C:\Program Files\Common Files\Real
2008-11-11 09:57:25 ----A---- C:\WINDOWS\SYSTEM.INI
2008-11-02 13:19:11 ----D---- C:\Program Files\Setup Files
2008-11-01 09:53:40 ----D---- C:\Program Files\Microsoft Windows Vista Upgrade Advisor
2008-11-01 09:53:40 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Corporation
2008-11-01 09:50:49 ----D---- C:\Program Files\Google
2008-11-01 09:44:41 ----D---- C:\Program Files\Logitech
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-10-16 14:12:22 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-10-16 14:12:20 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wups2.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\cdm.dll
2008-10-16 14:09:40 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-10-16 14:08:58 ----A---- C:\WINDOWS\system32\wups.dll
2008-10-16 14:07:44 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-10-16 14:07:14 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\muweb.dll
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-10-15 08:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-08 36352]
R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2005-07-08 29696]
R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2006-03-13 28672]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2006-06-05 30556]
R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5b.sys [2004-04-14 42496]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-11-15 4225920]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 S3G700;S3G700; C:\WINDOWS\system32\DRIVERS\S3G700m.sys [2005-12-13 794624]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2005-07-08 99584]
S2 LBeepKE;LBeepKE; C:\WINDOWS\System32\Drivers\LBeepKE.sys []
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-12-13 85969]
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2008-02-29 20240]
S3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2008-02-29 63120]
S3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-02-29 35344]
S3 LHidKe;Logitech SetPoint HID Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidKE.Sys [2006-05-10 27264]
S3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-02-29 36880]
S3 LMouKE;SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2008-02-29 79120]
S3 MSICPL;MSICPL; \??\C:\Documents and Settings\Mishu\install4\MSICPL.sys []
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 NTACCESS;NTACCESS; \??\D:\NTACCESS.sys []
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 w300bus;Sony Ericsson W300 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\w300bus.sys [2006-03-13 60800]
S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\w300mdfl.sys [2006-03-13 9264]
S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\w300mdm.sys [2006-03-13 96352]
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\w300mgmt.sys [2006-03-13 87824]
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\w300obex.sys [2006-03-13 85696]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CTDevice_Srv;CT Device Query service; C:\Program Files\Creative\Shared Files\CTDevSrv.exe [2007-04-01 61440]
R2 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2005-07-08 871424]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-19 322120]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 CTUPnPSv;Creative Centrale Media Server; C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe [2008-05-21 64000]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Office Enterprise 2007\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------
  • 0

Advertisements

#11
mishuhome
Posted 13 December 2008 - 10:07 PM

mishuhome

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Those 2 buggars are still in there. Man, they are bad.
  • 0

#12
fenzodahl512
Posted 13 December 2008 - 11:28 PM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DO NOT mouseclick combofix's window while its running. That may cause it to stall
  • 0

#13
fenzodahl512
Posted 13 December 2008 - 11:29 PM

fenzodahl512

  • Malware Removal
  • 9,863 posts
double posted :)

Edited by fenzodahl512, 13 December 2008 - 11:31 PM.

  • 0

#14
mishuhome
Posted 14 December 2008 - 03:00 PM

mishuhome

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Here are my logs
Thanks for the update on your schedule. If we cannot fix this thing today I will await your return.
Michele

ComboFix 08-12-14.01 - Mishu 2008-12-14 9:55:46.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.2.1033.18.1982.1476 [GMT -8:00]
Running from: c:\documents and settings\Mishu\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
c:\program files\autorun.inf
c:\windows\system32\doyoreho.dll
c:\windows\system32\oheroyod.ini
c:\windows\system32\vufulowe.dll

.
((((((((((((((((((((((((( Files Created from 2008-11-14 to 2008-12-14 )))))))))))))))))))))))))))))))
.

