[mygrandmasaysimkool]

I have a bunch of Malware on my computer. I noticed it because I was getting pop ups saying I have a virus and would get another pop up directing me to a website to download anti virus software.

I've scanned with Spybot and will get

MicrosoftWindowsSecurityCenter.FirewallByPass
Virtumonde

I then scanned with Malwarebytes as per requested from a thread I read from the "You Must Read Before Posting HijackThis Log" where I followed the directions. I can provide the Malwarebytes scan if needed.



I restarted my computer. Did an AVG scan which found nothing. I scaned again using Spybot and the same two things came up. I then did another Malwarebytes scan (this time a full system scan) and the same things came up (I can provide a log if needed) I then did a HiJackThis log.

I"m not very good with technical computer stuff so for anyone that does help, try to be very percise with instructions.

Thanx in advance!

My HiJackThis Log:

---------------------------------------------------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:15:55, on 12/24/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\igfxtray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Documents and Settings\Owner\My Documents\Programs\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Owner\My Documents\Programs\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Documents and Settings\Owner\My Documents\Programs\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusremover2008.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.safetydownload.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusremover2008.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1226985509546
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1226986708515
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\vetaweyo.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe

--
End of file - 7908 bytes

---------------------------------------------------------------------------------------------------------------------------

My Uninstall List from HiJackThis (read on a thread it is beneficial to have)

----------------------------------------------------------------------------------------------------------------------------

Adobe Flash Player 10 Plugin
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 6.0.1
Agere Systems PCI Soft Modem
Apple Mobile Device Support
Apple Software Update
AVG Free 8.0
Bonjour
Compaq Connections
Five Card Frenzy from Compaq (remove only)
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
Intel® Extreme Graphics Driver
IntelliMover Data Transfer Demo
iTunes
Java 2 Runtime Environment, SE v1.4.2_03
KBD
LogMeIn
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft Plus! Digital Media Edition
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual J# .NET Redistributable Package 1.1
Microsoft Works 7.0
Mozilla Firefox (3.0.5)
PC-Doctor for Windows
PS2
Python 2.2 combined Win32 extensions
Python 2.2.1
Quicken 2004
QuickTime
RealOne Player
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
SoulSeek 157 NS 13c
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Windows Internet Explorer 7
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows XP Service Pack 3

Edited by mygrandmasaysimkool, 24 December 2008 - 10:36 AM.

[Advertisements]

Hello mygrandmasaysimkool

Welcome to G2Go.
=====================

• Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
• Double click on RSIT.exe to run RSIT.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

[kahdah]

Hello mygrandmasaysimkool

Welcome to G2Go.
=====================

• Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
• Double click on RSIT.exe to run RSIT.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

[mygrandmasaysimkool]

The Log TXT

Logfile of random's system information tool 1.05 (written by random/random)
Run by Owner at 2008-12-24 15:09:02
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 11 GB (33%) free of 34 GB
Total RAM: 759 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:09:18, on 12/24/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\igfxtray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Documents and Settings\Owner\My Documents\Programs\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Documents and Settings\Owner\My Documents\Programs\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Documents and Settings\Owner\My Documents\Programs\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusremover2008.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.safetydownload.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusremover2008.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1226985509546
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1226986708515
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\vetaweyo.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe

--
End of file - 7775 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\dcvjyscx.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-11-19 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-11-19 2055960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe [2004-04-02 32881]
"hpsysdrv"=c:\windows\system\hpsysdrv.exe [1998-05-07 52736]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2004-08-20 118784]
"KBD"=C:\HP\KBD\KBD.EXE [2003-02-11 61440]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2004-04-02 151597]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2004-04-13 233472]
"PS2"=C:\WINDOWS\system32\ps2.exe [2003-09-12 98304]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-06-29 88363]
"LogMeIn GUI"=C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [2008-07-24 63048]
"AlcxMonitor"=C:\WINDOWS\ALCXMNTR.EXE [2004-09-07 57344]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2004-08-20 155648]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-11-27 1261336]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Documents and Settings\Owner\My Documents\Programs\iTunesHelper.exe [2008-11-20 290088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Compaq Connections.lnk - C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe

C:\Documents and Settings\Owner\Start Menu\Programs\Startup
IMStart.lnk - C:\Program Files\InterMute\IMStart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINDOWS\system32\vetaweyo.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-08-20 344064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]
C:\WINDOWS\system32\LMIinit.dll [2008-10-16 87352]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\WINDOWS\system32\vetaweyo.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe"="C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe:*:Disabled:BackWeb-1940576"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Documents and Settings\Owner\Desktop\SoulSeek.exe"="C:\Documents and Settings\Owner\Desktop\SoulSeek.exe:*:Enabled:SoulSeek"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Documents and Settings\Owner\My Documents\Programs\iTunes.exe"="C:\Documents and Settings\Owner\My Documents\Programs\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe:*:Enabled:LogMeInSystray"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 3 months======

