Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

sagipsul.com virus I deleted speedrunner.exe [Solved]

Started by diannalcw , Jan 02 2009 05:56 PM

This topic is locked

#1
diannalcw

Posted 02 January 2009 - 05:56 PM

Member

Member
12 posts

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:44:01 PM, on 1/2/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG8\fixcfg.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\User\Desktop\HiJackThis.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

O2 - BHO: (no name) - {117f1f38-f052-4287-b452-dacf55f08336} - C:\WINDOWS\system32\sebajuyo.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\ljJYPGVo.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: {e7249da0-c0ba-b50a-f724-e927f434fe97} - {79ef434f-729e-427f-a05b-ab0c0ad9427e} - C:\WINDOWS\system32\msbaxp.dll
O2 - BHO: (no name) - {A777011B-C2F9-4AD0-A960-E7C9626512EF} - C:\WINDOWS\system32\iifcddEX.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [nohemipola] Rundll32.exe "C:\WINDOWS\system32\yeneriho.dll",s
O4 - HKLM\..\Run: [18e7ace6] rundll32.exe "C:\WINDOWS\system32\yxkdkwfg.dll",b
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\User\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-20\..\Run: [nohemipola] Rundll32.exe "C:\WINDOWS\system32\yeneriho.dll",s (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll,C:\WINDOWS\system32\lizazopi.dll msbaxp.dll
O20 - Winlogon Notify: ljJYPGVo - ljJYPGVo.dll (file missing)
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 6165 bytes

#2
fenzodahl512

Posted 04 January 2009 - 09:59 AM

Malware Removal
9,863 posts

Hello, my name is fenzodahl512 and welcome to Geekstogo.. Please do the following....

Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

NEXT

Please download RSIT by random/random and save it to your Desktop.

Double click on RSIT.exe to run RSIT
Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.

NEXT

Please download GMER and unzip it to your Desktop.

Open the program and click on the Rootkit tab.
Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
Click on Scan.
When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.

Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GMER result..

#3
diannalcw

Posted 04 January 2009 - 03:29 PM

Member

Topic Starter
Member
12 posts

Malwarebytes' Anti-Malware 1.31
Database version: 1612
Windows 5.1.2600 Service Pack 2

1/4/2009 3:27:11 PM
mbam-log-2009-01-04 (15-27-11).txt

Scan type: Full Scan (C:\|)
Objects scanned: 63673
Time elapsed: 18 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 4
Registry Keys Infected: 18
Registry Values Infected: 1
Registry Data Items Infected: 5
Folders Infected: 3
Files Infected: 43

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\iifcddEX.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\lizazopi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\yeneriho.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\sebajuyo.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75e01786-a66b-4c6a-8b80-5143d7aff389} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{75e01786-a66b-4c6a-8b80-5143d7aff389} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{eff0c046-904f-4f6c-81fc-c60c43620e57} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{eff0c046-904f-4f6c-81fc-c60c43620e57} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{117f1f38-f052-4287-b452-dacf55f08336} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{117f1f38-f052-4287-b452-dacf55f08336} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{117f1f38-f052-4287-b452-dacf55f08336} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75e01786-a66b-4c6a-8b80-5143d7aff389} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpeedRunner (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nohemipola (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\iifcddex -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\lizazopi.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\lizazopi.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\lizazopi.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\iifcddex -> Delete on reboot.

Folders Infected:
C:\Program Files\Webtools (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Mjcore (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\speedrunner (Adware.SurfAccuracy) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\iifcddEX.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\XEddcfii.ini (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\XEddcfii.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yaixza.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lbfkntxe.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\extnkfbl.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lnhgfuyt.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tyufghnl.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yxkdkwfg.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gfwkdkxy.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yeneriho.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\sebajuyo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\lizazopi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\B5TDTNOP\index[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\LSZFOZGU\VirusRemover2008_Setup_Free_en[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\OXQXYTE9\style[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\QDQ5VHEM\winsinstall[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\SZCU0ZQG\upd105320[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB561F18-7949-455E-87C3-52C968A42C3F}\RP29\A0004031.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB561F18-7949-455E-87C3-52C968A42C3F}\RP29\A0004032.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB561F18-7949-455E-87C3-52C968A42C3F}\RP29\A0004033.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB561F18-7949-455E-87C3-52C968A42C3F}\RP29\A0004034.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB561F18-7949-455E-87C3-52C968A42C3F}\RP29\A0004035.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB561F18-7949-455E-87C3-52C968A42C3F}\RP29\A0004036.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB561F18-7949-455E-87C3-52C968A42C3F}\RP29\A0004037.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB561F18-7949-455E-87C3-52C968A42C3F}\RP29\A0004038.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB561F18-7949-455E-87C3-52C968A42C3F}\RP29\A0004048.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB561F18-7949-455E-87C3-52C968A42C3F}\RP29\A0004049.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB561F18-7949-455E-87C3-52C968A42C3F}\RP29\A0004050.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB561F18-7949-455E-87C3-52C968A42C3F}\RP33\A0004226.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB561F18-7949-455E-87C3-52C968A42C3F}\RP34\A0004235.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB561F18-7949-455E-87C3-52C968A42C3F}\RP34\A0004236.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB561F18-7949-455E-87C3-52C968A42C3F}\RP34\A0004237.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB561F18-7949-455E-87C3-52C968A42C3F}\RP34\A0004238.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB561F18-7949-455E-87C3-52C968A42C3F}\RP34\A0004239.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB561F18-7949-455E-87C3-52C968A42C3F}\RP34\A0004240.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB561F18-7949-455E-87C3-52C968A42C3F}\RP34\A0004241.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB561F18-7949-455E-87C3-52C968A42C3F}\RP34\A0004242.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB561F18-7949-455E-87C3-52C968A42C3F}\RP34\A0004243.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iegluy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gikuxowy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dejufedu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\speedrunner\config.cfg (Adware.SurfAccuracy) -> Quarantined and deleted successfully.