2008-12-13 19:57 . 2008-12-13 19:57 <DIR> d-------- C:\_OTMoveIt
2008-12-13 08:06 . 2008-12-13 08:18 250 --a------ c:\windows\gmer.ini
2008-12-12 16:26 . 2008-12-12 16:26 <DIR> d-------- c:\documents and settings\Mishu\Application Data\Sony Ericsson
2008-12-12 16:08 . 2008-12-12 16:28 <DIR> d-------- c:\program files\ERUNT
2008-12-12 15:29 . 2008-12-12 15:29 <DIR> d-------- c:\documents and settings\Mishu\Application Data\Malwarebytes
2008-12-12 15:29 . 2008-12-12 15:29 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-12-12 15:29 . 2008-12-03 19:53 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-12 15:29 . 2008-12-03 19:53 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-12 15:28 . 2008-12-12 15:29 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-12 12:22 . 2008-12-12 12:22 <DIR> d-------- C:\My Downloads
2008-12-12 12:22 . 2008-12-12 12:22 <DIR> d-------- c:\documents and settings\Mishu\Application Data\Shareaza
2008-12-12 12:12 . 2008-12-12 12:12 105,178,088 --a------ C:\Backup Reg dec12.reg
2008-12-12 12:09 . 2008-12-13 20:05 <DIR> d-------- c:\program files\trend micro
2008-12-12 12:07 . 2008-12-12 12:07 <DIR> d-------- C:\rsit
2008-12-12 08:55 . 2008-12-14 08:00 <DIR> d-------- c:\documents and settings\Mishu\Application Data\skypePM
2008-12-10 23:35 . 2008-12-10 23:38 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-10 23:35 . 2008-12-12 18:23 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-12-10 23:25 . 2008-12-10 23:33 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft
2008-12-08 08:18 . 2008-12-08 08:18 16 --a------ c:\windows\system32\W7409A4F3e86be2F2.bin
2008-12-08 08:17 . 2008-12-08 10:20 <DIR> d-------- c:\windows\system32\Abdio
2008-12-08 07:56 . 2008-12-08 07:56 <DIR> d-------- c:\program files\ClamWin
2008-12-08 07:56 . 2008-12-08 07:56 <DIR> d-------- c:\documents and settings\Mishu\Application Data\.clamwin
2008-12-08 07:56 . 2008-12-08 07:56 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\.clamwin
2008-12-05 21:26 . 2008-12-11 14:33 <DIR> d-------- c:\program files\PDF Editor 2
2008-12-05 21:26 . 2008-12-08 11:03 74,752 --a------ c:\windows\cadkasdeinst01e.exe
2008-12-05 14:54 . 2008-12-05 14:54 56 --ah----- c:\windows\system32\ezsidmv.dat
2008-12-05 14:35 . 2008-12-05 14:35 <DIR> d-------- c:\program files\Skype
2008-12-05 14:35 . 2008-12-05 14:35 <DIR> d-------- c:\program files\Common Files\Skype
2008-12-05 14:35 . 2008-12-14 09:49 <DIR> d-------- c:\documents and settings\Mishu\Application Data\Skype
2008-12-05 14:35 . 2008-12-05 14:35 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Skype
2008-12-05 14:29 . 2008-12-05 14:29 <DIR> d-------- c:\program files\Microsoft SQL Server Compact Edition
2008-12-05 14:29 . 2008-12-05 14:29 <DIR> d-------- c:\documents and settings\Mishu\Contacts
2008-12-05 14:25 . 2008-12-06 17:21 <DIR> d-------- c:\program files\Windows Live
2008-12-05 14:25 . 2008-12-05 14:27 <DIR> d--hsc--- c:\program files\Common Files\WindowsLiveInstaller
2008-12-05 14:24 . 2008-12-05 14:24 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\WLInstaller
2008-12-05 06:56 . 2008-12-05 06:56 54,156 --ah----- c:\windows\QTFont.qfn
2008-12-05 06:56 . 2008-12-05 06:56 1,409 --a------ c:\windows\QTFont.for
2008-12-04 14:22 . 2008-12-04 14:22 <DIR> d-------- c:\windows\system32\GroupPolicy
2008-12-04 14:22 . 2008-12-06 17:29 <DIR> d-------- c:\program files\Windows Desktop Search
2008-12-04 14:17 . 2008-03-07 09:02 192,000 -----c--- c:\windows\system32\dllcache\offfilt.dll
2008-12-04 14:17 . 2008-03-07 09:02 98,304 -----c--- c:\windows\system32\dllcache\nlhtml.dll