2008-12-24 15:09:02 ----D---- C:\rsit
2008-12-23 23:42:07 ----D---- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-12-23 23:41:57 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-23 22:21:36 ----D---- C:\VundoFix Backups
2008-12-23 22:21:36 ----A---- C:\VundoFix.txt
2008-12-23 22:14:06 ----D---- C:\WINDOWS\temp
2008-12-23 22:14:00 ----A---- C:\ComboFix.txt
2008-12-22 21:09:03 ----A---- C:\WINDOWS\zip.exe
2008-12-22 21:09:03 ----A---- C:\WINDOWS\VFIND.exe
2008-12-22 21:09:03 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-22 21:09:03 ----A---- C:\WINDOWS\SWSC.exe
2008-12-22 21:09:03 ----A---- C:\WINDOWS\SWREG.exe
2008-12-22 21:09:03 ----A---- C:\WINDOWS\sed.exe
2008-12-22 21:09:03 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-22 21:09:03 ----A---- C:\WINDOWS\grep.exe
2008-12-22 21:09:03 ----A---- C:\WINDOWS\fdsv.exe
2008-12-22 21:08:22 ----D---- C:\WINDOWS\ERDNT
2008-12-22 21:08:21 ----D---- C:\Qoobox
2008-12-22 18:25:03 ----A---- C:\WINDOWS\system32\fb7da7a7-.txt
2008-12-21 14:36:30 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-21 14:35:23 ----D---- C:\Program Files\Bonjour
2008-12-21 14:34:10 ----D---- C:\Program Files\QuickTime
2008-12-15 20:21:12 ----D---- C:\Documents and Settings\All Users\Application Data\Soulseek
2008-12-10 01:47:33 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-10 01:44:32 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-10 01:43:34 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-10 01:41:13 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-11-25 22:22:23 ----A---- C:\WINDOWS\ModemLog_Agere Systems PCI Soft Modem.txt
2008-11-20 22:43:48 ----D---- C:\WINDOWS\BDOSCAN8
2008-11-19 20:22:09 ----HD---- C:\$AVG8.VAULT$
2008-11-19 20:14:52 ----D---- C:\Documents and Settings\Owner\Application Data\AVGTOOLBAR
2008-11-19 20:14:33 ----D---- C:\Program Files\AVG
2008-11-19 20:14:33 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-11-18 18:13:11 ----A---- C:\WINDOWS\system32\igfxres.dll
2008-11-18 12:32:02 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2008-11-18 12:31:29 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2008-11-18 12:30:18 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-11-18 10:46:17 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-18 10:37:07 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-11-18 09:57:33 ----D---- C:\WINDOWS\Prefetch
2008-11-18 09:53:24 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-11-18 09:46:05 ----D---- C:\WINDOWS\system32\en-us
2008-11-18 09:46:04 ----D---- C:\WINDOWS\system32\scripting
2008-11-18 09:46:00 ----D---- C:\WINDOWS\l2schemas
2008-11-18 09:45:59 ----D---- C:\WINDOWS\system32\en
2008-11-18 09:37:10 ----D---- C:\WINDOWS\network diagnostic
2008-11-18 09:16:59 ----A---- C:\WINDOWS\system32\xmllite.dll
2008-11-18 09:16:56 ----A---- C:\WINDOWS\system32\wmphoto.dll
2008-11-18 09:16:50 ----A---- C:\WINDOWS\system32\wlanapi.dll
2008-11-18 09:16:48 ----A---- C:\WINDOWS\system32\windowscodecsext.dll
2008-11-18 09:16:48 ----A---- C:\WINDOWS\system32\windowscodecs.dll
2008-11-18 09:16:35 ----A---- C:\WINDOWS\system32\tzchange.exe
2008-11-18 09:16:34 ----A---- C:\WINDOWS\system32\tspkg.dll
2008-11-18 09:16:34 ----A---- C:\WINDOWS\system32\tsgqec.dll
2008-11-18 09:16:12 ----A---- C:\WINDOWS\system32\setupn.exe
2008-11-18 09:16:06 ----A---- C:\WINDOWS\system32\rhttpaa.dll
2008-11-18 09:16:03 ----A---- C:\WINDOWS\system32\rasqec.dll
2008-11-18 09:16:02 ----A---- C:\WINDOWS\system32\qutil.dll
2008-11-18 09:15:59 ----A---- C:\WINDOWS\system32\qcliprov.dll
2008-11-18 09:15:59 ----A---- C:\WINDOWS\system32\qagentrt.dll
2008-11-18 09:15:59 ----A---- C:\WINDOWS\system32\qagent.dll
2008-11-18 09:15:56 ----A---- C:\WINDOWS\system32\photometadatahandler.dll
2008-11-18 09:15:51 ----A---- C:\WINDOWS\system32\onex.dll
2008-11-18 09:15:36 ----A---- C:\WINDOWS\system32\napstat.exe
2008-11-18 09:15:36 ----A---- C:\WINDOWS\system32\napmontr.dll
2008-11-18 09:15:36 ----A---- C:\WINDOWS\system32\napipsec.dll
2008-11-18 09:15:33 ----A---- C:\WINDOWS\system32\msxml6r.dll
2008-11-18 09:15:33 ----A---- C:\WINDOWS\system32\msxml6.dll
2008-11-18 09:15:30 ----A---- C:\WINDOWS\system32\msshavmsg.dll
2008-11-18 09:15:30 ----A---- C:\WINDOWS\system32\mssha.dll
2008-11-18 09:15:06 ----A---- C:\WINDOWS\system32\mmcperf.exe
2008-11-18 09:15:06 ----A---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-11-18 09:15:06 ----A---- C:\WINDOWS\system32\mmcex.dll
2008-11-18 09:15:06 ----A---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-11-18 09:14:50 ----A---- C:\WINDOWS\system32\l2gpstore.dll
2008-11-18 09:14:49 ----A---- C:\WINDOWS\system32\kmsvc.dll
2008-11-18 09:14:48 ----A---- C:\WINDOWS\system32\kbdpash.dll
2008-11-18 09:14:48 ----A---- C:\WINDOWS\system32\kbdnepr.dll
2008-11-18 09:14:48 ----A---- C:\WINDOWS\system32\kbdiultn.dll
2008-11-18 09:14:47 ----A---- C:\WINDOWS\system32\kbdbhc.dll
2008-11-18 09:14:22 ----A---- C:\WINDOWS\005347_.tmp
2008-11-18 09:14:19 ----A---- C:\WINDOWS\system32\eapsvc.dll
2008-11-18 09:14:19 ----A---- C:\WINDOWS\system32\eapqec.dll
2008-11-18 09:14:19 ----A---- C:\WINDOWS\system32\eappprxy.dll
2008-11-18 09:14:19 ----A---- C:\WINDOWS\system32\eapphost.dll
2008-11-18 09:14:19 ----A---- C:\WINDOWS\system32\eappgnui.dll
2008-11-18 09:14:19 ----A---- C:\WINDOWS\system32\eappcfg.dll
2008-11-18 09:14:19 ----A---- C:\WINDOWS\system32\eapp3hst.dll
2008-11-18 09:14:19 ----A---- C:\WINDOWS\system32\eapolqec.dll
2008-11-18 09:14:14 ----A---- C:\WINDOWS\system32\dot3ui.dll
2008-11-18 09:14:14 ----A---- C:\WINDOWS\system32\dot3svc.dll
2008-11-18 09:14:14 ----A---- C:\WINDOWS\system32\dot3msm.dll
2008-11-18 09:14:14 ----A---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-11-18 09:14:14 ----A---- C:\WINDOWS\system32\dot3dlg.dll
2008-11-18 09:14:14 ----A---- C:\WINDOWS\system32\dot3cfg.dll
2008-11-18 09:14:14 ----A---- C:\WINDOWS\system32\dot3api.dll
2008-11-18 09:14:11 ----A---- C:\WINDOWS\system32\dimsroam.dll
2008-11-18 09:14:11 ----A---- C:\WINDOWS\system32\dimsntfy.dll
2008-11-18 09:14:09 ----A---- C:\WINDOWS\system32\dhcpqec.dll
2008-11-18 09:14:03 ----A---- C:\WINDOWS\system32\credssp.dll
2008-11-18 09:13:59 ----A---- C:\WINDOWS\system32\bitsprx4.dll
2008-11-18 09:13:54 ----A---- C:\WINDOWS\system32\azroles.dll
2008-11-18 09:13:49 ----A---- C:\WINDOWS\system32\aaclient.dll
2008-11-18 08:33:48 ----HDC---- C:\WINDOWS\$NtUninstallKB917422$
2008-11-18 08:32:37 ----HDC---- C:\WINDOWS\$NtUninstallKB917344$
2008-11-18 08:31:29 ----HDC---- C:\WINDOWS\$NtUninstallKB914389$
2008-11-18 08:30:22 ----HDC---- C:\WINDOWS\$NtUninstallKB914388$
2008-11-18 08:29:15 ----HDC---- C:\WINDOWS\$NtUninstallKB913580$
2008-11-18 08:28:09 ----HDC---- C:\WINDOWS\$NtUninstallKB912919$
2008-11-18 08:26:42 ----HDC---- C:\WINDOWS\$NtUninstallKB911927$
2008-11-18 08:25:31 ----HDC---- C:\WINDOWS\$NtUninstallKB911562$
2008-11-18 08:24:22 ----HDC---- C:\WINDOWS\$NtUninstallKB911280$
2008-11-18 08:23:09 ----HDC---- C:\WINDOWS\$NtUninstallKB910437$
2008-11-18 08:21:52 ----HDC---- C:\WINDOWS\$NtUninstallKB908531$
2008-11-18 08:20:40 ----HDC---- C:\WINDOWS\$NtUninstallKB908519$
2008-11-18 08:19:24 ----HDC---- C:\WINDOWS\$NtUninstallKB905749$
2008-11-18 08:18:15 ----HDC---- C:\WINDOWS\$NtUninstallKB905414$
2008-11-18 08:16:56 ----HDC---- C:\WINDOWS\$NtUninstallKB902400$
2008-11-18 08:15:52 ----HDC---- C:\WINDOWS\$NtUninstallKB901214$
2008-11-18 08:14:43 ----HDC---- C:\WINDOWS\$NtUninstallKB901017$
2008-11-18 08:13:32 ----HDC---- C:\WINDOWS\$NtUninstallKB900725$
2008-11-18 08:12:10 ----HDC---- C:\WINDOWS\$NtUninstallKB899591$
2008-11-18 08:11:05 ----HDC---- C:\WINDOWS\$NtUninstallKB899587$
2008-11-18 08:10:00 ----HDC---- C:\WINDOWS\$NtUninstallKB896428$
2008-11-18 08:08:47 ----HDC---- C:\WINDOWS\$NtUninstallKB896424$
2008-11-18 08:07:43 ----HDC---- C:\WINDOWS\$NtUninstallKB896423$
2008-11-18 08:06:32 ----HDC---- C:\WINDOWS\$NtUninstallKB896358$
2008-11-18 08:05:20 ----HDC---- C:\WINDOWS\$NtUninstallKB893756$
2008-11-18 08:04:05 ----HDC---- C:\WINDOWS\$NtUninstallKB891781$
2008-11-18 08:02:57 ----HDC---- C:\WINDOWS\$NtUninstallKB890859$
2008-11-18 08:01:52 ----HDC---- C:\WINDOWS\$NtUninstallKB890046$
2008-11-18 08:00:49 ----HDC---- C:\WINDOWS\$NtUninstallKB888302$
2008-11-18 07:59:40 ----HDC---- C:\WINDOWS\$NtUninstallKB885836$
2008-11-18 07:58:27 ----HDC---- C:\WINDOWS\$NtUninstallKB885835$
2008-11-18 07:57:06 ----HDC---- C:\WINDOWS\$NtUninstallKB873339$
2008-11-18 06:56:47 ----A---- C:\WINDOWS\system32\xmlprovi.dll
2008-11-18 06:56:47 ----A---- C:\WINDOWS\system32\xmlprov.dll
2008-11-18 06:56:46 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2008-11-18 06:56:46 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2008-11-18 06:56:45 ----A---- C:\WINDOWS\system32\wshbth.dll
2008-11-18 06:56:45 ----A---- C:\WINDOWS\system32\wscsvc.dll
2008-11-18 06:56:45 ----A---- C:\WINDOWS\system32\wscntfy.exe
2008-11-18 06:56:36 ----A---- C:\WINDOWS\system32\winshfhc.dll
2008-11-18 06:56:30 ----A---- C:\WINDOWS\system32\w3ssl.dll
2008-11-18 06:56:24 ----A---- C:\WINDOWS\system32\twext.dll
2008-11-18 06:56:19 ----A---- C:\WINDOWS\system32\strmfilt.dll
2008-11-18 06:56:15 ----A---- C:\WINDOWS\system32\spupdwxp.exe
2008-11-18 06:56:14 ----A---- C:\WINDOWS\system32\spnpinst.exe
2008-11-18 06:56:14 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2008-11-18 06:56:13 ----A---- C:\WINDOWS\system32\smbinst.exe
2008-11-18 06:56:12 ----A---- C:\WINDOWS\system32\slserv.exe