#4
diannalcw

Posted 04 January 2009 - 03:48 PM

Member

Topic Starter
Member
12 posts

log.txt

Logfile of random's system information tool 1.05 (written by random/random)
Run by User at 2009-01-04 15:43:46
Microsoft Windows XP Professional Service Pack 2
System drive C: has 31 GB (82%) free of 38 GB
Total RAM: 1015 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:43:58 PM, on 1/4/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\User\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\User.exe

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKUS\S-1-5-19\..\Run: [nohemipola] Rundll32.exe "C:\WINDOWS\system32\yeneriho.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [nohemipola] Rundll32.exe "C:\WINDOWS\system32\yeneriho.dll",s (User 'NETWORK SERVICE')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: yaixza.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: ljJYPGVo - ljJYPGVo.dll (file missing)
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 3724 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\hsajwzct.job
C:\WINDOWS\tasks\Norton Security Scan for User.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-01-03 1078552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-03 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2009-01-03 1968920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2008-11-28 657904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-03 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-03 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2009-01-03 1968920]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-01-03 136600]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-01-03 1601304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\18e7ace6]
C:\WINDOWS\system32\yxkdkwfg.dll []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-01-03 1601304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]
C:\Documents and Settings\User\Application Data\mjusbsp\cdloader2.exe [2008-08-22 50520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe [2006-09-15 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe [2006-09-15 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe [2006-09-15 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2007-02-21 970752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2007-02-21 819200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nohemipola]
C:\WINDOWS\system32\yeneriho.dll []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [2007-09-25 132496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-11-28 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
C:\PROGRA~1\OPENOF~1.3\program\QUICKS~1.EXE [2007-08-17 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WLANKEEPER"=2
"sdCoreService"=3
"sdAuxService"=2
"gusvc"=2
"BAsfIpM"=2
"avg8wd"=2
"avg8emc"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="yaixza.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-01-03 10520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-09-15 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ljJYPGVo]
ljJYPGVo.dll []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Documents and Settings\User\Application Data\mjusbsp\magicJack.exe"="C:\Documents and Settings\User\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\Program Files\AVG\AVG8\avgrsx.exe"="C:\Program Files\AVG\AVG8\avgrsx.exe:*:Enabled:avgrsx"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe"="C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe:*:Enabled:S24EvMon"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
shell\AutoRun\command - E:\autorun.exe
shell\phone\command - E:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{713f6d9f-485c-11dd-85e0-b9c070adaee2}]
shell\AutoRun\command - eigp0.cmd
shell\explore\command - eigp0.cmd
shell\open\command - eigp0.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d06ed8f5-bd99-11dd-bf56-00166f8c33f9}]
shell\AutoRun\command - E:\autorun.exe
shell\phone\command - E:\autorun.exe

======List of files/folders created in the last 3 months======

65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\satevowa.dll
2009-01-04 15:43:46 ----D---- C:\rsit
2009-01-04 14:59:16 ----D---- C:\Documents and Settings\User\Application Data\Malwarebytes
2009-01-04 14:59:06 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-04 14:59:06 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-01-04 03:52:56 ----ASH---- C:\WINDOWS\system32\nefavega.dll
2009-01-03 22:16:28 ----D---- C:\Documents and Settings\User\Application Data\AVGTOOLBAR
2009-01-03 21:56:54 ----D---- C:\WINDOWS\Internet Logs
2009-01-03 20:08:01 ----A---- C:\WINDOWS\system32\javaws.exe
2009-01-03 20:08:01 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-01-03 20:08:00 ----A---- C:\WINDOWS\system32\javaw.exe
2009-01-03 20:08:00 ----A---- C:\WINDOWS\system32\java.exe
2009-01-02 19:09:26 ----D---- C:\WINDOWS\pss
2009-01-02 17:43:44 ----D---- C:\Program Files\Trend Micro
2009-01-02 15:55:30 ----D---- C:\WINDOWS\system32\LogFiles
2009-01-01 22:26:22 ----ASH---- C:\WINDOWS\system32\orokarur.ini
2009-01-01 10:26:25 ----ASH---- C:\WINDOWS\system32\iwazetir.ini
2009-01-01 09:09:01 ----ASH---- C:\WINDOWS\system32\rtdnkqug.ini
2008-12-27 12:58:49 ----D---- C:\Documents and Settings\User\Application Data\Twain
2008-12-27 12:56:24 ----ASH---- C:\WINDOWS\system32\bgwcqcub.ini
2008-12-27 12:53:45 ----A---- C:\WINDOWS\system32\13c46898-.txt
2008-12-27 12:48:55 ----HD---- C:\$AVG8.VAULT$
2008-12-27 08:49:41 ----D---- C:\WINDOWS\system32\WunderPhoto Screensaver dir
2008-12-21 20:08:28 ----D---- C:\WINDOWS\system32\IOSUBSYS
2008-12-20 19:19:41 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$
2008-12-13 14:09:34 ----D---- C:\WINDOWS\Sun
2008-12-11 10:00:04 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-11 09:59:58 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-11 09:59:29 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2008-12-11 09:59:15 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-11 09:59:01 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-07 11:57:52 ----D---- C:\Documents and Settings\User\Application Data\Macromedia
2008-12-03 13:09:59 ----D---- C:\Documents and Settings\User\Application Data\Help
2008-12-01 12:44:00 ----D---- C:\Documents and Settings\User\Application Data\OpenOffice.org2
2008-12-01 12:24:36 ----D---- C:\Documents and Settings\User\Application Data\Adobe
2008-11-30 03:04:36 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-11-30 03:04:27 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-11-30 03:04:19 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-11-30 03:04:10 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-11-30 03:04:02 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-11-30 03:03:54 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-11-30 03:03:45 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-11-30 03:03:35 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-11-30 03:03:25 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-11-30 03:03:10 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-11-30 03:02:55 ----D---- C:\Program Files\MSXML 6.0
2008-11-30 03:02:43 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-11-30 03:02:34 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-30 03:02:25 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-11-30 03:02:13 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-11-30 03:02:03 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-11-30 03:01:55 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-11-30 03:01:47 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-11-30 03:01:36 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-30 03:01:10 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-11-30 03:00:31 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2008-11-29 18:39:40 ----A---- C:\WINDOWS\system32\wmpns.dll
2008-11-29 14:30:41 ----D---- C:\Documents and Settings\User\Application Data\Mozilla
2008-11-29 03:03:50 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-11-29 03:00:29 ----D---- C:\WINDOWS\system32\PreInstall
2008-11-29 03:00:28 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2008-11-29 03:00:27 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2008-11-28 16:34:50 ----D---- C:\Program Files\Spyware Doctor
2008-11-28 16:34:50 ----D---- C:\Documents and Settings\User\Application Data\PC Tools
2008-11-28 16:34:48 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-11-28 16:33:37 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-11-28 16:33:33 ----D---- C:\Program Files\Common Files\Adobe
2008-11-28 16:33:33 ----D---- C:\Program Files\Adobe
2008-11-28 16:31:49 ----D---- C:\Program Files\Mozilla Firefox
2008-11-28 16:31:39 ----D---- C:\temp
2008-11-28 16:31:19 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-11-28 16:31:14 ----D---- C:\Program Files\Norton Security Scan
2008-11-28 16:30:45 ----A---- C:\WINDOWS\system32\vxblock.dll
2008-11-28 16:30:45 ----A---- C:\WINDOWS\system32\pxwave.dll
2008-11-28 16:30:45 ----A---- C:\WINDOWS\system32\pxmas.dll
2008-11-28 16:30:45 ----A---- C:\WINDOWS\system32\pxhpinst.exe
2008-11-28 16:30:45 ----A---- C:\WINDOWS\system32\pxdrv.dll
2008-11-28 16:30:45 ----A---- C:\WINDOWS\system32\px.dll
2008-11-28 16:30:01 ----D---- C:\WINDOWS\system32\runtime
2008-11-28 16:29:59 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2008-11-28 16:29:25 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-11-28 16:29:22 ----D---- C:\Program Files\Google
2008-11-28 16:21:10 ----D---- C:\Documents and Settings\User\Application Data\mjusbsp
2008-11-28 16:12:32 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wups2.dll
2008-10-16 14:09:40 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-10-16 14:07:44 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-10-16 14:07:14 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-15 09:27:11 ----D---- C:\Documents and Settings\User\Application Data\AVS4YOU
2008-10-15 09:27:07 ----D---- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2008-10-15 09:27:03 ----SHD---- C:\RECYCLER
2008-10-14 15:23:34 ----D---- C:\Program Files\Burn4Free
2008-10-14 15:22:44 ----D---- C:\Program Files\OpenOffice.org 2.3
2008-10-14 15:22:09 ----D---- C:\Program Files\Java
2008-10-14 15:22:08 ----D---- C:\Program Files\Common Files\Java
2008-10-14 15:21:41 ----A---- C:\WINDOWS\system32\avgrsstx.dll.install_backup
2008-10-14 15:21:41 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2008-10-14 15:21:30 ----D---- C:\Program Files\AVG
2008-10-14 15:21:29 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-10-14 15:20:54 ----D---- C:\Documents and Settings\User\Application Data\Sun
2008-10-14 15:20:41 ----D---- C:\Program Files\Common Files\AVSMedia
2008-10-14 15:20:33 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2008-10-14 15:20:33 ----A---- C:\WINDOWS\system32\xvidcore.dll
2008-10-14 15:20:33 ----A---- C:\WINDOWS\system32\mpg4c32.dll
2008-10-14 15:20:33 ----A---- C:\WINDOWS\system32\mcdvd_32.dll
2008-10-14 15:20:33 ----A---- C:\WINDOWS\system32\divx.dll
2008-10-14 15:20:32 ----A---- C:\WINDOWS\system32\msxml3a.dll
2008-10-14 15:20:32 ----A---- C:\WINDOWS\system32\msvcp70.dll
2008-10-14 15:20:32 ----A---- C:\WINDOWS\system32\mfc70.dll
2008-10-14 15:20:32 ----A---- C:\WINDOWS\system32\GdiPlus.dll
2008-10-14 15:20:31 ----D---- C:\Program Files\AVS4YOU
2008-10-14 15:20:31 ----A---- C:\WINDOWS\system32\msvcr70.dll
2008-10-14 15:19:30 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-10-14 15:19:30 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

======List of files/folders modified in the last 3 months======

2009-01-04 15:40:05 ----D---- C:\WINDOWS\Temp
2009-01-04 15:34:24 ----D---- C:\WINDOWS\system32\drivers
2009-01-04 15:34:24 ----D---- C:\WINDOWS\system32
2009-01-04 15:33:56 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-04 15:33:22 ----D---- C:\WINDOWS\Prefetch
2009-01-04 15:27:06 ----RD---- C:\Program Files
2009-01-03 22:15:11 ----D---- C:\WINDOWS
2009-01-03 21:18:07 ----D---- C:\WINDOWS\SoftwareDistribution
2009-01-03 20:08:29 ----SHD---- C:\WINDOWS\Installer
2009-01-03 20:02:43 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-02 19:10:38 ----SH---- C:\boot.ini
2009-01-02 19:10:38 ----N---- C:\WINDOWS\system.ini
2009-01-02 19:10:38 ----A---- C:\WINDOWS\win.ini
2008-12-27 13:18:36 ----HD---- C:\WINDOWS\inf
2008-12-27 12:48:58 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-27 12:48:25 ----SD---- C:\WINDOWS\Tasks
2008-12-20 19:19:50 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-20 19:19:10 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-12 11:33:23 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-11 10:00:09 ----A---- C:\WINDOWS\imsins.BAK
2008-12-11 09:59:39 ----D---- C:\Program Files\Internet Explorer
2008-12-03 13:09:59 ----D---- C:\WINDOWS\Help
2008-11-30 03:04:21 ----D---- C:\Program Files\Messenger
2008-11-30 03:01:57 ----D---- C:\WINDOWS\WinSxS
2008-11-29 18:42:02 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-29 16:16:17 ----SD---- C:\Documents and Settings\User\Application Data\Microsoft
2008-11-29 03:19:19 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-29 03:03:50 ----D---- C:\WINDOWS\Debug
2008-11-28 16:33:33 ----D---- C:\Program Files\Common Files
2008-11-07 18:32:20 ----A---- C:\WINDOWS\system32\WMVCore.dll
2008-10-23 07:01:36 ----A---- C:\WINDOWS\system32\gdi32.dll
2008-10-22 03:47:07 ----A---- C:\WINDOWS\system32\tzchange.exe
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-10-16 14:12:22 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-10-16 14:12:20 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\cdm.dll
2008-10-16 14:08:58 ----A---- C:\WINDOWS\system32\wups.dll
2008-10-16 04:37:04 ----A---- C:\WINDOWS\system32\urlmon.dll
2008-10-16 04:37:04 ----A---- C:\WINDOWS\system32\browseui.dll
2008-10-16 04:37:03 ----A---- C:\WINDOWS\system32\wininet.dll
2008-10-16 04:37:03 ----A---- C:\WINDOWS\system32\shlwapi.dll
2008-10-16 04:37:03 ----A---- C:\WINDOWS\system32\shdocvw.dll
2008-10-16 04:37:03 ----A---- C:\WINDOWS\system32\mshtmled.dll
2008-10-16 04:37:03 ----A---- C:\WINDOWS\system32\jsproxy.dll
2008-10-16 04:37:02 ----A---- C:\WINDOWS\system32\pngfilt.dll
2008-10-16 04:37:02 ----A---- C:\WINDOWS\system32\mstime.dll
2008-10-16 04:37:02 ----A---- C:\WINDOWS\system32\msrating.dll
2008-10-16 04:37:02 ----A---- C:\WINDOWS\system32\inseng.dll
2008-10-16 04:37:02 ----A---- C:\WINDOWS\system32\iepeers.dll
2008-10-16 04:37:02 ----A---- C:\WINDOWS\system32\extmgr.dll
2008-10-16 04:37:02 ----A---- C:\WINDOWS\system32\dxtrans.dll
2008-10-16 04:37:02 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2008-10-16 04:37:02 ----A---- C:\WINDOWS\system32\danim.dll
2008-10-16 04:37:02 ----A---- C:\WINDOWS\system32\cdfview.dll
2008-10-15 10:57:55 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-15 08:00:41 ----A---- C:\WINDOWS\system32\xpsp3res.dll
2008-10-14 15:23:06 ----RSD---- C:\WINDOWS\Fonts
2008-10-14 15:20:40 ----D---- C:\Program Files\Common Files\Microsoft Shared

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-01-03 324872]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-01-03 27656]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-01-03 107272]
R1 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2008-11-28 66952]
R1 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2008-11-28 81288]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.6.0.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-07-02 21425]
R2 BASFND;BASFND; \??\C:\WINDOWS\system32\Drivers\BASFND.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2007-02-21 12416]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2006-05-10 156160]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 GTIPCI21;GTIPCI21; C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2006-04-06 88192]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS [2005-05-03 1033728]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2005-05-03 208384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-09-15 1173468]
R3 STAC97;SigmaTel C-Major Audio; C:\WINDOWS\system32\drivers\STAC97.sys [2005-03-10 273168]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 w29n51;Intel® PRO/Wireless 2915ABG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2007-02-08 2209408]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-05-03 705408]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\drivers\UIUSys.sys []
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-01-03 298264]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-02-21 643072]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-03 152984]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-02-21 327680]
R2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2007-02-21 983040]
S4 BAsfIpM;Broadcom ASF IP monitoring service v6.0.4; C:\WINDOWS\system32\basfipm.exe [2004-04-01 77824]
S4 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-28 168432]
S4 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]
S4 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2008-11-28 1079176]
S4 WLANKEEPER;Intel® PROSet/Wireless SSO Service; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2007-02-21 294912]

-----------------EOF-----------------

info.txt

info.txt logfile of random's system information tool 1.05 2009-01-04 15:44:00

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
AVG 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
AVS DVD Player version 2.4-->"C:\Program Files\AVS4YOU\AVSDVDPlayer\unins000.exe"
Broadcom ASF Management Applications-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{25D24E84-64A9-40D2-85CF-540B1C4A6D52} /l1033
Broadcom Gigabit Integrated Controller-->MsiExec.exe /X{7E369B27-13E2-41A5-9879-358EE1C8B5AD}
Burn4Free CD and DVD-->"C:\Program Files\Burn4Free\uninstall.exe"
C-Major Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Conexant D110 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1\HXFSETUP.EXE -U -Idel5422k.inf
Google Photos Screensaver-->MsiExec.exe /X{481E9852-DA0C-403B-ADA4-05D86C8BF9A9}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HijackThis 2.0.2-->"C:\Documents and Settings\User\Desktop\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Intel® Graphics Media Accelerator Driver for Mobile-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592
Intel® PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDriver-->MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mHlpDell-->MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mSCfg-->MsiExec.exe /I{829CD169-E692-48E8-9BDE-A3E8D8B65538}
mSSO-->MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mWMI-->MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}
mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
Norton Security Scan (Symantec Corporation)-->"C:\Program Files\Common Files\Symantec Shared\NSSSetup\{795AF20A-51C5-4BAF-9EF5-AA38105C6141}_2_0_0\NSSSetup.exe" /X
Norton Security Scan-->MsiExec.exe /X{795AF20A-51C5-4BAF-9EF5-AA38105C6141}
OpenOffice.org 2.3-->MsiExec.exe /I{2F29D6D2-824E-4FEF-8AED-7013F39F642A}
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyware Doctor 6.0-->C:\Program Files\Spyware Doctor\unins000.exe /LOG
Texas Instruments PCIxx21/x515/xx12 drivers.-->C:\Program Files\InstallShield Installation Information\{0E0479F8-180F-4054-B4F7-17EE657F90BF}\setup.exe -runfromtemp -l0x0409
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
WunderPhoto Screensaver-->C:\WINDOWS\system32\WunderPhoto Screensaver.scr /u

======Security center information======

AV: AVG Anti-Virus

System event log

Computer Name: USER-FCBCBAD7D9
Event Code: 256
Message: Timed out sending notification of device interface change to window of "IWMSWindow"

Record Number: 1896
Source Name: PlugPlayManager
Time Written: 20081228060050.000000-360
Event Type: warning
User:

Computer Name: USER-FCBCBAD7D9
Event Code: 256
Message: Timed out sending notification of device interface change to window of "IWMSWindow"

Record Number: 1895
Source Name: PlugPlayManager
Time Written: 20081228060050.000000-360
Event Type: warning
User:

Computer Name: USER-FCBCBAD7D9
Event Code: 256
Message: Timed out sending notification of device interface change to window of "IWMSWindow"

Record Number: 1894
Source Name: PlugPlayManager
Time Written: 20081228060050.000000-360
Event Type: warning
User:

Computer Name: USER-FCBCBAD7D9
Event Code: 256
Message: Timed out sending notification of device interface change to window of "IWMSWindow"

Record Number: 1893
Source Name: PlugPlayManager
Time Written: 20081228060050.000000-360
Event Type: warning
User:

Computer Name: USER-FCBCBAD7D9
Event Code: 256
Message: Timed out sending notification of device interface change to window of "IWMSWindow"

Record Number: 1892
Source Name: PlugPlayManager
Time Written: 20081228060050.000000-360
Event Type: warning
User:

Application event log

Computer Name: USER-FCBCBAD7D9
Event Code: 1000
Message: Performance counters for the MSDTC (MSDTC) service were loaded successfully.
The Record Data contains the new index values assigned
to this service.

Record Number: 5
Source Name: LoadPerf
Time Written: 20080702121634.000000-300
Event Type: information
User:

Computer Name: USER-FCBCBAD7D9
Event Code: 1000
Message: Performance counters for the TermService (Terminal Services) service were loaded successfully.
The Record Data contains the new index values assigned
to this service.

Record Number: 4
Source Name: LoadPerf
Time Written: 20080702121630.000000-300
Event Type: information
User:

Computer Name: USER-FCBCBAD7D9
Event Code: 1000
Message: Performance counters for the RemoteAccess (Routing and Remote Access) service were loaded successfully.
The Record Data contains the new index values assigned
to this service.

Record Number: 3
Source Name: LoadPerf
Time Written: 20080702121522.000000-300
Event Type: information
User:

Computer Name: USER-FCBCBAD7D9
Event Code: 1000
Message: Performance counters for the PSched (PSched) service were loaded successfully.
The Record Data contains the new index values assigned
to this service.

Record Number: 2
Source Name: LoadPerf
Time Written: 20080702121451.000000-300
Event Type: information
User:

Computer Name: USER-FCBCBAD7D9
Event Code: 1000
Message: Performance counters for the RSVP (QoS RSVP) service were loaded successfully.
The Record Data contains the new index values assigned
to this service.

Record Number: 1
Source Name: LoadPerf
Time Written: 20080702121450.000000-300
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0d08
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

#5
fenzodahl512

Posted 04 January 2009 - 10:06 PM

Malware Removal
9,863 posts

Please download the OTMoveIt3 by OldTimer

Save it to your Desktop.
Please double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
Let the Unregister Dll's and Ocx's remain ticked and Zip Files After Moves remain unticked..

Copy the codebox contents and paste it to the "Paste List of Files/Folders to Move" window (under the light Yellow bar)

:processes
explorer.exe

:files
C:\WINDOWS\tasks\hsajwzct.job
C:\WINDOWS\system32\yxkdkwfg.dll
C:\WINDOWS\system32\yeneriho.dll
C:\WINDOWS\system32\satevowa.dll
C:\WINDOWS\system32\nefavega.dll
C:\WINDOWS\system32\orokarur.ini
C:\WINDOWS\system32\iwazetir.ini
C:\WINDOWS\system32\rtdnkqug.ini
C:\Documents and Settings\User\Application Data\Twain
C:\WINDOWS\system32\bgwcqcub.ini
C:\WINDOWS\system32\13c46898-.txt

:reg
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\18e7ace6]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nohemipola]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=""
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ljJYPGVo]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{713f6d9f-485c-11dd-85e0-b9c070adaee2}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d06ed8f5-bd99-11dd-bf56-00166f8c33f9}]

:commands
[purity]
[emptytemp]
[start explorer]
[reboot]

Click the red Moveit! button.
A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
Close OTMoveIt3

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Run RSIT again.. Post these logs in your next reply..

1. OTMoveIt3
2. RSIT log.txt

#6
diannalcw

Posted 05 January 2009 - 03:25 PM

Member

Topic Starter
Member
12 posts

Hello, my name is fenzodahl512 and welcome to Geekstogo.. Please do the following....

Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

NEXT

Please download RSIT by random/random and save it to your Desktop.
Double click on RSIT.exe to run RSIT
Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.

NEXT

Please download GMER and unzip it to your Desktop.
Open the program and click on the Rootkit tab.
Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
Click on Scan.
When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.

Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GMER result..

Attached Files

gmer.txt 2.4KB 202 downloads

#7
diannalcw

Posted 05 January 2009 - 03:57 PM

Member

Topic Starter
Member
12 posts

Please download the OTMoveIt3 by OldTimer
Save it to your Desktop.
Please double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
Let the Unregister Dll's and Ocx's remain ticked and Zip Files After Moves remain unticked..
Copy the codebox contents and paste it to the "Paste List of Files/Folders to Move" window (under the light Yellow bar)
:processes
explorer.exe

:files
C:\WINDOWS\tasks\hsajwzct.job
C:\WINDOWS\system32\yxkdkwfg.dll
C:\WINDOWS\system32\yeneriho.dll
C:\WINDOWS\system32\satevowa.dll
C:\WINDOWS\system32\nefavega.dll
C:\WINDOWS\system32\orokarur.ini
C:\WINDOWS\system32\iwazetir.ini
C:\WINDOWS\system32\rtdnkqug.ini
C:\Documents and Settings\User\Application Data\Twain
C:\WINDOWS\system32\bgwcqcub.ini
C:\WINDOWS\system32\13c46898-.txt

:reg
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\18e7ace6]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nohemipola]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=""
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ljJYPGVo]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{713f6d9f-485c-11dd-85e0-b9c070adaee2}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d06ed8f5-bd99-11dd-bf56-00166f8c33f9}]

:commands
[purity]
[emptytemp]
[start explorer]
[reboot]
Click the red Moveit! button.
A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Run RSIT again.. Post these logs in your next reply..

1. OTMoveIt3
2. RSIT log.txt

OTmoveIt3

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
C:\WINDOWS\tasks\hsajwzct.job moved successfully.
File/Folder C:\WINDOWS\system32\yxkdkwfg.dll not found.
File/Folder C:\WINDOWS\system32\yeneriho.dll not found.
LoadLibrary failed for C:\WINDOWS\system32\satevowa.dll
C:\WINDOWS\system32\satevowa.dll NOT unregistered.
C:\WINDOWS\system32\satevowa.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\nefavega.dll
C:\WINDOWS\system32\nefavega.dll NOT unregistered.
C:\WINDOWS\system32\nefavega.dll moved successfully.
C:\WINDOWS\system32\orokarur.ini moved successfully.
C:\WINDOWS\system32\iwazetir.ini moved successfully.
C:\WINDOWS\system32\rtdnkqug.ini moved successfully.
C:\Documents and Settings\User\Application Data\Twain moved successfully.
C:\WINDOWS\system32\bgwcqcub.ini moved successfully.
C:\WINDOWS\system32\13c46898-.txt moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\18e7ace6\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nohemipola\\ deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_DLLS"|"" /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ljJYPGVo\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{713f6d9f-485c-11dd-85e0-b9c070adaee2}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d06ed8f5-bd99-11dd-bf56-00166f8c33f9}\\ deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\User\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\User\LOCALS~1\Temp\etilqs_53y0O2D1pwokJenUcAgV scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\User\LOCALS~1\Temp\etilqs_G4dNs77mx8mMbeZoOJ8e scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\User\LOCALS~1\Temp\etilqs_G4dNs77mx8mMbeZoOJ8e-journal scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\a1eb68cf-30be-41ef-a230-c4c1ce0fc330.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\d91033e4-3503-42bc-9a4f-75a3e7a11059.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_a8.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\d4ng09zv.default\OfflineCache\index.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\d4ng09zv.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\d4ng09zv.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\d4ng09zv.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\d4ng09zv.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\d4ng09zv.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\d4ng09zv.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01052009_154309

Files moved on Reboot...
C:\DOCUME~1\User\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe moved successfully.
File C:\DOCUME~1\User\LOCALS~1\Temp\etilqs_53y0O2D1pwokJenUcAgV not found!
File C:\DOCUME~1\User\LOCALS~1\Temp\etilqs_G4dNs77mx8mMbeZoOJ8e not found!
File C:\DOCUME~1\User\LOCALS~1\Temp\etilqs_G4dNs77mx8mMbeZoOJ8e-journal not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
C:\WINDOWS\temp\a1eb68cf-30be-41ef-a230-c4c1ce0fc330.tmp moved successfully.
C:\WINDOWS\temp\d91033e4-3503-42bc-9a4f-75a3e7a11059.tmp moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_a8.dat not found!
C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\d4ng09zv.default\OfflineCache\index.sqlite moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\d4ng09zv.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\d4ng09zv.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\d4ng09zv.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\d4ng09zv.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\d4ng09zv.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\d4ng09zv.default\XUL.mfl moved successfully.

RSIT

Logfile of random's system information tool 1.05 (written by random/random)
Run by User at 2009-01-05 15:54:24
Microsoft Windows XP Professional Service Pack 2
System drive C: has 31 GB (82%) free of 38 GB
Total RAM: 1015 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:54:32 PM, on 1/5/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Documents and Settings\User\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\User.exe

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKUS\S-1-5-19\..\Run: [nohemipola] Rundll32.exe "C:\WINDOWS\system32\yeneriho.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [nohemipola] Rundll32.exe "C:\WINDOWS\system32\yeneriho.dll",s (User 'NETWORK SERVICE')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 3616 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Norton Security Scan for User.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-01-03 1078552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-03 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2009-01-03 1968920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2008-11-28 657904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-03 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-03 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2009-01-03 1968920]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-01-03 136600]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-01-03 1601304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-01-03 1601304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]
C:\Documents and Settings\User\Application Data\mjusbsp\cdloader2.exe [2008-08-22 50520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe [2006-09-15 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe [2006-09-15 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe [2006-09-15 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2007-02-21 970752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2007-02-21 819200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [2007-09-25 132496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-11-28 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
C:\PROGRA~1\OPENOF~1.3\program\QUICKS~1.EXE [2007-08-17 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WLANKEEPER"=2
"sdCoreService"=3
"sdAuxService"=2
"gusvc"=2
"BAsfIpM"=2
"avg8wd"=2
"avg8emc"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-01-03 10520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-09-15 139264]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Documents and Settings\User\Application Data\mjusbsp\magicJack.exe"="C:\Documents and Settings\User\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\Program Files\AVG\AVG8\avgrsx.exe"="C:\Program Files\AVG\AVG8\avgrsx.exe:*:Enabled:avgrsx"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe"="C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe:*:Enabled:S24EvMon"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 3 months======

2009-01-05 15:43:09 ----D---- C:\_OTMoveIt
2009-01-05 15:04:52 ----A---- C:\WINDOWS\gmer.ini
2009-01-05 15:04:51 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2009-01-05 15:04:50 ----RA---- C:\WINDOWS\gmer.exe
2009-01-05 15:04:50 ----A---- C:\WINDOWS\gmer.dll
2009-01-04 15:43:46 ----D---- C:\rsit
2009-01-04 14:59:16 ----D---- C:\Documents and Settings\User\Application Data\Malwarebytes
2009-01-04 14:59:06 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-04 14:59:06 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-01-03 22:16:28 ----D---- C:\Documents and Settings\User\Application Data\AVGTOOLBAR
2009-01-03 21:56:54 ----D---- C:\WINDOWS\Internet Logs
2009-01-03 20:08:01 ----A---- C:\WINDOWS\system32\javaws.exe
2009-01-03 20:08:01 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-01-03 20:08:00 ----A---- C:\WINDOWS\system32\javaw.exe
2009-01-03 20:08:00 ----A---- C:\WINDOWS\system32\java.exe
2009-01-02 19:09:26 ----D---- C:\WINDOWS\pss
2009-01-02 17:43:44 ----D---- C:\Program Files\Trend Micro
2009-01-02 15:55:30 ----D---- C:\WINDOWS\system32\LogFiles
2008-12-27 12:48:55 ----HD---- C:\$AVG8.VAULT$
2008-12-27 08:49:41 ----D---- C:\WINDOWS\system32\WunderPhoto Screensaver dir
2008-12-21 20:08:28 ----D---- C:\WINDOWS\system32\IOSUBSYS
2008-12-20 19:19:41 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$
2008-12-13 14:09:34 ----D---- C:\WINDOWS\Sun
2008-12-11 10:00:04 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-11 09:59:58 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-11 09:59:29 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2008-12-11 09:59:15 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-11 09:59:01 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-07 11:57:52 ----D---- C:\Documents and Settings\User\Application Data\Macromedia
2008-12-03 13:09:59 ----D---- C:\Documents and Settings\User\Application Data\Help
2008-12-01 12:44:00 ----D---- C:\Documents and Settings\User\Application Data\OpenOffice.org2
2008-12-01 12:24:36 ----D---- C:\Documents and Settings\User\Application Data\Adobe
2008-11-30 03:04:36 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-11-30 03:04:27 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-11-30 03:04:19 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-11-30 03:04:10 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-11-30 03:04:02 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-11-30 03:03:54 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-11-30 03:03:45 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-11-30 03:03:35 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-11-30 03:03:25 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-11-30 03:03:10 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-11-30 03:02:55 ----D---- C:\Program Files\MSXML 6.0
2008-11-30 03:02:43 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-11-30 03:02:34 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-30 03:02:25 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-11-30 03:02:13 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-11-30 03:02:03 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-11-30 03:01:55 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-11-30 03:01:47 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-11-30 03:01:36 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-30 03:01:10 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-11-30 03:00:31 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2008-11-29 18:39:40 ----A---- C:\WINDOWS\system32\wmpns.dll
2008-11-29 14:30:41 ----D---- C:\Documents and Settings\User\Application Data\Mozilla
2008-11-29 03:03:50 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-11-29 03:00:29 ----D---- C:\WINDOWS\system32\PreInstall
2008-11-29 03:00:28 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2008-11-29 03:00:27 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2008-11-28 16:34:50 ----D---- C:\Program Files\Spyware Doctor
2008-11-28 16:34:50 ----D---- C:\Documents and Settings\User\Application Data\PC Tools
2008-11-28 16:34:48 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-11-28 16:33:37 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-11-28 16:33:33 ----D---- C:\Program Files\Common Files\Adobe
2008-11-28 16:33:33 ----D---- C:\Program Files\Adobe
2008-11-28 16:31:49 ----D---- C:\Program Files\Mozilla Firefox
2008-11-28 16:31:39 ----D---- C:\temp
2008-11-28 16:31:19 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-11-28 16:31:14 ----D---- C:\Program Files\Norton Security Scan
2008-11-28 16:30:45 ----A---- C:\WINDOWS\system32\vxblock.dll
2008-11-28 16:30:45 ----A---- C:\WINDOWS\system32\pxwave.dll
2008-11-28 16:30:45 ----A---- C:\WINDOWS\system32\pxmas.dll
2008-11-28 16:30:45 ----A---- C:\WINDOWS\system32\pxhpinst.exe
2008-11-28 16:30:45 ----A---- C:\WINDOWS\system32\pxdrv.dll
2008-11-28 16:30:45 ----A---- C:\WINDOWS\system32\px.dll
2008-11-28 16:30:01 ----D---- C:\WINDOWS\system32\runtime
2008-11-28 16:29:59 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2008-11-28 16:29:25 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-11-28 16:29:22 ----D---- C:\Program Files\Google
2008-11-28 16:21:10 ----D---- C:\Documents and Settings\User\Application Data\mjusbsp
2008-11-28 16:12:32 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wups2.dll
2008-10-16 14:09:40 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-10-16 14:07:44 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-10-16 14:07:14 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-15 09:27:11 ----D---- C:\Documents and Settings\User\Application Data\AVS4YOU
2008-10-15 09:27:07 ----D---- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2008-10-15 09:27:03 ----SHD---- C:\RECYCLER
2008-10-14 15:23:34 ----D---- C:\Program Files\Burn4Free
2008-10-14 15:22:44 ----D---- C:\Program Files\OpenOffice.org 2.3
2008-10-14 15:22:09 ----D---- C:\Program Files\Java
2008-10-14 15:22:08 ----D---- C:\Program Files\Common Files\Java
2008-10-14 15:21:41 ----A---- C:\WINDOWS\system32\avgrsstx.dll.install_backup
2008-10-14 15:21:41 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2008-10-14 15:21:30 ----D---- C:\Program Files\AVG
2008-10-14 15:21:29 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-10-14 15:20:54 ----D---- C:\Documents and Settings\User\Application Data\Sun
2008-10-14 15:20:41 ----D---- C:\Program Files\Common Files\AVSMedia
2008-10-14 15:20:33 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2008-10-14 15:20:33 ----A---- C:\WINDOWS\system32\xvidcore.dll
2008-10-14 15:20:33 ----A---- C:\WINDOWS\system32\mpg4c32.dll
2008-10-14 15:20:33 ----A---- C:\WINDOWS\system32\mcdvd_32.dll
2008-10-14 15:20:33 ----A---- C:\WINDOWS\system32\divx.dll
2008-10-14 15:20:32 ----A---- C:\WINDOWS\system32\msxml3a.dll
2008-10-14 15:20:32 ----A---- C:\WINDOWS\system32\msvcp70.dll
2008-10-14 15:20:32 ----A---- C:\WINDOWS\system32\mfc70.dll
2008-10-14 15:20:32 ----A---- C:\WINDOWS\system32\GdiPlus.dll
2008-10-14 15:20:31 ----D---- C:\Program Files\AVS4YOU
2008-10-14 15:20:31 ----A---- C:\WINDOWS\system32\msvcr70.dll
2008-10-14 15:19:30 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-10-14 15:19:30 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

======List of files/folders modified in the last 3 months======

2009-01-05 15:52:40 ----D---- C:\WINDOWS\Temp
2009-01-05 15:48:39 ----D---- C:\WINDOWS\Prefetch
2009-01-05 15:46:11 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-05 15:44:46 ----D---- C:\WINDOWS\system32
2009-01-05 15:43:09 ----SD---- C:\WINDOWS\Tasks
2009-01-05 15:04:52 ----D---- C:\WINDOWS
2009-01-05 15:04:51 ----D---- C:\WINDOWS\system32\drivers
2009-01-04 15:27:06 ----RD---- C:\Program Files
2009-01-03 21:18:07 ----D---- C:\WINDOWS\SoftwareDistribution
2009-01-03 20:08:29 ----SHD---- C:\WINDOWS\Installer
2009-01-03 20:02:43 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-02 19:10:38 ----SH---- C:\boot.ini
2009-01-02 19:10:38 ----N---- C:\WINDOWS\system.ini
2009-01-02 19:10:38 ----A---- C:\WINDOWS\win.ini
2008-12-27 13:18:36 ----HD---- C:\WINDOWS\inf
2008-12-27 12:48:58 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-20 19:19:50 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-20 19:19:10 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-12 11:33:23 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-11 10:00:09 ----A---- C:\WINDOWS\imsins.BAK
2008-12-11 09:59:39 ----D---- C:\Program Files\Internet Explorer
2008-12-03 13:09:59 ----D---- C:\WINDOWS\Help
2008-11-30 03:04:21 ----D---- C:\Program Files\Messenger
2008-11-30 03:01:57 ----D---- C:\WINDOWS\WinSxS
2008-11-29 18:42:02 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-29 16:16:17 ----SD---- C:\Documents and Settings\User\Application Data\Microsoft
2008-11-29 03:19:19 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-29 03:03:50 ----D---- C:\WINDOWS\Debug
2008-11-28 16:33:33 ----D---- C:\Program Files\Common Files
2008-11-07 18:32:20 ----A---- C:\WINDOWS\system32\WMVCore.dll
2008-10-23 07:01:36 ----A---- C:\WINDOWS\system32\gdi32.dll
2008-10-22 03:47:07 ----A---- C:\WINDOWS\system32\tzchange.exe
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-10-16 14:12:22 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-10-16 14:12:20 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\cdm.dll
2008-10-16 14:08:58 ----A---- C:\WINDOWS\system32\wups.dll
2008-10-16 04:37:04 ----A---- C:\WINDOWS\system32\urlmon.dll
2008-10-16 04:37:04 ----A---- C:\WINDOWS\system32\browseui.dll
2008-10-16 04:37:03 ----A---- C:\WINDOWS\system32\wininet.dll
2008-10-16 04:37:03 ----A---- C:\WINDOWS\system32\shlwapi.dll
2008-10-16 04:37:03 ----A---- C:\WINDOWS\system32\shdocvw.dll
2008-10-16 04:37:03 ----A---- C:\WINDOWS\system32\mshtmled.dll
2008-10-16 04:37:03 ----A---- C:\WINDOWS\system32\jsproxy.dll
2008-10-16 04:37:02 ----A---- C:\WINDOWS\system32\pngfilt.dll
2008-10-16 04:37:02 ----A---- C:\WINDOWS\system32\mstime.dll
2008-10-16 04:37:02 ----A---- C:\WINDOWS\system32\msrating.dll
2008-10-16 04:37:02 ----A---- C:\WINDOWS\system32\inseng.dll
2008-10-16 04:37:02 ----A---- C:\WINDOWS\system32\iepeers.dll
2008-10-16 04:37:02 ----A---- C:\WINDOWS\system32\extmgr.dll
2008-10-16 04:37:02 ----A---- C:\WINDOWS\system32\dxtrans.dll
2008-10-16 04:37:02 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2008-10-16 04:37:02 ----A---- C:\WINDOWS\system32\danim.dll
2008-10-16 04:37:02 ----A---- C:\WINDOWS\system32\cdfview.dll
2008-10-15 10:57:55 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-15 08:00:41 ----A---- C:\WINDOWS\system32\xpsp3res.dll
2008-10-14 15:23:06 ----RSD---- C:\WINDOWS\Fonts
2008-10-14 15:20:40 ----D---- C:\Program Files\Common Files\Microsoft Shared

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-01-03 324872]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-01-03 27656]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-01-03 107272]
R1 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2008-11-28 66952]
R1 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2008-11-28 81288]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.6.0.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-07-02 21425]
R2 BASFND;BASFND; \??\C:\WINDOWS\system32\Drivers\BASFND.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2007-02-21 12416]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2006-05-10 156160]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 GTIPCI21;GTIPCI21; C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2006-04-06 88192]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS [2005-05-03 1033728]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2005-05-03 208384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-09-15 1173468]
R3 STAC97;SigmaTel C-Major Audio; C:\WINDOWS\system32\drivers\STAC97.sys [2005-03-10 273168]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 w29n51;Intel® PRO/Wireless 2915ABG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2007-02-08 2209408]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-05-03 705408]
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2009-01-05 85969]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\drivers\UIUSys.sys []
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-01-03 298264]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-02-21 643072]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-03 152984]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-02-21 327680]
R2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2007-02-21 983040]
S4 BAsfIpM;Broadcom ASF IP monitoring service v6.0.4; C:\WINDOWS\system32\basfipm.exe [2004-04-01 77824]
S4 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-28 168432]
S4 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]
S4 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2008-11-28 1079176]
S4 WLANKEEPER;Intel® PROSet/Wireless SSO Service; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2007-02-21 294912]

-----------------EOF-----------------

Thank you!

#8
fenzodahl512

Posted 05 January 2009 - 09:02 PM

Malware Removal
9,863 posts

Please re-open HijackThis and click on Do a system scan only. Check the boxes next to all the entries listed below.

O4 - HKUS\S-1-5-19\..\Run: [nohemipola] Rundll32.exe "C:\WINDOWS\system32\yeneriho.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [nohemipola] Rundll32.exe "C:\WINDOWS\system32\yeneriho.dll",s (User 'NETWORK SERVICE')

Now close all windows other than HijackThis, then click Fix checked. Close HijackThis.

NEXT

Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

NEXT

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.

Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Scan
Wait for the scan to finish
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

Post these logs in your next reply..

1. Malwarebytes'
2. ESET Online Scanner
3. Tell me, how is the computer now?

#9
diannalcw

Posted 06 January 2009 - 02:43 PM

Member

Topic Starter
Member
12 posts

Malwarebytes' Anti-Malware 1.32
Database version: 1625
Windows 5.1.2600 Service Pack 2

1/6/2009 2:39:51 PM
mbam-log-2009-01-06 (14-39-51).txt

Scan type: Full Scan (C:\|)
Objects scanned: 62970
Time elapsed: 15 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#10
diannalcw

Posted 06 January 2009 - 03:28 PM

Member

Topic Starter
Member
12 posts

# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3744 (20090106)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=191abd3ec6ff6241bf5b0fa33862f1dd
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2009-01-06 09:23:45
# local_time=2009-01-06 03:23:45 (-0600, Central Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=211337
# found=0
# scan_time=1023

#11
diannalcw

Posted 06 January 2009 - 03:33 PM

Member

Topic Starter
Member
12 posts

Thank you so much for all of your help. I am going to click on your donate button.

Best!

Dianna

#12
fenzodahl512

Posted 06 January 2009 - 11:08 PM

Malware Removal
9,863 posts

Thank you

Now, lets do some cleanup..

Please download OTCleanIt and save it to Desktop.

Make sure you have internet connection..
Double-click OTCleanIt.exe
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes

Please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware

Please reply to this thread once more and tell us about the computer behaviour before we can close this thread

Have a safe and happy computing day!

Regards
fenzodahl512

#13
diannalcw

Posted 08 January 2009 - 09:50 PM

Member

Topic Starter
Member
12 posts

Thank you

Now, lets do some cleanup..

Please download OTCleanIt and save it to Desktop.
Make sure you have internet connection..
Double-click OTCleanIt.exe
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes

Please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware

Please reply to this thread once more and tell us about the computer behaviour before we can close this thread

Have a safe and happy computing day!

Regards
fenzodahl512

#14
diannalcw

Posted 08 January 2009 - 09:52 PM

Member

Topic Starter
Member
12 posts

The computer is working great! I don't notice anything at all wrong with it!

Thank you!!!!!!!

#15
fenzodahl512

Posted 09 January 2009 - 06:34 AM

Malware Removal
9,863 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.