2008-12-04 14:17 . 2008-03-07 09:02 29,696 -----c--- c:\windows\system32\dllcache\mimefilt.dll
2008-12-04 12:02 . 2008-12-07 14:52 <DIR> d--h----- C:\$AVG8.VAULT$
2008-12-03 20:59 . 2006-10-26 19:56 32,592 --a------ c:\windows\system32\msonpmon.dll
2008-12-03 20:55 . 2008-12-04 14:06 <DIR> d-------- C:\Office Enterprise 2007
2008-12-03 20:45 . 2008-12-03 20:45 <DIR> d-------- c:\documents and settings\Office Enterprise 2007
2008-12-03 20:24 . 2008-12-08 08:37 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help
2008-12-03 17:12 . 2008-12-05 11:09 0 --a------ c:\windows\system32\FOXIT_PDF
2008-12-03 15:52 . 2008-12-03 18:04 <DIR> d-------- c:\program files\Foxit PDF Creator
2008-12-03 15:31 . 2008-12-03 15:31 <DIR> d-------- c:\program files\AVG
2008-12-03 15:31 . 2008-12-08 08:01 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\avg8
2008-12-03 15:31 . 2008-12-03 15:31 10,520 --------- c:\windows\system32\avgrsstx.dll.install_backup
2008-12-03 10:22 . 2008-12-05 18:53 <DIR> d-------- c:\program files\Foxit Software
2008-12-03 09:31 . 2008-12-03 09:31 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\pdf995
2008-12-03 09:31 . 2008-12-03 09:31 249,856 --a------ c:\windows\system32\pdfmona.dll
2008-12-03 09:31 . 2008-12-03 09:31 51,716 --a------ c:\windows\system32\pdf995mon.dll
2008-12-03 09:31 . 2008-12-03 09:31 25 --a------ c:\windows\wpd99.drv
2008-12-03 09:28 . 2008-12-03 09:28 <DIR> d-------- c:\documents and settings\Mishu\Application Data\eXPert PDF Reader
2008-12-03 09:18 . 2008-12-03 09:18 <DIR> d-------- c:\documents and settings\Mishu\Application Data\Foxit
2008-12-03 09:02 . 2008-12-03 09:02 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\ScanSoft
2008-12-01 08:42 . 2008-12-01 08:44 <DIR> d-------- c:\documents and settings\Mishu\Application Data\Creative
2008-12-01 08:38 . 2006-10-05 22:17 53,248 --------- c:\windows\Ctregrun.exe
2008-12-01 08:35 . 2001-08-17 22:43 24,576 --------- c:\windows\system32\msxml3a.dll
2008-12-01 08:33 . 2008-12-01 08:38 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Creative
2008-12-01 08:33 . 2008-12-01 08:33 <DIR> d--h----- c:\documents and settings\All Users.WINDOWS\Application Data\{C39CADE8-EC32-4A3E-ADF3-99FB5B7A317D}
2008-12-01 08:32 . 2008-12-01 08:38 <DIR> d-------- c:\program files\Creative
2008-12-01 08:32 . 2008-12-04 14:51 <DIR> d--h----- c:\documents and settings\All Users.WINDOWS\Application Data\{90F3B5EB-A471-42F9-A905-991C2DB2312C}
2008-11-21 06:39 . 2008-11-21 06:39 <DIR> d-------- c:\program files\Windows Media Bonus Pack for Windows XP
2008-11-21 06:39 . 2001-11-30 19:05 131,072 --a------ c:\windows\system32\dzip32.dll
2008-11-21 06:39 . 2001-11-30 19:05 110,592 --a------ c:\windows\system32\dunzip32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-11 07:33 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-11 06:51 --------- d-----w c:\program files\CCleaner
2008-12-05 22:28 --------- d-----w c:\program files\MSN Messenger
2008-12-04 22:51 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-04 22:06 --------- d-----w c:\program files\MSBuild
2008-12-04 22:03 --------- d-----w c:\program files\Microsoft Works
2008-12-03 23:03 --------- d-----w c:\program files\Common Files\Logitech
2008-12-03 23:02 --------- d-----w c:\program files\Common Files\Logishrd
2008-11-16 16:05 --------- d-----w c:\program files\Mozilla Thunderbird
2008-11-16 15:54 --------- d-----w c:\program files\lg_fwupdate
2008-11-16 15:48 --------- d-----w c:\documents and settings\Mishu\Application Data\InterTrust