2008-11-18 06:56:12 ----A---- C:\WINDOWS\system32\slrundll.exe
2008-11-18 06:56:12 ----A---- C:\WINDOWS\system32\slgen.dll
2008-11-18 06:56:12 ----A---- C:\WINDOWS\system32\slextspk.dll
2008-11-18 06:56:12 ----A---- C:\WINDOWS\system32\slcoinst.dll
2008-11-18 06:56:05 ----A---- C:\WINDOWS\system32\sdhcinst.dll
2008-11-18 06:56:03 ----A---- C:\WINDOWS\system32\s3gnb.dll
2008-11-18 06:55:56 ----A---- C:\WINDOWS\system32\proxycfg.exe
2008-11-18 06:55:55 ----A---- C:\WINDOWS\system32\powercfg.exe
2008-11-18 06:55:55 ----A---- C:\WINDOWS\system32\pnrpnsp.dll
2008-11-18 06:55:53 ----A---- C:\WINDOWS\system32\p2psvc.dll
2008-11-18 06:55:53 ----A---- C:\WINDOWS\system32\p2pnetsh.dll
2008-11-18 06:55:53 ----A---- C:\WINDOWS\system32\p2pgraph.dll
2008-11-18 06:55:53 ----A---- C:\WINDOWS\system32\p2pgasvc.dll
2008-11-18 06:55:53 ----A---- C:\WINDOWS\system32\p2p.dll
2008-11-18 06:55:42 ----A---- C:\WINDOWS\system32\nv4_disp.dll
2008-11-18 06:55:31 ----A---- C:\WINDOWS\system32\mtxparhd.dll
2008-11-18 06:55:16 ----A---- C:\WINDOWS\system32\msdadiag.dll
2008-11-18 06:55:07 ----A---- C:\WINDOWS\system32\mdmxsdk.dll
2008-11-18 06:55:04 ----A---- C:\WINDOWS\system32\logman.exe
2008-11-18 06:55:01 ----A---- C:\WINDOWS\system32\kbdukx.dll
2008-11-18 06:55:01 ----A---- C:\WINDOWS\system32\kbdsmsno.dll
2008-11-18 06:55:01 ----A---- C:\WINDOWS\system32\kbdsmsfi.dll
2008-11-18 06:55:01 ----A---- C:\WINDOWS\system32\kbdno1.dll
2008-11-18 06:55:01 ----A---- C:\WINDOWS\system32\kbdmlt48.dll
2008-11-18 06:55:01 ----A---- C:\WINDOWS\system32\kbdmlt47.dll
2008-11-18 06:55:01 ----A---- C:\WINDOWS\system32\kbdmaori.dll
2008-11-18 06:55:01 ----A---- C:\WINDOWS\system32\kbdinmal.dll
2008-11-18 06:55:01 ----A---- C:\WINDOWS\system32\kbdinben.dll
2008-11-18 06:55:01 ----A---- C:\WINDOWS\system32\kbdinbe1.dll
2008-11-18 06:55:01 ----A---- C:\WINDOWS\system32\kbdfi1.dll
2008-11-18 06:54:58 ----A---- C:\WINDOWS\system32\ieencode.dll
2008-11-18 06:54:56 ----A---- C:\WINDOWS\system32\httpapi.dll
2008-11-18 06:54:56 ----A---- C:\WINDOWS\system32\hsfcisp2.dll
2008-11-18 06:54:54 ----A---- C:\WINDOWS\system32\fwcfg.dll
2008-11-18 06:54:54 ----A---- C:\WINDOWS\system32\fsquirt.exe
2008-11-18 06:54:53 ----A---- C:\WINDOWS\system32\fltmc.exe
2008-11-18 06:54:53 ----A---- C:\WINDOWS\system32\fltlib.dll
2008-11-18 06:54:52 ----A---- C:\WINDOWS\system32\faxpatch.exe
2008-11-18 06:54:52 ----A---- C:\WINDOWS\system32\extmgr.dll
2008-11-18 06:54:52 ----A---- C:\WINDOWS\004616_.tmp
2008-11-18 06:54:45 ----A---- C:\WINDOWS\system32\cmsetacl.dll
2008-11-18 06:54:43 ----A---- C:\WINDOWS\system32\btpanui.dll
2008-11-18 06:54:43 ----A---- C:\WINDOWS\system32\bthserv.dll
2008-11-18 06:54:43 ----A---- C:\WINDOWS\system32\bthci.dll
2008-11-18 06:54:43 ----A---- C:\WINDOWS\system32\blastcln.exe
2008-11-18 06:54:42 ----A---- C:\WINDOWS\system32\auditusr.exe
2008-11-18 06:54:42 ----A---- C:\WINDOWS\system32\ativvaxx.dll
2008-11-18 06:54:42 ----A---- C:\WINDOWS\system32\ativtmxx.dll
2008-11-18 06:54:41 ----A---- C:\WINDOWS\system32\ati3duag.dll
2008-11-18 06:54:41 ----A---- C:\WINDOWS\system32\ati3d1ag.dll
2008-11-18 06:54:41 ----A---- C:\WINDOWS\system32\ati2dvag.dll
2008-11-18 06:54:41 ----A---- C:\WINDOWS\system32\ati2dvaa.dll
2008-11-18 06:54:41 ----A---- C:\WINDOWS\system32\ati2cqag.dll
2008-11-17 23:23:57 ----HDC---- C:\WINDOWS\$NtUninstallKB925486-IE6SP1-20060918.120000$
2008-11-17 23:23:24 ----HDC---- C:\WINDOWS\$NtUninstallKB918899-IE6SP1-20060725.123917$
2008-11-17 23:06:04 ----HDC---- C:\WINDOWS\$NtUninstallKB918439-IE6SP1-20060530.145346$
2008-11-17 23:04:27 ----HDC---- C:\WINDOWS\$NtUninstallKB917734_WMP9$
2008-11-17 23:01:18 ----HDC---- C:\WINDOWS\$NtUninstallKB911567-OE6SP1-20060316.165634$
2008-11-17 23:00:41 ----HDC---- C:\WINDOWS\$NtUninstallKB840987$
2008-11-17 22:54:37 ----HDC---- C:\WINDOWS\$NtUninstallKB835409$
2008-11-17 22:51:31 ----HDC---- C:\WINDOWS\$NtUninstallKB905495$
2008-11-17 22:25:55 ----HDC---- C:\WINDOWS\$NtUninstallKB840374$
2008-11-17 22:25:19 ----HDC---- C:\WINDOWS\$NtUninstallKB841356$
2008-11-17 22:24:03 ----HDC---- C:\WINDOWS\$NtUninstallKB839645$
2008-11-17 22:21:20 ----HDC---- C:\WINDOWS\$NtUninstallKB833987$
2008-11-17 22:19:45 ----HDC---- C:\WINDOWS\$NtUninstallKB841873$
2008-11-17 22:18:30 ----HDC---- C:\WINDOWS\$NtUninstallKB839643-DirectX9$
2008-11-17 22:15:45 ----HDC---- C:\WINDOWS\$NtUninstallKB873376$
2008-11-17 22:14:40 ----HDC---- C:\WINDOWS\$NtUninstallKB841533$
2008-11-17 22:13:21 ----HDC---- C:\WINDOWS\$NtUninstallKB837001$
2008-11-17 22:13:09 ----A---- C:\WINDOWS\system32\vbajet32.dll
2008-11-17 22:13:09 ----A---- C:\WINDOWS\system32\msxbde40.dll
2008-11-17 22:13:09 ----A---- C:\WINDOWS\system32\mstext40.dll
2008-11-17 22:13:09 ----A---- C:\WINDOWS\system32\msrepl40.dll
2008-11-17 22:13:09 ----A---- C:\WINDOWS\system32\mspbde40.dll
2008-11-17 22:13:09 ----A---- C:\WINDOWS\system32\msjtes40.dll
2008-11-17 22:13:09 ----A---- C:\WINDOWS\system32\msjint40.dll
2008-11-17 22:13:09 ----A---- C:\WINDOWS\system32\msjetoledb40.dll
2008-11-17 22:13:09 ----A---- C:\WINDOWS\system32\msjet40.dll
2008-11-17 22:13:09 ----A---- C:\WINDOWS\system32\msexcl40.dll
2008-11-17 22:13:09 ----A---- C:\WINDOWS\system32\msexch40.dll
2008-11-17 22:13:09 ----A---- C:\WINDOWS\system32\expsrv.dll
2008-11-17 22:13:08 ----A---- C:\WINDOWS\system32\mswstr10.dll
2008-11-17 22:13:08 ----A---- C:\WINDOWS\system32\mswdat10.dll
2008-11-17 22:13:08 ----A---- C:\WINDOWS\system32\msrd2x40.dll
2008-11-17 22:13:08 ----A---- C:\WINDOWS\system32\msjter40.dll
2008-11-17 22:13:07 ----A---- C:\WINDOWS\system32\msrd3x40.dll
2008-11-17 22:13:06 ----A---- C:\WINDOWS\system32\msltus40.dll
2008-11-17 22:12:45 ----A---- C:\WINDOWS\system32\wmpns.dll
2008-11-17 21:58:39 ----A---- C:\WINDOWS\system32\esent.dll
2008-11-17 21:45:19 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-11-17 21:45:19 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-11-17 21:31:08 ----RSHD---- C:\cmdcons
2008-11-17 21:29:02 ----D---- C:\WINDOWS\setupupd
2008-11-17 21:24:50 ----D---- C:\WINDOWS\system32\PreInstall
2008-11-17 21:24:46 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2008-11-17 21:22:41 ----D---- C:\WINDOWS\system32\bits
2008-11-17 21:22:39 ----A---- C:\WINDOWS\system32\hidserv.dll
2008-11-17 21:21:07 ----A---- C:\WINDOWS\system32\winhttp.dll
2008-11-17 21:21:07 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2008-11-17 21:21:07 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2008-11-17 21:21:07 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2008-11-17 21:19:27 ----A---- C:\WINDOWS\system32\wups2.dll
2008-11-17 21:19:27 ----A---- C:\WINDOWS\system32\wups.dll
2008-11-17 21:19:27 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-11-17 21:19:27 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-11-17 21:19:27 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-11-17 21:19:25 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-11-17 21:19:25 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-11-17 21:12:51 ----A---- C:\WINDOWS\system32\LMIport.dll
2008-11-17 21:12:50 ----A---- C:\WINDOWS\system32\LMIRfsClientNP.dll
2008-11-17 21:12:39 ----A---- C:\WINDOWS\system32\LMIinit.dll
2008-11-17 20:36:04 ----D---- C:\WUTemp
2008-11-17 20:35:55 ----A---- C:\WINDOWS\system32\iuenginenew.dll
2008-11-17 20:33:08 ----A---- C:\WINDOWS\system32\mf3216.dll
2008-11-17 20:33:06 ----A---- C:\WINDOWS\system32\h323msp.dll
2008-11-17 20:33:05 ----A---- C:\WINDOWS\system32\ipnathlp.dll
2008-11-17 20:32:42 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2008-11-17 20:32:42 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2008-11-17 20:32:42 ----A---- C:\WINDOWS\system32\comuid.dll
2008-11-17 20:32:41 ----A---- C:\WINDOWS\system32\rpcrt4.dll
2008-11-17 20:32:41 ----A---- C:\WINDOWS\system32\msdtctm.dll
2008-11-17 20:32:40 ----A---- C:\WINDOWS\system32\txflog.dll
2008-11-17 20:32:40 ----A---- C:\WINDOWS\system32\clbcatex.dll
2008-11-17 19:49:53 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-17 18:59:16 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-17 18:37:03 ----A---- C:\Program Files\Common Files\ficeqyqu.exe
2008-11-17 18:37:02 ----A---- C:\Documents and Settings\Owner\Application Data\liguce.com
2008-11-17 16:59:59 ----D---- C:\Documents and Settings\Owner\Application Data\Twain
2008-11-16 22:33:24 ----D---- C:\Program Files\Trend Micro
2008-11-16 22:04:27 ----A---- C:\WINDOWS\wininit.ini
2008-11-16 21:19:26 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-16 21:15:57 ----D---- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-11-16 21:15:57 ----D---- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
2008-11-16 21:15:50 ----D---- C:\Program Files\SDHelper (Spybot - Search & Destroy)
2008-11-16 21:15:50 ----D---- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
2008-11-15 11:38:51 ----SHD---- C:\Config.Msi
2008-11-12 23:07:42 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 23:06:13 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-10-25 19:56:46 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-18 21:49:18 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-18 21:49:07 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-18 21:48:57 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-18 21:47:02 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-18 21:46:44 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$

======List of files/folders modified in the last 3 months======

2008-12-24 15:06:45 ----D---- C:\Program Files\Mozilla Firefox
2008-12-24 08:58:08 ----D---- C:\Documents and Settings
2008-12-24 05:33:06 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-24 00:02:19 ----D---- C:\WINDOWS\system32\drivers
2008-12-24 00:02:19 ----D---- C:\WINDOWS\system32
2008-12-24 00:02:19 ----D---- C:\WINDOWS
2008-12-24 00:01:43 ----D---- C:\Program Files\LogMeIn
2008-12-23 23:59:29 ----D---- C:\Program Files
2008-12-23 22:12:28 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-23 22:06:05 ----A---- C:\WINDOWS\system.ini
2008-12-23 22:03:56 ----D---- C:\WINDOWS\system32\config
2008-12-23 22:02:09 ----D---- C:\Program Files\Common Files
2008-12-23 22:02:08 ----D---- C:\WINDOWS\AppPatch
2008-12-23 21:39:52 ----N---- C:\WINDOWS\system32\wabodezi.dll_old
2008-12-23 21:39:50 ----N---- C:\WINDOWS\system32\zesulalu.dll_old
2008-12-23 08:20:11 ----N---- C:\WINDOWS\system32\pisiluvu.dll
2008-12-23 08:20:10 ----ASH---- C:\WINDOWS\system32\podidede.dll
2008-12-22 23:08:17 ----ASH---- C:\WINDOWS\system32\vufurajo.dll
2008-12-22 21:15:43 ----D---- C:\Temp
2008-12-22 18:16:34 ----SD---- C:\WINDOWS\Tasks
2008-12-21 14:49:27 ----D---- C:\Documents and Settings\Owner\Application Data\Apple Computer
2008-12-21 14:37:56 ----SHD---- C:\WINDOWS\Installer
2008-12-21 14:37:08 ----HD---- C:\WINDOWS\inf
2008-12-21 14:36:36 ----D---- C:\Program Files\iPod
2008-12-21 14:33:23 ----D---- C:\Program Files\Apple Software Update
2008-12-18 00:04:55 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-17 20:07:25 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-12 22:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-10 01:47:39 ----A---- C:\WINDOWS\imsins.BAK
2008-12-10 01:47:15 ----A---- C:\WINDOWS\win.ini
2008-12-10 01:45:49 ----D---- C:\Program Files\Internet Explorer
2008-12-03 20:00:31 ----D---- C:\WINDOWS\Minidump
2008-11-21 23:53:01 ----D---- C:\WINDOWS\system32\DirectX
2008-11-21 23:52:48 ----D---- C:\Program Files\Windows Live
2008-11-20 22:43:57 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-19 20:14:22 ----D---- C:\WINDOWS\WinSxS
2008-11-19 20:12:47 ----SD---- C:\Documents and Settings\Owner\Application Data\Microsoft
2008-11-18 16:43:52 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2008-11-18 16:18:07 ----HD---- C:\Program Files\WindowsUpdate
2008-11-18 12:31:00 ----RSD---- C:\WINDOWS\Fonts
2008-11-18 11:06:15 ----D---- C:\WINDOWS\Help
2008-11-18 10:38:48 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-11-18 10:38:34 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-11-18 10:38:16 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-11-18 10:38:00 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-11-18 10:37:47 ----D---- C:\Program Files\Messenger
2008-11-18 10:37:43 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-11-18 10:37:29 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-11-18 10:35:53 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-11-18 10:35:38 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-11-18 10:35:21 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-11-18 10:32:33 ----HDC---- C:\WINDOWS\ie7
2008-11-18 10:15:59 ----D---- C:\WINDOWS\Registration
2008-11-18 09:59:14 ----A---- C:\WINDOWS\OEWABLog.txt
2008-11-18 09:57:42 ----A---- C:\WINDOWS\setuplog.txt
2008-11-18 09:56:53 ----D---- C:\WINDOWS\system32\Setup
2008-11-18 09:56:51 ----D---- C:\WINDOWS\system32\wbem
2008-11-18 09:53:06 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-18 09:52:53 ----D---- C:\WINDOWS\security
2008-11-18 09:46:54 ----D---- C:\Program Files\Windows Media Player
2008-11-18 09:46:30 ----D---- C:\WINDOWS\ime
2008-11-18 09:46:05 ----D---- C:\WINDOWS\system32\usmt
2008-11-18 09:45:58 ----D---- C:\WINDOWS\peernet
2008-11-18 09:45:58 ----D---- C:\Program Files\Movie Maker
2008-11-18 09:41:05 ----D---- C:\WINDOWS\system32\Restore
2008-11-18 09:41:05 ----D---- C:\WINDOWS\system32\npp
2008-11-18 09:41:03 ----D---- C:\WINDOWS\msagent
2008-11-18 09:41:00 ----D---- C:\WINDOWS\srchasst
2008-11-18 09:40:55 ----D---- C:\Program Files\NetMeeting
2008-11-18 09:40:52 ----D---- C:\WINDOWS\system32\Com
2008-11-18 09:40:47 ----D---- C:\Program Files\Windows NT
2008-11-18 09:40:47 ----D---- C:\Program Files\Outlook Express
2008-11-18 09:40:41 ----D---- C:\Program Files\Common Files\System
2008-11-18 09:40:15 ----D---- C:\WINDOWS\system32\oobe
2008-11-18 09:40:12 ----D---- C:\WINDOWS\system
2008-11-18 09:35:13 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-11-18 09:34:51 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-11-18 09:28:25 ----D---- C:\WINDOWS\EHome
2008-11-18 08:39:30 ----D---- C:\WINDOWS\Debug
2008-11-18 07:51:01 ----RASH---- C:\boot.ini
2008-11-18 07:49:28 ----D---- C:\WINDOWS\system32\mui
2008-11-18 07:44:25 ----RD---- C:\WINDOWS\Web
2008-11-18 07:43:49 ----RASH---- C:\NTDETECT.COM
2008-11-17 23:37:01 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-11-17 23:34:03 ----HDC---- C:\WINDOWS\$NtUninstallKB890046_0$
2008-11-17 23:30:04 ----HDC---- C:\WINDOWS\$NtUninstallKB922819$
2008-11-17 23:28:53 ----HDC---- C:\WINDOWS\$NtUninstallKB924191$
2008-11-17 23:27:46 ----HDC---- C:\WINDOWS\$NtUninstallKB923191$
2008-11-17 23:26:32 ----HDC---- C:\WINDOWS\$NtUninstallKB924496$
2008-11-17 23:25:28 ----HDC---- C:\WINDOWS\$NtUninstallKB923414$
2008-11-17 23:22:23 ----HDC---- C:\WINDOWS\$NtUninstallKB920685$
2008-11-17 23:21:14 ----HDC---- C:\WINDOWS\$NtUninstallKB919007$
2008-11-17 23:20:09 ----HDC---- C:\WINDOWS\$NtUninstallKB922616$
2008-11-17 23:18:52 ----HDC---- C:\WINDOWS\$NtUninstallKB921398$
2008-11-17 23:17:37 ----HDC---- C:\WINDOWS\$NtUninstallKB920683$
2008-11-17 23:16:37 ----HDC---- C:\WINDOWS\$NtUninstallKB920670$
2008-11-17 23:15:20 ----HDC---- C:\WINDOWS\$NtUninstallKB917422_0$
2008-11-17 23:13:55 ----HDC---- C:\WINDOWS\$NtUninstallKB921883$
2008-11-17 23:12:38 ----HDC---- C:\WINDOWS\$NtUninstallKB914388_0$
2008-11-17 23:11:29 ----HDC---- C:\WINDOWS\$NtUninstallKB911280_0$
2008-11-17 23:10:19 ----HDC---- C:\WINDOWS\$NtUninstallKB917953$
2008-11-17 23:09:11 ----HDC---- C:\WINDOWS\$NtUninstallKB913580_0$
2008-11-17 23:07:07 ----HDC---- C:\WINDOWS\$NtUninstallKB917344_0$
2008-11-17 23:05:38 ----HDC---- C:\WINDOWS\$NtUninstallKB914389_0$
2008-11-17 23:03:37 ----HDC---- C:\WINDOWS\$NtUninstallKB908531_0$
2008-11-17 23:02:30 ----HDC---- C:\WINDOWS\$NtUninstallKB911562_0$
2008-11-17 22:59:26 ----HDC---- C:\WINDOWS\$NtUninstallKB911564$
2008-11-17 22:58:41 ----HDC---- C:\WINDOWS\$NtUninstallKB911927_0$
2008-11-17 22:57:34 ----HDC---- C:\WINDOWS\$NtUninstallKB912919_0$
2008-11-17 22:56:37 ----HDC---- C:\WINDOWS\$NtUninstallKB908519_0$
2008-11-17 22:55:35 ----HDC---- C:\WINDOWS\$NtUninstallKB910437_0$
2008-11-17 22:53:39 ----HDC---- C:\WINDOWS\$NtUninstallKB896424_0$
2008-11-17 22:52:34 ----HDC---- C:\WINDOWS\$NtUninstallKB900725_0$
2008-11-17 22:50:30 ----HDC---- C:\WINDOWS\$NtUninstallKB905749_0$
2008-11-17 22:49:19 ----HDC---- C:\WINDOWS\$NtUninstallKB904706$
2008-11-17 22:48:33 ----HDC---- C:\WINDOWS\$NtUninstallKB905414_0$
2008-11-17 22:47:24 ----HDC---- C:\WINDOWS\$NtUninstallKB901017_0$
2008-11-17 22:46:07 ----HDC---- C:\WINDOWS\$NtUninstallKB902400_0$
2008-11-17 22:41:02 ----HDC---- C:\WINDOWS\$NtUninstallKB896423_0$
2008-11-17 22:39:33 ----HDC---- C:\WINDOWS\$NtUninstallKB899587_0$
2008-11-17 22:38:16 ----HDC---- C:\WINDOWS\$NtUninstallKB899591_0$
2008-11-17 22:36:44 ----HDC---- C:\WINDOWS\$NtUninstallKB893756_0$
2008-11-17 22:35:40 ----HDC---- C:\WINDOWS\$NtUninstallKB896358_0$
2008-11-17 22:34:21 ----HDC---- C:\WINDOWS\$NtUninstallKB890859_0$
2008-11-17 22:33:16 ----HDC---- C:\WINDOWS\$NtUninstallKB901214_0$
2008-11-17 22:31:50 ----HDC---- C:\WINDOWS\$NtUninstallKB898458$
2008-11-17 22:31:24 ----HDC---- C:\WINDOWS\$NtUninstallKB896428_0$
2008-11-17 22:28:47 ----HDC---- C:\WINDOWS\$NtUninstallKB885835_0$
2008-11-17 22:23:38 ----HDC---- C:\WINDOWS\$NtUninstallKB891781_0$
2008-11-17 22:22:45 ----HDC---- C:\WINDOWS\$NtUninstallKB888302_0$
2008-11-17 22:21:00 ----HDC---- C:\WINDOWS\$NtUninstallKB885626$
2008-11-17 22:17:59 ----HDC---- C:\WINDOWS\$NtUninstallKB885836_0$
2008-11-17 22:16:49 ----HDC---- C:\WINDOWS\$NtUninstallKB873339_0$
2008-11-17 22:12:32 ----HDC---- C:\WINDOWS\$NtUninstallQ828026$
2008-11-17 21:38:39 ----D---- C:\WINDOWS\SoftwareDistribution
2008-11-17 21:32:27 ----D---- C:\Program Files\Hewlett-Packard
2008-11-17 21:32:24 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-17 21:31:08 ----A---- C:\WINDOWS\UPGRADE.TXT
2008-11-17 21:31:03 ----D---- C:\WINDOWS\setup.pss
2008-11-17 21:24:45 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2008-11-17 21:23:24 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2008-11-17 21:22:31 ----HDC---- C:\WINDOWS\$NtUninstallKB842773$
2008-11-17 21:01:49 ----D---- C:\Program Files\Compaq Instant Support
2008-11-17 20:58:19 ----D---- C:\Program Files\Easy Internet signup
2008-11-17 20:41:31 ----D---- C:\Documents and Settings\Owner\Application Data\MSN6
2008-11-17 20:41:01 ----D---- C:\Program Files\MSN
2008-11-17 20:37:58 ----D---- C:\Documents and Settings\Owner\Application Data\Symantec
2008-11-17 20:37:57 ----D---- C:\Documents and Settings\Owner\Application Data\Real
2008-11-17 20:33:36 ----SHD---- C:\System Volume Information
2008-11-17 20:33:32 ----D---- C:\sysprep
2008-11-17 20:33:16 ----HDC---- C:\WINDOWS\$NtUninstallKB835732$
2008-11-17 20:32:50 ----HDC---- C:\WINDOWS\$NtUninstallKB828741$
2008-11-17 20:31:55 ----HDC---- C:\WINDOWS\$NtUninstallQ331958$
2008-11-17 20:29:49 ----RASH---- C:\BOOT.BAK
2008-11-17 20:12:46 ----HD---- C:\hp
2008-11-17 20:07:29 ----D---- C:\Program Files\Common Files\Services
2008-11-17 20:07:05 ----D---- C:\WINDOWS\system32\ras
2008-11-17 20:06:34 ----D---- C:\WINDOWS\system32\icsxml
2008-11-17 20:06:33 ----D---- C:\WINDOWS\system32\ias
2008-11-17 20:04:22 ----D---- C:\WINDOWS\addins
2008-11-17 20:04:18 ----D---- C:\WINDOWS\Media
2008-11-17 20:04:02 ----D---- C:\WINDOWS\Cursors
2008-11-17 20:03:55 ----HDC---- C:\WINDOWS\$NtUninstallQ817357$
2008-11-17 20:03:55 ----HDC---- C:\WINDOWS\$NtUninstallQ814995$
2008-11-17 20:03:54 ----HDC---- C:\WINDOWS\$NtUninstallQ811789$
2008-11-17 20:03:54 ----HDC---- C:\WINDOWS\$NtUninstallQ329112$
2008-11-17 20:03:54 ----HDC---- C:\WINDOWS\$NtUninstallKB828028$
2008-11-17 20:03:54 ----HDC---- C:\WINDOWS\$NtUninstallKB824105$
2008-11-17 20:03:54 ----HDC---- C:\WINDOWS\$NtUninstallKB823182$
2008-11-17 20:03:16 ----RD---- C:\WINDOWS\Offline Web Pages
2008-11-17 20:03:12 ----RSD---- C:\WINDOWS\assembly
2008-11-16 21:23:40 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-15 11:40:07 ----D---- C:\Documents and Settings\Owner\Application Data\AdobeUM
2008-11-07 17:45:32 ----A---- C:\WINDOWS\system32\WMVCore.dll
2008-10-31 19:08:52 ----A---- C:\WINDOWS\NeroDigital.ini
2008-10-23 04:36:14 ----A---- C:\WINDOWS\system32\gdi32.dll
2008-10-16 19:35:40 ----A---- C:\WINDOWS\system32\lmimirr2.dll
2008-10-16 19:35:40 ----A---- C:\WINDOWS\system32\lmimirr.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\cdm.dll
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\muweb.dll
2008-10-16 12:38:40 ----A---- C:\WINDOWS\system32\wininet.dll
2008-10-16 12:38:39 ----A---- C:\WINDOWS\system32\webcheck.dll
2008-10-16 12:38:39 ----A---- C:\WINDOWS\system32\urlmon.dll
2008-10-16 12:38:39 ----A---- C:\WINDOWS\system32\url.dll
2008-10-16 12:38:39 ----A---- C:\WINDOWS\system32\pngfilt.dll
2008-10-16 12:38:39 ----A---- C:\WINDOWS\system32\occache.dll
2008-10-16 12:38:39 ----A---- C:\WINDOWS\system32\mstime.dll
2008-10-16 12:38:38 ----A---- C:\WINDOWS\system32\msrating.dll
2008-10-16 12:38:38 ----A---- C:\WINDOWS\system32\mshtmled.dll
2008-10-16 12:38:37 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2008-10-16 12:38:37 ----A---- C:\WINDOWS\system32\msfeeds.dll
2008-10-16 12:38:37 ----A---- C:\WINDOWS\system32\jsproxy.dll
2008-10-16 12:38:37 ----A---- C:\WINDOWS\system32\iertutil.dll
2008-10-16 12:38:37 ----A---- C:\WINDOWS\system32\iernonce.dll
2008-10-16 12:38:37 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-10-16 12:38:35 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2008-10-16 12:38:35 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2008-10-16 12:38:35 ----A---- C:\WINDOWS\system32\ieaksie.dll
2008-10-16 12:38:35 ----A---- C:\WINDOWS\system32\ieakeng.dll
2008-10-16 12:38:35 ----A---- C:\WINDOWS\system32\icardie.dll
2008-10-16 12:38:34 ----A---- C:\WINDOWS\system32\dxtrans.dll
2008-10-16 12:38:34 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2008-10-16 12:38:34 ----A---- C:\WINDOWS\system32\advpack.dll
2008-10-16 05:11:09 ----A---- C:\WINDOWS\system32\ieudinit.exe
2008-10-16 05:11:09 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2008-10-15 08:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-14 23:04:53 ----A---- C:\WINDOWS\system32\ieakui.dll
2008-10-13 13:35:12 ----D---- C:\Documents and Settings\Owner\Application Data\dvdcss
2008-10-03 02:02:42 ----A---- C:\WINDOWS\system32\strmdll.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-11-19 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-11-19 26824]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 SiSkp;SiSkp; C:\WINDOWS\System32\DRIVERS\srvkp.sys [2004-01-02 11520]
R2 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-11-19 76040]
R2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys []
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\System32\drivers\LMIRfsDriver.sys []
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\System32\DRIVERS\AGRSM.sys [2004-06-29 1268204]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-10-01 2279424]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2004-08-20 737874]
R3 lmimirr;lmimirr; C:\WINDOWS\System32\DRIVERS\lmimirr.sys [2008-07-24 10144]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\System32\DRIVERS\R8139n51.SYS [2002-10-04 46976]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]

Edited by mygrandmasaysimkool, 24 December 2008 - 05:17 PM.

[mygrandmasaysimkool]

Log TXT Continued (too much info to post in one post)


S2 mrtRate;mrtRate; C:\WINDOWS\system32\drivers\mrtRate.sys []
S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB); C:\WINDOWS\System32\DRIVERS\A3AB.sys [2004-03-12 344928]
S3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-12-12 391424]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 Ps2;PS2; C:\WINDOWS\System32\DRIVERS\PS2.sys [2002-07-29 23808]
S3 SiS315;SiS315; C:\WINDOWS\System32\DRIVERS\sisgrp.sys [2004-01-02 432000]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 viagfx;viagfx; C:\WINDOWS\System32\DRIVERS\vtmini.sys [2004-02-04 134144]
S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-11-19 875288]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-11-19 231704]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 LMIMaint;LogMeIn Maintenance Service; C:\Program Files\LogMeIn\x86\RaMaint.exe [2008-10-16 116032]
R2 LogMeIn;LogMeIn; C:\Program Files\LogMeIn\x86\LogMeIn.exe [2008-07-24 63040]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------

[mygrandmasaysimkool]

Info TXT


info.txt logfile of random's system information tool 1.05 2008-12-24 15:09:24

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\Setup.exe"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\Setup.exe"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\Setup.exe"
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 Plugin-->C:\WINDOWS\System32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop Album 2.0 Starter Edition-->MsiExec.exe /I{11B569C2-4BF6-4ED0-9D17-A4273943CB24}
Adobe Reader 6.0.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Agere Systems PCI Soft Modem-->agrsmdel
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Compaq Connections-->C:\WINDOWS\BWUnin-6.2.3.66L.exe -AppId 1940576
Five Card Frenzy from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\2FDCC229-354D-4279-ABEF-CE17E355BFFA\Uninstall.exe"
HijackThis 2.0.2-->"C:\Documents and Settings\Owner\My Documents\Programs\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Intel® Extreme Graphics Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
IntelliMover Data Transfer Demo-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14589F05-C658-4594-9429-D437BA688686}\Setup.exe" -l0x9
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
KBD-->C:\HP\KBD\KBD.EXE uninstalled
LogMeIn-->MsiExec.exe /I{7F831576-6246-42C7-B523-55B3F96509CC}
Malwarebytes' Anti-Malware-->"C:\Documents and Settings\Owner\My Documents\Programs\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Money 2004 System Pack-->MsiExec.exe /I{8C64E145-54BA-11D6-91B1-00500462BE80}
Microsoft Money 2004-->MsiExec.exe /I{1D643CD7-4DD6-11D7-A4E0-000874180BB3}
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Digital Media Edition-->MsiExec.exe /I{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual J# .NET Redistributable Package 1.1-->MsiExec.exe /X{1A655D51-1423-48A3-B748-8F5A0BE294C8}
Microsoft Works 7.0-->MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
PC-Doctor for Windows-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\Setup.exe"
PS2-->C:\WINDOWS\system32\ps2.exe uninstall
Python 2.2 combined Win32 extensions-->C:\Python22\Lib\SITE-P~1\UNWISE~1.EXE C:\Python22\Lib\SITE-P~1\w32inst.log
Python 2.2.1-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
Quicken 2004-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8} anything
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
RealOne Player-->C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
SoulSeek 157 NS 13c-->"C:\Documents and Settings\Owner\My Documents\Programs\SoulSeek\SoulseekNS\uninstall.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Mail-->MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Photo Gallery-->MsiExec.exe /X{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

======Security center information======

AV: AVG Anti-Virus Free

System event log

Computer Name: MELANNIE
Event Code: 18
Message: Installation Ready: The following updates are downloaded and ready for installation. This computer is currently scheduled to install these updates on Monday, November 24, 2008 at 9:00 PM:
- Security Update for Windows XP (KB841873)
- Security Update for Windows XP (KB890859)
- Security Update for Windows XP (KB914389)
- Security Update for Windows XP (KB920683)
- Security Update for Windows XP (KB908519)
- Security Update for DirectX 9.0 (KB839643)
- Update for Windows XP (KB835409)
- Security Update for Windows XP (KB896428)
- Security Update for Windows XP (KB913580)
- Security Update for Windows XP (KB905749)
- Security Update for Windows XP (KB908531)
- Update for Microsoft Office Outlook 2003 Junk Email Filter (KB957832)
- Cumulative Security Update for Outlook Express 6 Service Pack 1 (KB911567)
- Cumulative Security Update for Internet Explorer 6 Service Pack 1 (KB918899)
- Security Update for Windows XP (KB912919)
- Security Update for Windows XP (KB900725)
- Security Update for Windows XP (KB888302)
- Security Update for Windows XP (KB917422)
- Security Update for Windows XP (KB923191)
- Security Update for Windows XP (KB901214)
- Security Update for Windows

Record Number: 160
Source Name: Windows Update Agent
Time Written: 20081117220445.000000-480
Event Type: information
User:

Computer Name: MELANNIE
Event Code: 18
Message: Installation Ready: The following updates are downloaded and ready for installation. This computer is currently scheduled to install these updates on Monday, November 24, 2008 at 9:00 PM:
- Security Update for Windows XP (KB841873)
- Security Update for Windows XP (KB890859)
- Security Update for Windows XP (KB914389)
- Security Update for Windows XP (KB920683)
- Security Update for Windows XP (KB908519)
- Security Update for DirectX 9.0 (KB839643)
- Update for Windows XP (KB835409)
- Security Update for Windows XP (KB896428)
- Security Update for Windows XP (KB913580)
- Security Update for Windows XP (KB905749)
- Security Update for Windows XP (KB908531)
- Update for Microsoft Office Outlook 2003 Junk Email Filter (KB957832)
- Cumulative Security Update for Outlook Express 6 Service Pack 1 (KB911567)
- Cumulative Security Update for Internet Explorer 6 Service Pack 1 (KB918899)
- Security Update for Windows XP (KB912919)
- Security Update for Windows XP (KB900725)
- Security Update for Windows XP (KB888302)
- Security Update for Windows XP (KB917422)
- Security Update for Windows XP (KB923191)
- Security Update for Windows XP (KB901214)
- Security Update for Windows

Record Number: 159
Source Name: Windows Update Agent
Time Written: 20081117220440.000000-480
Event Type: information
User:

Computer Name: MELANNIE
Event Code: 18
Message: Installation Ready: The following updates are downloaded and ready for installation. This computer is currently scheduled to install these updates on Monday, November 24, 2008 at 9:00 PM:
- Security Update for Windows XP (KB841873)
- Security Update for Windows XP (KB890859)
- Security Update for Windows XP (KB914389)
- Security Update for Windows XP (KB920683)
- Security Update for Windows XP (KB908519)
- Security Update for DirectX 9.0 (KB839643)
- Update for Windows XP (KB835409)
- Security Update for Windows XP (KB896428)
- Security Update for Windows XP (KB913580)
- Security Update for Windows XP (KB905749)
- Security Update for Windows XP (KB908531)
- Update for Microsoft Office Outlook 2003 Junk Email Filter (KB957832)
- Cumulative Security Update for Outlook Express 6 Service Pack 1 (KB911567)
- Cumulative Security Update for Internet Explorer 6 Service Pack 1 (KB918899)
- Security Update for Windows XP (KB912919)
- Security Update for Windows XP (KB900725)
- Security Update for Windows XP (KB888302)
- Security Update for Windows XP (KB917422)
- Security Update for Windows XP (KB923191)
- Security Update for Windows XP (KB901214)
- Security Update for Windows

Record Number: 158
Source Name: Windows Update Agent
Time Written: 20081117220440.000000-480
Event Type: information
User:

Computer Name: MELANNIE
Event Code: 18
Message: Installation Ready: The following updates are downloaded and ready for installation. This computer is currently scheduled to install these updates on Monday, November 24, 2008 at 9:00 PM:
- Security Update for Windows XP (KB841873)
- Security Update for Windows XP (KB890859)
- Security Update for Windows XP (KB914389)
- Security Update for Windows XP (KB920683)
- Security Update for Windows XP (KB908519)
- Security Update for DirectX 9.0 (KB839643)
- Update for Windows XP (KB835409)
- Security Update for Windows XP (KB896428)
- Security Update for Windows XP (KB913580)
- Security Update for Windows XP (KB905749)
- Security Update for Windows XP (KB908531)
- Update for Microsoft Office Outlook 2003 Junk Email Filter (KB957832)
- Cumulative Security Update for Outlook Express 6 Service Pack 1 (KB911567)
- Cumulative Security Update for Internet Explorer 6 Service Pack 1 (KB918899)
- Security Update for Windows XP (KB912919)
- Security Update for Windows XP (KB900725)
- Security Update for Windows XP (KB888302)
- Security Update for Windows XP (KB917422)
- Security Update for Windows XP (KB923191)
- Security Update for Windows XP (KB901214)
- Security Update for Windows

Record Number: 157
Source Name: Windows Update Agent
Time Written: 20081117220430.000000-480
Event Type: information
User:

Computer Name: MELANNIE
Event Code: 18
Message: Installation Ready: The following updates are downloaded and ready for installation. This computer is currently scheduled to install these updates on Monday, November 24, 2008 at 9:00 PM:
- Security Update for Windows XP (KB841873)
- Security Update for Windows XP (KB890859)
- Security Update for Windows XP (KB914389)
- Security Update for Windows XP (KB920683)
- Security Update for Windows XP (KB908519)
- Security Update for DirectX 9.0 (KB839643)
- Update for Windows XP (KB835409)
- Security Update for Windows XP (KB896428)
- Security Update for Windows XP (KB913580)
- Security Update for Windows XP (KB905749)
- Security Update for Windows XP (KB908531)
- Update for Microsoft Office Outlook 2003 Junk Email Filter (KB957832)
- Cumulative Security Update for Outlook Express 6 Service Pack 1 (KB911567)
- Cumulative Security Update for Internet Explorer 6 Service Pack 1 (KB918899)
- Security Update for Windows XP (KB912919)
- Security Update for Windows XP (KB900725)
- Security Update for Windows XP (KB888302)
- Security Update for Windows XP (KB917422)
- Security Update for Windows XP (KB923191)
- Security Update for Windows XP (KB901214)
- Security Update for Windows

Record Number: 156
Source Name: Windows Update Agent
Time Written: 20081117220411.000000-480
Event Type: information
User:

Application event log

Computer Name: MELANNIE
Event Code: 4097
Message: The application, C:\Program Files\Internet Explorer\iexplore.exe, generated an application error
The error occurred on 12/22/2008 @ 20:43:36.546
The exception generated was c0000005 at address 05628ABB (Flash)

Record Number: 1072
Source Name: DrWatson
Time Written: 20081222204338.000000-480
Event Type: information
User:

Computer Name: MELANNIE
Event Code: 1000
Message: Faulting application iexplore.exe, version 7.0.6000.16762, faulting module flash.ocx, version 7.0.19.0, fault address 0x00038abb.

Record Number: 1071
Source Name: Application Error
Time Written: 20081222204326.000000-480
Event Type: error
User:

Computer Name: MELANNIE
Event Code: 1002
Message: The shell stopped unexpectedly and Explorer.exe was restarted.

Record Number: 1070
Source Name: Winlogon
Time Written: 20081222194711.000000-480
Event Type: information
User:

Computer Name: MELANNIE
Event Code: 4097
Message: The application, C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe, generated an application error
The error occurred on 12/22/2008 @ 18:37:23.281
The exception generated was c0000005 at address 76F27A1D (<nosymbols>)

Record Number: 1069
Source Name: DrWatson
Time Written: 20081222183723.000000-480
Event Type: information
User:

Computer Name: MELANNIE
Event Code: 1000
Message: Faulting application backweb-1940576.exe, version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x76f27a1d.

Record Number: 1068
Source Name: Application Error
Time Written: 20081222183713.000000-480
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\services;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 3, GenuineIntel
"PROCESSOR_REVISION"=0303
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip

-----------------EOF-----------------

[kahdah]

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  
  
• Double click on ComboFix.exe & follow the prompts.
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

[mygrandmasaysimkool]

My ComboFix Log

ComboFix 08-12-21.04 - Owner 2008-12-24 17:06:39.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.759.391 [GMT -7:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Temp\tmp3.tmp

.
((((((((((((((((((((((((( Files Created from 2008-11-25 to 2008-12-25 )))))))))))))))))))))))))))))))
.

2008-12-24 16:09 . 2008-12-24 16:09 <DIR> d-------- C:\rsit
2008-12-24 00:42 . 2008-12-24 00:42 <DIR> d-------- c:\documents and settings\Owner\Application Data\Malwarebytes
2008-12-24 00:42 . 2008-12-03 20:58 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-24 00:41 . 2008-12-24 00:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-24 00:41 . 2008-12-03 20:58 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-23 23:21 . 2008-12-23 23:21 <DIR> d-------- C:\VundoFix Backups
2008-12-22 20:01 . 2008-12-23 00:00 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\AVGTOOLBAR
2008-12-21 15:36 . 2008-12-21 15:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-21 15:35 . 2008-12-21 15:35 <DIR> d-------- c:\program files\Bonjour
2008-12-21 15:34 . 2008-12-21 15:35 <DIR> d-------- c:\program files\QuickTime
2008-12-15 21:21 . 2008-12-15 21:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\Soulseek
2008-11-29 21:49 . 2008-12-16 23:11 54,156 --ah----- c:\windows\QTFont.qfn
2008-11-29 21:49 . 2008-11-29 21:49 1,409 --a------ c:\windows\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-24 08:01 --------- d-----w c:\program files\LogMeIn
2008-12-24 04:31 --------- d-----w c:\documents and settings\Owner\Application Data\AVGTOOLBAR
2008-12-21 22:49 --------- d-----w c:\documents and settings\Owner\Application Data\Apple Computer
2008-12-21 22:36 --------- d-----w c:\program files\iPod
2008-12-21 22:33 --------- d-----w c:\program files\Apple Software Update
2008-11-22 07:52 --------- d-----w c:\program files\Windows Live
2008-11-20 04:26 --------- d-----w c:\documents and settings\Owner\Application Data\Twain
2008-11-20 04:15 97,928 ----a-w c:\windows\system32\drivers\avgldx86.sys
2008-11-20 04:15 76,040 ----a-w c:\windows\system32\drivers\avgtdix.sys
2008-11-20 04:14 --------- d-----w c:\program files\AVG
2008-11-20 04:14 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-11-19 00:43 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-11-18 20:31 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2008-11-18 05:32 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-18 05:32 --------- d-----w c:\program files\Hewlett-Packard
2008-11-18 05:01 --------- d-----w c:\program files\Compaq Instant Support
2008-11-18 04:58 --------- d-----w c:\program files\Easy Internet signup
2008-11-18 04:41 --------- d-----w c:\documents and settings\Owner\Application Data\MSN6
2008-11-18 04:37 --------- d-----w c:\documents and settings\Owner\Application Data\Symantec
2008-11-18 04:35 4,140 --sha-r c:\windows\system32\drivers\HP_PC182A-ABA SR1103WM NA430_YC_Pres_QCNC426_E43NAheREG3_4_IGamila Giovani Neon series_SMICRO-STAR INTERNATIONAL CO., LTD_V030_B3.11_T040517_WXH1_L409_M760_J40_7Intel_8Celeron_92.53_1_N10EC8139_P_Z1
1C1048C_K_A_U808624C2.MRK
2008-11-18 02:37 17,303 ----a-w c:\windows\onemopos.sys
2008-11-18 02:37 16,632 ----a-w c:\program files\Common Files\ficeqyqu.exe
2008-11-18 02:37 13,845 ----a-w c:\windows\ydefofece.pif
2008-11-18 02:37 13,706 ----a-w c:\documents and settings\Owner\Application Data\liguce.com
2008-11-18 02:37 13,279 ----a-w c:\windows\kujelibu.scr
2008-11-17 06:33 --------- d-----w c:\program files\Trend Micro
2008-11-17 06:08 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-17 05:23 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-17 05:15 --------- d-----w c:\program files\TeaTimer (Spybot - Search & Destroy)
2008-11-17 05:15 --------- d-----w c:\program files\SDHelper (Spybot - Search & Destroy)
2008-11-17 05:15 --------- d-----w c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2008-11-17 05:15 --------- d-----w c:\program files\File Scanner Library (Spybot - Search & Destroy)
2008-11-15 19:40 --------- d-----w c:\documents and settings\Owner\Application Data\AdobeUM
2008-09-23 15:20 64,512 --sha-w c:\windows\system32\yohujoku.dll
.

((((((((((((((((((((((((((((( snapshot@2008-12-22_21.31.19.78 )))))))))))))))))))))))))))))))))))))))))
.
- 2005-10-21 04:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
+ 2005-10-21 03:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
- 2005-10-21 04:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
+ 2005-10-21 03:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
- 2000-08-31 16:00:00 28,672 ----a-w c:\windows\NIRCMD.exe
+ 2000-08-31 15:00:00 28,672 ----a-w c:\windows\NIRCMD.exe
- 2000-08-31 16:00:00 161,792 ----a-w c:\windows\SWREG.exe
+ 2000-08-31 15:00:00 161,792 ----a-w c:\windows\SWREG.exe
- 2008-12-23 03:01:49 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-12-23 07:00:35 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-12-23 03:01:49 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-12-23 07:00:35 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-12-18 04:07:26 53,436 ----a-w c:\windows\system32\perfc009.dat
+ 2008-12-25 00:03:18 53,436 ----a-w c:\windows\system32\perfc009.dat
- 2008-12-18 04:07:26 381,692 ----a-w c:\windows\system32\perfh009.dat
+ 2008-12-25 00:03:18 381,692 ----a-w c:\windows\system32\perfh009.dat
+ 2008-12-23 16:20:11 84,184 ------w c:\windows\system32\pisiluvu.dll
+ 2008-12-23 16:20:10 97,993 --sha-w c:\windows\system32\podidede.dll
+ 2008-12-23 07:08:17 62,524 --sha-w c:\windows\system32\vufurajo.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_03\bin\jusched.exe" [2004-04-02 32881]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-08-20 118784]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-11 61440]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-04-02 151597]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-13 233472]
"PS2"="c:\windows\system32\ps2.exe" [2003-09-12 98304]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\documents and settings\Owner\My Documents\Programs\iTunesHelper.exe" [2008-11-20 290088]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 c:\windows\AGRSMMSG.exe]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 c:\windows\ALCXMNTR.EXE]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - c:\program files\Compaq Connections\1940576\Program\BackWeb-1940576.exe [2004-04-02 16384]
Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2003-07-30 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-16 20:35 87352 c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\vetaweyo.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Compaq Connections\\1940576\\Program\\BackWeb-1940576.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Documents and Settings\\Owner\\Desktop\\SoulSeek.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\Owner\\My Documents\\Programs\\iTunes.exe"=
"c:\\Program Files\\LogMeIn\\x86\\LogMeInSystray.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-11-19 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-11-19 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-19 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-11-19 76040]
R2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys [2008-07-24 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\c:\windows\System32\drivers\LMIRfsDriver.sys [2008-11-17 47640]
S2 mrtRate;mrtRate; []
S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\DRIVERS\A3AB.sys [2004-03-12 344928]
S4 LMIRfsClientNP;LMIRfsClientNP; []
.
Contents of the 'Scheduled Tasks' folder

2008-12-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]

2008-12-25 c:\windows\Tasks\dcvjyscx.job
- c:\windows\system32\rundll32.exe [2008-04-13 17:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q304&bd=presario&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q304&bd=presario&pf=desktop
uInternet Settings,ProxyOverride = localhost;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
Trusted Zone: *.amaena.com
Trusted Zone: *.avsystemcare.com
Trusted Zone: *.onerateld.com
Trusted Zone: *.safetydownload.com
Trusted Zone: *.trustedantivirus.com
Trusted Zone: *.virusremover2008.com
Trusted Zone: *.virusschlacht.com
Trusted Zone: *.amaena.com
Trusted Zone: *.avsystemcare.com
Trusted Zone: *.onerateld.com
Trusted Zone: *.safetydownload.com
Trusted Zone: *.trustedantivirus.com
Trusted Zone: *.virusremover2008.com
Trusted Zone: *.virusschlacht.com
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-24 17:13:23
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(524)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\LogMeIn\x86\ramaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-12-24 17:19:33 - machine was rebooted [Owner]
ComboFix-quarantined-files.txt 2008-12-25 00:18:59
ComboFix2.txt 2008-12-24 06:14:00
ComboFix3.txt 2008-12-23 06:03:36
ComboFix4.txt 2008-12-23 05:32:42

Pre-Run: 11,705,606,144 bytes free
Post-Run: 11,707,854,848 bytes free

202 --- E O F --- 2008-12-18 08:06:08

[kahdah]

Please re-open Hijackthis and click on "Do a system scan only"
Then place a check mark next to these entries below:

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusremover2008.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.safetydownload.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusremover2008.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)



Now click on Fix Checked and then close Hijackthis.
================
Open notepad and copy/paste the text in the codebox below into it:

http://www.geekstogo.com/forum/Virtumonde-Vundo-Microsoft-Windows-Security-Center-Firewall-BayPass-t222105.html

Collect::
c:\windows\onemopos.sys
c:\program files\Common Files\ficeqyqu.exe
c:\windows\ydefofece.pif
c:\documents and settings\Owner\Application Data\liguce.com
c:\windows\kujelibu.scr
c:\windows\system32\yohujoku.dll
c:\windows\system32\vetaweyo.dll
c:\windows\Tasks\dcvjyscx.job

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""

Save this as CFScript.txt




Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.

• Ensure you are connected to the internet and click OK on the message box.
• A browser will open.
• Simply follow the instructions to copy/paste/send the requested file.

===========
Note::
If Combofix fails to upload anything please do the following:
Go to Start > My Computer > C:\
Then Navigate to C:\Qoobox\Submit.zip

Click Here to upload the submit.zip please.

[mygrandmasaysimkool]

The website that ComboFix took me to, to submit for analysis said "Your file was successfully submitted. Please let the user helping you know that you have submitted the file."

If you need to know, the file was C:\Qoobox\Quarantine\[4][email protected]


And here is the new ComboFix Log

-------------------------------------------------------------------------------------------


ComboFix 08-12-21.04 - Owner 2008-12-24 19:11:42.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.759.324 [GMT -7:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\Application Data\liguce.com
c:\program files\Common Files\ficeqyqu.exe
c:\windows\kujelibu.scr
c:\windows\onemopos.sys
c:\windows\system32\yohujoku.dll
c:\windows\Tasks\dcvjyscx.job
c:\windows\ydefofece.pif

.
((((((((((((((((((((((((( Files Created from 2008-11-25 to 2008-12-25 )))))))))))))))))))))))))))))))
.

2008-12-24 16:09 . 2008-12-24 16:09 <DIR> d-------- C:\rsit
2008-12-24 00:42 . 2008-12-24 00:42 <DIR> d-------- c:\documents and settings\Owner\Application Data\Malwarebytes
2008-12-24 00:42 . 2008-12-03 20:58 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-24 00:41 . 2008-12-24 00:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-24 00:41 . 2008-12-03 20:58 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-23 23:21 . 2008-12-23 23:21 <DIR> d-------- C:\VundoFix Backups
2008-12-22 20:01 . 2008-12-23 00:00 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\AVGTOOLBAR
2008-12-21 15:36 . 2008-12-21 15:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-21 15:35 . 2008-12-21 15:35 <DIR> d-------- c:\program files\Bonjour
2008-12-21 15:34 . 2008-12-21 15:35 <DIR> d-------- c:\program files\QuickTime
2008-12-15 21:21 . 2008-12-15 21:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\Soulseek
2008-11-29 21:49 . 2008-12-16 23:11 54,156 --ah----- c:\windows\QTFont.qfn
2008-11-29 21:49 . 2008-11-29 21:49 1,409 --a------ c:\windows\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-24 08:01 --------- d-----w c:\program files\LogMeIn
2008-12-24 04:31 --------- d-----w c:\documents and settings\Owner\Application Data\AVGTOOLBAR
2008-12-23 16:20 97,993 --sha-w c:\windows\system32\podidede.dll
2008-12-23 16:20 84,184 ------w c:\windows\system32\pisiluvu.dll
2008-12-23 07:08 62,524 --sha-w c:\windows\system32\vufurajo.dll
2008-12-21 22:49 --------- d-----w c:\documents and settings\Owner\Application Data\Apple Computer
2008-12-21 22:36 --------- d-----w c:\program files\iPod
2008-12-21 22:33 --------- d-----w c:\program files\Apple Software Update
2008-11-22 07:52 --------- d-----w c:\program files\Windows Live
2008-11-20 04:26 --------- d-----w c:\documents and settings\Owner\Application Data\Twain
2008-11-20 04:15 97,928 ----a-w c:\windows\system32\drivers\avgldx86.sys
2008-11-20 04:15 76,040 ----a-w c:\windows\system32\drivers\avgtdix.sys
2008-11-20 04:14 --------- d-----w c:\program files\AVG
2008-11-20 04:14 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-11-19 00:43 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-11-18 20:31 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2008-11-18 05:32 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-18 05:32 --------- d-----w c:\program files\Hewlett-Packard
2008-11-18 05:01 --------- d-----w c:\program files\Compaq Instant Support
2008-11-18 04:58 --------- d-----w c:\program files\Easy Internet signup
2008-11-18 04:41 --------- d-----w c:\documents and settings\Owner\Application Data\MSN6
2008-11-18 04:37 --------- d-----w c:\documents and settings\Owner\Application Data\Symantec
2008-11-18 04:35 4,140 --sha-r c:\windows\system32\drivers\HP_PC182A-ABA SR1103WM NA430_YC_Pres_QCNC426_E43NAheREG3_4_IGamila Giovani Neon series_SMICRO-STAR INTERNATIONAL CO., LTD_V030_B3.11_T040517_WXH1_L409_M760_J40_7Intel_8Celeron_92.53_1_N10EC8139_P_Z1
1C1048C_K_A_U808624C2.MRK
2008-11-17 06:33 --------- d-----w c:\program files\Trend Micro
2008-11-17 06:08 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-17 05:23 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-17 05:15 --------- d-----w c:\program files\TeaTimer (Spybot - Search & Destroy)
2008-11-17 05:15 --------- d-----w c:\program files\SDHelper (Spybot - Search & Destroy)
2008-11-17 05:15 --------- d-----w c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2008-11-17 05:15 --------- d-----w c:\program files\File Scanner Library (Spybot - Search & Destroy)
2008-11-15 19:40 --------- d-----w c:\documents and settings\Owner\Application Data\AdobeUM
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-17 03:35 87,352 ----a-w c:\windows\system32\LMIinit.dll
2008-10-17 03:35 83,288 ----a-w c:\windows\system32\LMIRfsClientNP.dll
2008-10-17 03:35 28,984 ----a-w c:\windows\system32\LMIport.dll
2008-10-17 03:35 23,736 ----a-w c:\windows\system32\lmimirr.dll
2008-10-17 03:35 10,040 ----a-w c:\windows\system32\lmimirr2.dll
2008-10-16 22:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 22:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 22:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 22:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 22:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 22:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 22:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 22:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 22:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 22:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
.

((((((((((((((((((((((((((((( snapshot@2008-12-22_21.31.19.78 )))))))))))))))))))))))))))))))))))))))))
.
- 2005-10-21 04:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
+ 2005-10-21 03:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
- 2005-10-21 04:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
+ 2005-10-21 03:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
- 2000-08-31 16:00:00 28,672 ----a-w c:\windows\NIRCMD.exe
+ 2000-08-31 15:00:00 28,672 ----a-w c:\windows\NIRCMD.exe
- 2000-08-31 16:00:00 161,792 ----a-w c:\windows\SWREG.exe
+ 2000-08-31 15:00:00 161,792 ----a-w c:\windows\SWREG.exe
- 2008-12-23 03:01:49 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-12-23 07:00:35 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-12-23 03:01:49 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-12-23 07:00:35 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-12-18 04:07:26 53,436 ----a-w c:\windows\system32\perfc009.dat
+ 2008-12-25 00:03:18 53,436 ----a-w c:\windows\system32\perfc009.dat
- 2008-12-18 04:07:26 381,692 ----a-w c:\windows\system32\perfh009.dat
+ 2008-12-25 00:03:18 381,692 ----a-w c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_03\bin\jusched.exe" [2004-04-02 32881]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-08-20 118784]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-11 61440]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-04-02 151597]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-13 233472]
"PS2"="c:\windows\system32\ps2.exe" [2003-09-12 98304]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\documents and settings\Owner\My Documents\Programs\iTunesHelper.exe" [2008-11-20 290088]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 c:\windows\AGRSMMSG.exe]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 c:\windows\ALCXMNTR.EXE]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - c:\program files\Compaq Connections\1940576\Program\BackWeb-1940576.exe [2004-04-02 16384]
Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2003-07-30 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-16 20:35 87352 c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Compaq Connections\\1940576\\Program\\BackWeb-1940576.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Documents and Settings\\Owner\\Desktop\\SoulSeek.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\Owner\\My Documents\\Programs\\iTunes.exe"=
"c:\\Program Files\\LogMeIn\\x86\\LogMeInSystray.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-11-19 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-11-19 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-19 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-11-19 76040]
R2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys [2008-07-24 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\c:\windows\System32\drivers\LMIRfsDriver.sys [2008-11-17 47640]
S2 mrtRate;mrtRate; []
S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\DRIVERS\A3AB.sys [2004-03-12 344928]
S4 LMIRfsClientNP;LMIRfsClientNP; []

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder

2008-12-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q304&bd=presario&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q304&bd=presario&pf=desktop
uInternet Settings,ProxyOverride = localhost;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-24 19:16:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(524)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Completion time: 2008-12-24 19:19:58
ComboFix-quarantined-files.txt 2008-12-25 02:18:38
ComboFix2.txt 2008-12-25 00:19:47
ComboFix3.txt 2008-12-24 06:14:00
ComboFix4.txt 2008-12-23 06:03:36
ComboFix5.txt 2008-12-25 02:09:38

Pre-Run: 11,699,806,208 bytes free
Post-Run: 11,683,995,648 bytes free

191 --- E O F --- 2008-12-18 08:06:08

[kahdah]

Thanks for the sample files:
===================
Please download the OTMoveIt3 by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
• Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  :files
  c:\windows\system32\podidede.dll
  c:\windows\system32\pisiluvu.dll
  c:\windows\system32\vufurajo.dll
  c:\documents and settings\Owner\Application Data\Twain

• Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
======================
Please download ATF Cleaner by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
==============================================
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.

• The program will install and then begin downloading the latest definition files.
• After the files have been downloaded on the left side of the page in the Scan section select My Computer
• This will start the program and scan your system.
• The scan will take a while, so be patient and let it run.
• Once the scan is complete, click on View scan report
• Now, click on the Save Report as button.
• Save the file to your desktop.
• Copy and paste that information in your next post.

[mygrandmasaysimkool]

Results from the OTMoveIt (will post Kaspersky once done)

-------------------------------------------------------


========== FILES ==========
DllUnregisterServer procedure not found in c:\windows\system32\podidede.dll
c:\windows\system32\podidede.dll NOT unregistered.
c:\windows\system32\podidede.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\pisiluvu.dll
c:\windows\system32\pisiluvu.dll NOT unregistered.
c:\windows\system32\pisiluvu.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\vufurajo.dll
c:\windows\system32\vufurajo.dll NOT unregistered.
c:\windows\system32\vufurajo.dll moved successfully.
c:\documents and settings\Owner\Application Data\Twain moved successfully.

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12242008_215046

[kahdah]

Ok.

[mygrandmasaysimkool]

Kaspersky Scan

---------------------------------------------------



KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, December 25, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, December 25, 2008 01:37:52
Records in database: 1511444


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan statistics
Files scanned 88642
Threat name 1
Infected objects 1
Suspicious objects 0
Duration of the scan 03:12:03

File name Threat name Threats count
C:\Program Files\Common Files\Real\Toolbar\RealBar.dll Infected: not-a-virus:AdWare.Win32.MegaSearch.s 1

The selected area was scanned.

[kahdah]

• Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
• Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  :files
  C:\Program Files\Common Files\Real\Toolbar\RealBar.dll

• Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
===================================

Please post these logs in your next reply:

• Ot Move it log
• New Hijackthis log

[mygrandmasaysimkool]

OT MoveIt Scan

========== FILES ==========
C:\Program Files\Common Files\Real\Toolbar\RealBar.dll unregistered successfully.
C:\Program Files\Common Files\Real\Toolbar\RealBar.dll moved successfully.

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12252008_140653







HiJackThis Scan

----------------------------------------------------------------


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:09:16, on 12/25/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Documents and Settings\Owner\My Documents\Programs\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Owner\Desktop\OTMoveIt3.exe
C:\Documents and Settings\Owner\My Documents\Programs\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Documents and Settings\Owner\My Documents\Programs\iTunesHelper.exe"
O4 - HKLM\..\Run: [CPMf36d5045] Rundll32.exe "c:\windows\system32\podidede.dll",a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1226985509546
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1226986708515
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: c:\windows\system32\podidede.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\podidede.dll (file missing)
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\podidede.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 7353 bytes