2008-11-16 01:46 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-16 01:45 --------- d-----w c:\program files\Common Files\Real
2008-11-02 21:19 --------- d-----w c:\program files\Setup Files
2008-11-01 17:53 --------- d-----w c:\program files\Microsoft Windows Vista Upgrade Advisor
2008-11-01 17:53 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Corporation
2008-11-01 17:50 --------- d-----w c:\program files\Google
2008-11-01 17:44 --------- d-----w c:\program files\Logitech
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-04-20 19:08 198 ----a-w c:\program files\WMHelper.log
2008-01-01 18:10 378,304 ----a-w c:\program files\ResourcesLOC.dll
2008-01-01 18:10 271,808 ----a-w c:\program files\PortableMediaDeviceWrapper.dll
2008-01-01 18:10 154,560 ----a-w c:\program files\UninstallSurvey.exe
2008-01-01 18:09 99,776 ----a-w c:\program files\IMWebControl.dll
2008-01-01 18:09 102,848 ----a-w c:\program files\DiscoveryHelper.dll
2008-01-01 17:53 90,112 ----a-w c:\program files\Launcher.exe
2007-12-11 19:20 110,592 ----a-w c:\program files\lic_helper.dll
2007-08-13 01:34 154 ----a-w c:\program files\FixAudioDriverSignature.reg
2007-05-14 23:16 503,808 ----a-w c:\program files\msvcp71.dll
2007-05-14 23:16 348,160 ----a-w c:\program files\msvcr71.dll
2007-05-14 01:08 995,328 ----a-w c:\program files\NCTAudioCDGrabber2.dll
2007-05-14 01:08 815,104 ----a-w c:\program files\NCTDataCDWriter2.dll
2007-05-14 01:08 815,104 ----a-w c:\program files\NCTAudioFile3.dll
2007-05-14 01:08 815,104 ----a-w c:\program files\NCTAudioCDWriter2.dll
2007-05-14 01:08 258,048 ----a-w c:\program files\NCTAudioFileWMA3.dll
2007-05-14 01:08 2,781,184 ----a-w c:\program files\NCTAudioCompress3.dll
2007-05-14 01:08 106,496 ----a-w c:\program files\NCTAudioFormatSettings3.dll
2007-05-02 00:04 69,632 ----a-w c:\program files\UpdateInst.exe
2007-04-12 21:33 540,654 ----a-w c:\program files\Key Code.bmp
2007-03-25 11:00 146,432 ----a-w c:\program files\GIFAnimator.dll
2006-11-16 11:00 8,286 ----a-w c:\program files\WMAProfiles.prx
2006-11-12 18:39 315,392 ----a-w c:\program files\WMHelper.dll
2006-11-12 18:39 24,576 ----a-w c:\program files\FFPage.exe
2006-11-12 18:39 237,568 ----a-w c:\program files\lame_enc.dll
2006-11-12 18:39 121,504 ----a-w c:\program files\Shw32.dll
2004-10-01 23:00 40,960 ----a-w c:\program files\Uninstall_CDS.exe
2002-07-27 00:02 153,088 ----a-w c:\program files\UNWISE.EXE
2006-05-06 16:42 7,260,160 ----a-w c:\program files\mozilla firefox\plugins\libvlc.dll
2008-06-09 15:09 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008060920080610\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ClamWin"="c:\program files\ClamWin\bin\ClamTray.exe" [2008-11-09 86016]
"SpywareBot"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^RAMIdle.lnk]
backup=c:\windows\pss\RAMIdle.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Mishu^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk]
path=c:\documents and settings\Mishu\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
backup=c:\windows\pss\ERUNT AutoBackup.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
--a------ 2007-04-03 08:00 644696 c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Office Enterprise 2007\\Office12\\OUTLOOK.EXE"=
"c:\\Office Enterprise 2007\\Office12\\GROOVE.EXE"=
"c:\\Office Enterprise 2007\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft IntelliType Pro\\itype.exe"=
"c:\\Program Files\\ClamWin\\bin\\ClamTray.exe"=
"c:\\WINDOWS\\system32\\services.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6346:TCP"= 6346:TCP:Shareaza
"6347:TCP"= 6347:TCP:UDP
"43649:TCP"= 43649:TCP:emule
"52316:UDP"= 52316:UDP:eMule

R3 S3G700;S3G700;c:\windows\system32\DRIVERS\S3G700m.sys [2007-03-25 794624]
S2 LBeepKE;LBeepKE;c:\windows\system32\Drivers\LBeepKE.sys []
S3 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe [2008-05-21 64000]
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\w300mgmt.sys [2007-03-29 87824]
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\w300obex.sys [2007-03-29 85696]
.
Contents of the 'Scheduled Tasks' folder

2007-07-28 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job
- c:\program files\Microsoft IntelliType Pro\itype.exe [2006-11-21 16:08]

2008-12-14 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2007-06-07 08:49]

2008-12-11 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2007-06-07 08:49]
.
- - - - ORPHANS REMOVED - - - -

BHO-{26B454CA-084A-4F0A-BCB9-CA4CB63F1E9C} - (no file)
BHO-{fd5beef0-6cef-458b-ab65-ba499e760e73} - c:\windows\system32\fupilito.dll
HKLM-Run-tibopomisa - c:\windows\system32\lamisefi.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.cbc.ca/
IE: &Winamp Search
IE: E&xport to Microsoft Excel - c:\office~1\Office12\EXCEL.EXE/3000

c:\windows\Downloaded Program Files\armhelper.ocx - O16 -: {CC450D71-CC90-424C-8638-1F2DBAC87A54}
file:///C:/Program%20Files/Typer%20Shark/Images/armhelper.ocx
FF - ProfilePath - c:\documents and settings\Mishu\Application Data\Mozilla\Firefox\Profiles\px782s8g.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - cbc.ca
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101703&gct=&gc=1&q=
FF - plugin: c:\documents and settings\All Users.WINDOWS\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npvlc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-14 09:58:11
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(756)
c:\windows\system32\ginamsi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Ahead\InCD\InCDsrv.exe
c:\program files\Creative\Shared Files\CTDevSrv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Common Files\Teleca Shared\CapabilityManager.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2008-12-14 10:00:36 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-14 18:00:34

Pre-Run: 62,796,378,112 bytes free
Post-Run: 62,714,548,224 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

256 --- E O F --- 2008-12-14 04:08:28
  • 0

#15
mishuhome
Posted 14 December 2008 - 03:05 PM

mishuhome

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Fresh Hi Jack this:
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
Unable to stop service jbridgep .
========== FILES ==========
File/Folder C:\WINDOWS\tasks\nnhghnha.job not found.
File/Folder C:\WINDOWS\system32\fupilito.dll not found.
File/Folder C:\WINDOWS\system32\lamisefi.dll not found.
File/Folder c:\windows\system32\woyadolu.dll not found.
File/Folder C:\WINDOWS\system32\fetezeme.dll not found.
File/Folder C:\WINDOWS\system32\imilapoy.ini not found.
File/Folder C:\WINDOWS\system32\amomapad.ini not found.
File/Folder C:\WINDOWS\system32\ivvcvj.dll not found.
File/Folder C:\WINDOWS\system32\ceqtduon.dll not found.
File/Folder C:\WINDOWS\system32\jcodbclj.dll not found.
File/Folder C:\WINDOWS\system32\e3482071-.txt not found.
File/Folder C:\WINDOWS\system32\yopalimi.dll not found.
File/Folder C:\WINDOWS\system32\yumaluso.dll not found.
File/Folder C:\WINDOWS\system32\gukehere.dll not found.
File/Folder C:\WINDOWS\system32\mebokewe.dll not found.
File/Folder C:\Documents and Settings\Mishu\Local Settings\temp\jbridgep.sys not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fd5beef0-6cef-458b-ab65-ba499e760e73}\\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tibopomisa deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\CPMeb58d793 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tibopomisa\\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_DLLS"|"avgrsstx.dll" /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\SSODL not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler\\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\"Notification Packages"|hex(7):73,63,65,63,6c,69,00,00 /E : value set successfully!
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Mishu\LOCALS~1\Temp\ClamWin1.log scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Mishu\LOCALS~1\Temp\etilqs_YAOZXiOb3eMv3AmIk8My scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Mishu\Local Settings\Application Data\Mozilla\Firefox\Profiles\px782s8g.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mishu\Local Settings\Application Data\Mozilla\Firefox\Profiles\px782s8g.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mishu\Local Settings\Application Data\Mozilla\Firefox\Profiles\px782s8g.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mishu\Local Settings\Application Data\Mozilla\Firefox\Profiles\px782s8g.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mishu\Local Settings\Application Data\Mozilla\Firefox\Profiles\px782s8g.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mishu\Local Settings\Application Data\Mozilla\Firefox\Profiles\px782s8g.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12142008_130141

Files moved on Reboot...
C:\DOCUME~1\Mishu\LOCALS~1\Temp\ClamWin1.log moved successfully.
File C:\DOCUME~1\Mishu\LOCALS~1\Temp\etilqs_YAOZXiOb3eMv3AmIk8My not found!
C:\Documents and Settings\Mishu\Local Settings\Application Data\Mozilla\Firefox\Profiles\px782s8g.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Mishu\Local Settings\Application Data\Mozilla\Firefox\Profiles\px782s8g.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Mishu\Local Settings\Application Data\Mozilla\Firefox\Profiles\px782s8g.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Mishu\Local Settings\Application Data\Mozilla\Firefox\Profiles\px782s8g.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Mishu\Local Settings\Application Data\Mozilla\Firefox\Profiles\px782s8g.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Mishu\Local Settings\Application Data\Mozilla\Firefox\Profiles\px782s8g.default\XUL.mfl moved successfully.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP