|
| |||||||
 |
 |
| | Thread Tools |
|
#1
8th Mar 2009, 18:32
| |||
| |||
| The TROJAN.VUNDO.H is IMPOSSIBLE to Get Rid Of!!! Please Help :) ? Ok so I run malwarebytes, which is excellent in my opinion. But it has detected TROJAN.VUNDO.H for about 2 months now. I cant get rid of it! So I found this post, I almost have the same problem as this guy: http://www.computer-juice.com/forums...vundo-h-19720/ So I assume I should take the same steps as him and post my results. Thank you if you are reading this :) |
|
#2
8th Mar 2009, 19:58
| |||
| |||
| The TROJAN.VUNDO.H is IMPOSSIBLE to Get Rid Of!!! Please Help :) ? Ok looks like I am not allowed to attach a TXT file, so here are the 2 logs MalwareBytes and hijackthis logs: Malwarebytes' Anti-Malware 1.34 Database version: 1827 Windows 5.1.2600 Service Pack 3 3/8/2009 7:27:06 PM mbam-log-2009-03-08 (19-27-02).txt Scan type: Full Scan (A:\|C:\|D:\|) Objects scanned: 143404 Time elapsed: 43 minute(s), 21 second(s) Memory Processes Infected: 0 Memory Modules Infected: 2 Registry Keys Infected: 3 Registry Values Infected: 1 Registry Data Items Infected: 3 Folders Infected: 0 Files Infected: 3 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\WINDOWS\system32\hoviwifo.dll (Trojan.Vundo.H) -> No action taken. C:\WINDOWS\system32\topahola.dll (Trojan.Vundo.H) -> No action taken. Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{cfad96da-2132-40f8-b075-f7f77213274e} (Trojan.Vundo.H) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{cfad96da-2132-40f8-b075-f7f77213274e} (Trojan.Vundo.H) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{cfad96da-2132-40f8-b075-f7f77213274e} (Trojan.Vundo.H) -> No action taken. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\wusimeyuti (Trojan.Vundo.H) -> No action taken. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\topahola.dll -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\topahola.dll -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\topahola.dll -> No action taken. Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\hoviwifo.dll (Trojan.Vundo.H) -> No action taken. C:\WINDOWS\system32\topahola.dll (Trojan.Vundo.H) -> No action taken. C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\B0I3URS1\cntr[1] (Trojan.Vundo.H) -> No action taken. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:29:36 PM, on 3/8/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\lxddcoms.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe c:\WINDOWS\system32\ZuneBusEnum.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Zune\ZuneLauncher.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 9.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\hphmon05.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\AVG\AVG8\avgscanx.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\sw g.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O2 - BHO: (no name) - {cfad96da-2132-40f8-b075-f7f77213274e} - C:\WINDOWS\system32\hoviwifo.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [BtcMaestro] C:\Program Files\KMaestro\KMaestro.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 9.exe O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe O4 - HKLM\..\Run: [LXDDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtim e.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [wusimeyuti] Rundll32.exe "C:\WINDOWS\system32\nenanizo.dll",s O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-18\..\Run: [msiexec.exe] msiconf.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [msiexec.exe] msiconf.exe (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: *.antimalwareguard.com O15 - Trusted Zone: *.gomyhit.com O15 - Trusted Zone: *.antimalwareguard.com (HKLM) O15 - Trusted Zone: *.gomyhit.com (HKLM) O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab2.cab O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players...stallAsst2.cab O16 - DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} (Enlite 2.x Simulation Engine Installer) - http://myitlab.pearsoned.com/Pegasus...es/ax/stub.cab O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: qenvsr.dll,C:\WINDOWS\system32\topahola.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe -- End of file - 8183 bytes |
|
#3
8th Mar 2009, 20:09
| |||
| |||
| The TROJAN.VUNDO.H is IMPOSSIBLE to Get Rid Of!!! Please Help :) ? Everything in the MBAM log says No action taken. It doesn't do any good unless you let it fix what it finds.
__________________  |
|
#4
8th Mar 2009, 21:32
| |||
| |||
| The TROJAN.VUNDO.H is IMPOSSIBLE to Get Rid Of!!! Please Help :) ? Wow that was dumb of me. Oh and a side note, these infections always come back even if it says it was deleted. Here ya go: Malwarebytes' Anti-Malware 1.34 Database version: 1827 Windows 5.1.2600 Service Pack 3 3/8/2009 9:18:07 PM mbam-log-2009-03-08 (21-18-07).txt Scan type: Full Scan (A:\|C:\|D:\|) Objects scanned: 143404 Time elapsed: 43 minute(s), 21 second(s) Memory Processes Infected: 0 Memory Modules Infected: 2 Registry Keys Infected: 3 Registry Values Infected: 1 Registry Data Items Infected: 3 Folders Infected: 0 Files Infected: 3 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\WINDOWS\system32\hoviwifo.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\topahola.dll (Trojan.Vundo.H) -> Delete on reboot. Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{cfad96da-2132-40f8-b075-f7f77213274e} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{cfad96da-2132-40f8-b075-f7f77213274e} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{cfad96da-2132-40f8-b075-f7f77213274e} (Trojan.Vundo.H) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\wusimeyuti (Trojan.Vundo.H) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\topahola.dll -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\topahola.dll -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\topahola.dll -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\hoviwifo.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\topahola.dll (Trojan.Vundo.H) -> Delete on reboot. C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\B0I3URS1\cntr[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully. |
|
#5
9th Mar 2009, 05:05
| |||
| |||
| The TROJAN.VUNDO.H is IMPOSSIBLE to Get Rid Of!!! Please Help :) ? Download random's system information tool (RSIT) by random/random from and save it to your Desktop.
__________________ |
|
#6
9th Mar 2009, 13:24
| |||
| |||
| The TROJAN.VUNDO.H is IMPOSSIBLE to Get Rid Of!!! Please Help :) ? Thank you for the response :) Here are the logs: Logfile of random's system information tool 1.05 (written by random/random) Run by Owner at 2009-03-09 14:20:29 Microsoft Windows XP Home Edition Service Pack 3 System drive C: has 40 GB (26%) free of 153 GB Total RAM: 3070 MB (73% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:20:47 PM, on 3/9/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\lxddcoms.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe c:\WINDOWS\system32\ZuneBusEnum.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Zune\ZuneLauncher.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 9.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\hphmon05.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\system32\HPZipm12.exe c:\Program Files\Zune\zune.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\Owner\Desktop\RSIT.exe C:\Program Files\Trend Micro\HijackThis\Owner.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\sw g.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O2 - BHO: (no name) - {cfad96da-2132-40f8-b075-f7f77213274e} - C:\WINDOWS\system32\hoviwifo.dll (file missing) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [BtcMaestro] C:\Program Files\KMaestro\KMaestro.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 9.exe O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe O4 - HKLM\..\Run: [LXDDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtim e.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [wusimeyuti] Rundll32.exe "C:\WINDOWS\system32\nenanizo.dll",s O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [wusimeyuti] Rundll32.exe "C:\WINDOWS\system32\nenanizo.dll",s (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-18\..\Run: [msiexec.exe] msiconf.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [msiexec.exe] msiconf.exe (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: *.antimalwareguard.com O15 - Trusted Zone: *.gomyhit.com O15 - Trusted Zone: *.antimalwareguard.com (HKLM) O15 - Trusted Zone: *.gomyhit.com (HKLM) O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab2.cab O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players...stallAsst2.cab O16 - DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} (Enlite 2.x Simulation Engine Installer) - http://myitlab.pearsoned.com/Pegasus...es/ax/stub.cab O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: qenvsr.dll,C:\WINDOWS\system32\topahola.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe -- End of file - 8361 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\ggogpupo.job C:\WINDOWS\tasks\HP Usg Daily.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}] AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-01-31 1078552] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-31 320920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-02-08 251504] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\sw g.dll [2009-02-11 657904] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}] Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2009-02-08 522224] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{cfad96da-2132-40f8-b075-f7f77213274e}] C:\WINDOWS\system32\hoviwifo.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-31 34816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-31 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-02-08 251504] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-02 13529088] "nwiz"=nwiz.exe /install [] "SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536] "BtcMaestro"=C:\Program Files\KMaestro\KMaestro.exe [] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-01-31 136600] "Zune Launcher"=c:\Program Files\Zune\ZuneLauncher.exe [2008-11-10 157312] "AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-01-31 1601304] "HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\ 3\hpztsb09.exe [2004-05-04 176128] "HPHUPD05"=C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe [2004-03-31 49152] "HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2003-12-22 241664] "HP Software Update"=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [2003-12-05 49152] "HPHmon05"=C:\WINDOWS\system32\hphmon05.exe [2004-05-04 491520] "LXDDCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtim e.dll [] "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696] "wusimeyuti"=C:\WINDOWS\system32\nenanizo.dll [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\RunOnce] "Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-02-11 399504] "Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-02-11 1273488] [HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe [2008-05-17 68856] "igndlm.exe"=C:\Program Files\Download Manager\DLM.exe [2008-08-01 1103216] "msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer] C:\Program Files\Lexmark Fax Solutions\fm3032.exe /s [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxddamon] C:\Program Files\Lexmark 2500 Series\lxddamon.exe [2007-02-05 20480] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxddmon.exe] C:\Program Files\Lexmark 2500 Series\lxddmon.exe [2007-02-12 291760] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] C:\WINDOWS\system32\NvMcTray.dll [2008-05-02 86016] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="qenvsr.dll,C:\WINDOWS\system32\top ahola.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter] C:\WINDOWS\system32\avgrsstx.dll [2009-01-31 10520] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Lsa] "notification packages"=scecli C:\WINDOWS\system32\topahola.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\Wdf01000.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32 \sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Actiontec\BroadBand\gwconfig.exe"="C:\Progra m Files\Actiontec\BroadBand\gwconfig.exe:*:Enabled:m onitor" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Wyzo\wyzo.exe"="C:\Program Files\Wyzo\wyzo.exe:*:Enabled:Wyzo" "C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent" "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire" "C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager" "C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe"="C:\Pr ogram Files\Sony\Station\LaunchPad\LaunchPad.exe:*:Enabl ed:LaunchPad" "C:\Documents and Settings\Owner\Desktop\wowclient-downloader(2).exe"="C:\Documents and Settings\Owner\Desktop\wowclient-downloader(2).exe:*:Enabled:Blizzard Downloader" "C:\Documents and Settings\Owner\Desktop\WoW-BurningCrusade-enUS-Installer-downloader.exe"="C:\Documents and Settings\Owner\Desktop\WoW-BurningCrusade-enUS-Installer-downloader.exe:*:Enabled:Blizzard Downloader" "C:\Program Files\PlayOnline\SquareEnix\PlayOnlineViewer\pol.e xe"="C:\Program Files\PlayOnline\SquareEnix\PlayOnlineViewer\pol.e xe:*:Enabled:PlayOnline Viewer" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\sys tem32\PnkBstrA.exe:*:Enabled:PnkBstrA" "C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\sys tem32\PnkBstrB.exe:*:Enabled:PnkBstrB" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\Program Files\Curse\CurseClient.exe"="C:\Program Files\Curse\CurseClient.exe:*:Enabled:Curse Client" "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\syst em32\logonui.exe:*:Enabled:LogonUI" "C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe" "C:\Documents and Settings\Owner\Local Settings\Temp\Blizzard Launcher Temporary - 3de9d780\Launcher.exe"="C:\Documents and Settings\Owner\Local Settings\Temp\Blizzard Launcher Temporary - 3de9d780\Launcher.exe:*:Enabled:Blizzard Launcher" "C:\WINDOWS\system32\lxddcoms.exe"="C:\WINDOWS\sys tem32\lxddcoms.exe:*:Enabled:2500 Series Server" "C:\Program Files\Lexmark 2500 Series\App4R.exe"="C:\Program Files\Lexmark 2500 Series\App4R.exe:*:Enabled: " "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"="C:\Program Files\Lexmark 2500 Series\lxddamon.exe:*:Disabled:Device Monitor Appliaction" "C:\Documents and Settings\Owner\Local Settings\Temp\Blizzard Launcher Temporary - ad59ac20\Launcher.exe"="C:\Documents and Settings\Owner\Local Settings\Temp\Blizzard Launcher Temporary - ad59ac20\Launcher.exe:*:Enabled:Blizzard Launcher" "C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe :*:Enabled:Explorer" "C:\Program Files\Windows Media Player\wmplayer.exe"="C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:wmplayer" [HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32 \sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\Program Files\Lexmark 2500 Series\app4r.exe"="C:\Program Files\Lexmark 2500 Series\app4r.exe:*:Enabled:BorgListener" ======List of files/folders created in the last 3 months====== 2009-03-09 14:20:29 ----D---- C:\rsit 2009-03-09 01:10:06 ----SH---- C:\WINDOWS\system32\vamomino.dll 2009-03-09 01:09:44 ----SH---- C:\WINDOWS\system32\nayuvaku.dll 2009-03-09 01:09:43 ----SH---- C:\WINDOWS\system32\nagohuwo.dll 2009-03-08 21:18:18 ----A---- C:\WINDOWS\ndlxebb.txt 2009-03-08 19:28:47 ----D---- C:\Program Files\Trend Micro 2009-03-08 13:10:00 ----SH---- C:\WINDOWS\system32\taviduwa.dll 2009-03-08 13:09:39 ----SH---- C:\WINDOWS\system32\zenufiwu.dll 2009-03-08 13:09:39 ----SH---- C:\WINDOWS\system32\reteleza.dll 2009-02-25 04:00:25 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$ 2009-02-25 04:00:18 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$ 2009-02-11 04:00:44 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$ 2009-01-31 04:02:03 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$ 2009-01-31 04:01:52 ----D---- C:\Program Files\MSXML 4.0 2009-01-31 00:45:01 ----A---- C:\WINDOWS\system32\deploytk.dll 2009-01-31 00:36:57 ----A---- C:\WINDOWS\system32\avgrsstx.dll 2009-01-30 23:41:56 ----D---- C:\WINDOWS\pss 2009-01-30 23:36:22 ----D---- C:\Program Files\Lx_cats 2009-01-30 23:35:37 ----A---- C:\WINDOWS\system32\lxddvs.dll 2009-01-30 23:35:32 ----A---- C:\WINDOWS\system32\lxddcoin.dll 2009-01-30 23:34:46 ----A---- C:\WINDOWS\system32\wiafbdrv.dll 2009-01-30 23:34:42 ----A---- C:\WINDOWS\system32\lxddcaps.dll 2009-01-30 23:34:41 ----A---- C:\WINDOWS\system32\lxdddrs.dll 2009-01-30 23:34:41 ----A---- C:\WINDOWS\system32\lxddcnv4.dll 2009-01-30 23:33:43 ----A---- C:\WINDOWS\system32\LXF3PMRC.DLL 2009-01-30 23:33:43 ----A---- C:\WINDOWS\system32\IMHOST32.DLL 2009-01-30 23:33:43 ----A---- C:\WINDOWS\system32\IMGMAN32.DLL 2009-01-30 23:33:33 ----D---- C:\Documents and Settings\All Users\Application Data\FaxCtr 2009-01-30 23:31:45 ----D---- C:\Program Files\Lexmark Fax Solutions 2009-01-30 23:31:35 ----A---- C:\WINDOWS\system32\lxddrwrd.ini 2009-01-30 23:31:08 ----D---- C:\Program Files\Abbyy FineReader 6.0 Sprint 2009-01-30 23:29:37 ----D---- C:\Program Files\Lexmark 2500 Series 2009-01-30 23:29:26 ----A---- C:\WINDOWS\system32\lxddutil.dll 2009-01-30 23:29:26 ----A---- C:\WINDOWS\system32\LXDDinst.dll 2009-01-30 23:29:26 ----A---- C:\WINDOWS\system32\lxddinpa.dll 2009-01-30 23:29:26 ----A---- C:\WINDOWS\system32\lxddiesc.dll 2009-01-30 23:29:26 ----A---- C:\WINDOWS\system32\LXDDhcp.dll 2009-01-30 23:29:25 ----A---- C:\WINDOWS\system32\lxddusb1.dll 2009-01-30 23:29:25 ----A---- C:\WINDOWS\system32\lxddserv.dll 2009-01-30 23:29:25 ----A---- C:\WINDOWS\system32\lxddprox.dll 2009-01-30 23:29:25 ----A---- C:\WINDOWS\system32\lxddpplc.dll 2009-01-30 23:29:25 ----A---- C:\WINDOWS\system32\lxddpmui.dll 2009-01-30 23:29:24 ----A---- C:\WINDOWS\system32\lxddlmpm.dll 2009-01-30 23:29:24 ----A---- C:\WINDOWS\system32\lxddjswr.dll 2009-01-30 23:29:24 ----A---- C:\WINDOWS\system32\lxddinsr.dll 2009-01-30 23:29:24 ----A---- C:\WINDOWS\system32\lxddinsb.dll 2009-01-30 23:29:24 ----A---- C:\WINDOWS\system32\lxddins.dll 2009-01-30 23:29:24 ----A---- C:\WINDOWS\system32\lxddih.exe 2009-01-30 23:29:24 ----A---- C:\WINDOWS\system32\lxddhbn3.dll 2009-01-30 23:29:23 ----A---- C:\WINDOWS\system32\lxddgrd.dll 2009-01-30 23:29:23 ----A---- C:\WINDOWS\system32\lxddgf.dll 2009-01-30 23:29:23 ----A---- C:\WINDOWS\system32\lxddcur.dll 2009-01-30 23:29:23 ----A---- C:\WINDOWS\system32\lxddcub.dll 2009-01-30 23:29:22 ----A---- C:\WINDOWS\system32\lxddcu.dll 2009-01-30 23:29:21 ----A---- C:\WINDOWS\system32\lxddcoms.exe 2009-01-30 23:29:21 ----A---- C:\WINDOWS\system32\lxddcomm.dll 2009-01-30 23:29:21 ----A---- C:\WINDOWS\system32\lxddcomc.dll 2009-01-30 23:29:21 ----A---- C:\WINDOWS\system32\lxddcfg.exe 2009-01-30 23:29:20 ----A---- C:\WINDOWS\system32\lxddcfg.dll 2009-01-18 16:44:31 ----RA---- C:\WINDOWS\system32\MSXML4r.dll 2009-01-18 16:44:31 ----RA---- C:\WINDOWS\system32\MSXML4a.dll 2009-01-18 16:44:31 ----RA---- C:\WINDOWS\system32\hpvcr70.dll 2009-01-18 16:44:31 ----RA---- C:\WINDOWS\system32\hpvcp70.dll 2009-01-18 16:44:31 ----RA---- C:\WINDOWS\system32\hpvaut32.dll 2009-01-18 16:43:14 ----A---- C:\WINDOWS\system32\HPZisn12.dll 2009-01-18 16:43:14 ----A---- C:\WINDOWS\system32\HPZipt12.dll 2009-01-18 16:43:14 ----A---- C:\WINDOWS\system32\HPZipr12.dll 2009-01-18 16:43:14 ----A---- C:\WINDOWS\system32\HPZipm12.exe 2009-01-18 16:43:14 ----A---- C:\WINDOWS\system32\HPZinw12.exe 2009-01-18 16:43:13 ----D---- C:\Program Files\HP 2009-01-18 16:43:13 ----A---- C:\WINDOWS\system32\HPZidr12.dll 2009-01-18 16:43:09 ----A---- C:\WINDOWS\IsUninst.exe 2009-01-18 16:41:15 ----D---- C:\Program Files\Hewlett-Packard 2009-01-12 19:56:09 ----A---- C:\WINDOWS\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.0.1600.22.dll 2009-01-12 19:56:04 ----A---- C:\WINDOWS\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.0.1600.22.dll 2009-01-12 19:55:34 ----D---- C:\WINDOWS\system32\RsFx 2009-01-12 19:54:56 ----D---- C:\Program Files\MSXML 6.0 2009-01-12 19:50:31 ----HDC---- C:\WINDOWS\$NtUninstallKB942288-v3$ 2009-01-12 19:50:20 ----D---- C:\Program Files\Microsoft SQL Server 2009-01-12 19:50:15 ----D---- C:\Program Files\Microsoft Synchronization Services 2009-01-12 19:50:15 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition 2009-01-12 19:48:21 ----D---- C:\Program Files\Microsoft Visual Studio 9.0 2009-01-12 19:48:03 ----D---- C:\Program Files\Microsoft SDKs 2009-01-12 19:46:27 ----D---- C:\c08128ae44b12d3c3b 2009-01-07 00:15:27 ----A---- C:\WINDOWS\ntbtlog.txt 2009-01-06 23:54:24 ----HD---- C:\$AVG8.VAULT$ 2009-01-06 23:50:33 ----D---- C:\Program Files\AVG 2009-01-06 23:50:33 ----D---- C:\Documents and Settings\All Users\Application Data\avg8 2009-01-06 23:39:05 ----D---- C:\Program Files\Spybot - Search & Destroy 2009-01-06 23:39:05 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-12-31 01:22:42 ----D---- C:\Documents and Settings\Owner\Application Data\Malwarebytes 2008-12-31 01:22:37 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2008-12-31 01:22:37 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-12-31 00:37:25 ----A---- C:\WINDOWS\system32\ab72c757-.txt 2008-12-11 04:02:40 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$ 2008-12-11 04:01:09 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$ 2008-12-11 04:00:45 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$ 2008-12-11 04:00:40 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$ ======List of files/folders modified in the last 3 months====== 2009-03-09 14:20:17 ----D---- C:\WINDOWS\Prefetch 2009-03-09 14:17:05 ----D---- C:\WINDOWS\Temp 2009-03-09 14:16:43 ----D---- C:\WINDOWS\system32 2009-03-09 13:41:42 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater 2009-03-08 21:18:18 ----D---- C:\WINDOWS\system32\drivers 2009-03-08 21:18:18 ----D---- C:\WINDOWS 2009-03-08 19:28:47 ----RD---- C:\Program Files 2009-03-08 19:27:30 ----D---- C:\Program Files\Mozilla Firefox 2009-03-03 18:23:06 ----D---- C:\Program Files\World of Warcraft 2009-02-27 15:08:02 ----D---- C:\WINDOWS\system32\CatRoot2 2009-02-26 20:44:01 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-02-26 04:00:20 ----SHD---- C:\WINDOWS\Installer 2009-02-26 04:00:18 ----D---- C:\Program Files\Microsoft Silverlight 2009-02-25 15:28:57 ----D---- C:\Documents and Settings\Owner\Application Data\U3 2009-02-25 04:00:37 ----HD---- C:\WINDOWS\inf 2009-02-25 04:00:36 ----D---- C:\WINDOWS\system32\CatRoot 2009-02-25 04:00:30 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-02-25 04:00:24 ----A---- C:\WINDOWS\imsins.BAK 2009-02-24 17:09:03 ----HD---- C:\WINDOWS\$hf_mig$ 2009-02-23 13:04:29 ----D---- C:\Documents and Settings\Owner\Application Data\LimeWire 2009-02-23 12:54:15 ----D---- C:\Documents and Settings\Owner\Application Data\uTorrent 2009-02-14 19:30:54 ----SHD---- C:\RECYCLER 2009-02-11 04:09:33 ----D---- C:\Program Files\Internet Explorer 2009-02-11 04:08:19 ----D---- C:\Program Files\Google 2009-02-11 04:01:14 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2009-02-08 01:18:34 ----D---- C:\Documents and Settings\All Users\Application Data\Google 2009-01-31 04:07:56 ----D---- C:\WINDOWS\security 2009-01-31 04:01:54 ----D---- C:\WINDOWS\WinSxS 2009-01-31 00:50:45 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-01-31 00:44:50 ----A---- C:\WINDOWS\system32\javaws.exe 2009-01-31 00:44:50 ----A---- C:\WINDOWS\system32\javaw.exe 2009-01-31 00:44:50 ----A---- C:\WINDOWS\system32\java.exe 2009-01-31 00:44:47 ----D---- C:\Program Files\Java 2009-01-30 23:54:18 ----RSH---- C:\boot.ini 2009-01-30 23:54:18 ----A---- C:\WINDOWS\win.ini 2009-01-30 23:54:18 ----A---- C:\WINDOWS\system.ini 2009-01-18 16:44:42 ----SD---- C:\WINDOWS\Tasks 2009-01-18 16:44:36 ----SD---- C:\Documents and Settings\Owner\Application Data\Microsoft 2009-01-16 22:35:14 ----A---- C:\WINDOWS\system32\mshtml.dll 2009-01-15 18:20:06 ----D---- C:\Documents and Settings\Owner\Application Data\Mozilla 2009-01-12 20:17:25 ----D---- C:\WINDOWS\Microsoft.NET 2009-01-12 20:17:23 ----RSD---- C:\WINDOWS\assembly 2009-01-12 19:55:02 ----D---- C:\Program Files\Common Files\Microsoft Shared 2009-01-12 19:54:54 ----D---- C:\WINDOWS\system32\1033 2009-01-12 19:54:47 ----D---- C:\Program Files\Microsoft.NET 2009-01-12 19:50:18 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft 2009-01-12 19:47:08 ----D---- C:\WINDOWS\system32\XPSViewer 2009-01-12 19:47:07 ----D---- C:\WINDOWS\system32\en-US 2009-01-12 19:47:04 ----RSD---- C:\WINDOWS\Fonts 2009-01-07 00:15:40 ----D---- C:\Documents and Settings 2009-01-01 02:58:53 ----D---- C:\WINDOWS\system32\LogFiles 2008-12-27 12:49:04 ----D---- C:\Program Files\Windows Live 2008-12-20 17:15:41 ----A---- C:\WINDOWS\system32\wininet.dll 2008-12-20 17:15:40 ----A---- C:\WINDOWS\system32\webcheck.dll 2008-12-20 17:15:40 ----A---- C:\WINDOWS\system32\urlmon.dll 2008-12-20 17:15:39 ----A---- C:\WINDOWS\system32\url.dll 2008-12-20 17:15:38 ----A---- C:\WINDOWS\system32\pngfilt.dll 2008-12-20 17:15:38 ----A---- C:\WINDOWS\system32\occache.dll 2008-12-20 17:15:32 ----A---- C:\WINDOWS\system32\mstime.dll 2008-12-20 17:15:31 ----A---- C:\WINDOWS\system32\msrating.dll 2008-12-20 17:15:30 ----A---- C:\WINDOWS\system32\mshtmled.dll 2008-12-20 17:15:24 ----A---- C:\WINDOWS\system32\msfeedsbs.dll 2008-12-20 17:15:23 ----A---- C:\WINDOWS\system32\msfeeds.dll 2008-12-20 17:15:23 ----A---- C:\WINDOWS\system32\jsproxy.dll 2008-12-20 17:15:22 ----A---- C:\WINDOWS\system32\iertutil.dll 2008-12-20 17:15:21 ----A---- C:\WINDOWS\system32\iernonce.dll 2008-12-20 17:15:21 ----A---- C:\WINDOWS\system32\ieframe.dll 2008-12-20 17:15:16 ----A---- C:\WINDOWS\system32\iedkcs32.dll 2008-12-20 17:15:15 ----A---- C:\WINDOWS\system32\ieapfltr.dll 2008-12-20 17:15:14 ----A---- C:\WINDOWS\system32\ieaksie.dll 2008-12-20 17:15:14 ----A---- C:\WINDOWS\system32\ieakeng.dll 2008-12-20 17:15:13 ----A---- C:\WINDOWS\system32\icardie.dll 2008-12-20 17:15:13 ----A---- C:\WINDOWS\system32\extmgr.dll 2008-12-20 17:15:13 ----A---- C:\WINDOWS\system32\dxtrans.dll 2008-12-20 17:15:12 ----A---- C:\WINDOWS\system32\dxtmsft.dll 2008-12-20 17:15:11 ----A---- C:\WINDOWS\system32\advpack.dll 2008-12-19 03:10:15 ----A---- C:\WINDOWS\system32\ieudinit.exe 2008-12-19 03:10:15 ----A---- C:\WINDOWS\system32\ie4uinit.exe 2008-12-18 23:23:56 ----A---- C:\WINDOWS\system32\ieakui.dll ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2009-01-18 43672] R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-05-10 36864] R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-01-31 325128] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-01-31 27656] R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592] R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856] R2 zumbus;Zune Bus Enumerator Driver; C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-09-12 40832] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-01-24 4127488] R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160] R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-12 5810] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-02 6554496] R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-04-14 34176] R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-04-14 13056] R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288] R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152] R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008] S1 seneka;seneka; C:\WINDOWS\system32\drivers\senekaqfbksrhx.sys [] S2 npkcrypt;npkcrypt; \??\C:\Nexon\MapleStory\npkcrypt.sys [] S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-03-17 51088] S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-03-17 16496] S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-03-17 21744] S3 npkcusb;npkcusb; \??\C:\Nexon\MapleStory\npkcusb.sys [] S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS [] S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 WinUSB;WinUSB; C:\WINDOWS\system32\DRIVERS\WinUSB.sys [2006-11-02 39368] S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] S4 RsFx0102;RsFx0102 Driver; C:\WINDOWS\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336] R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-01-31 298264] R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-09 168432] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-31 152984] R2 lxdd_device;lxdd_device; C:\WINDOWS\system32\lxddcoms.exe [2007-02-12 537520] R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2008-07-10 40999448] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-02 159812] R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-08-12 66872] R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-07-10 98840] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336] R2 ZuneBusEnum;Zune Bus Enumerator; c:\WINDOWS\system32\ZuneBusEnum.exe [2008-11-10 60032] R3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-03-18 65536] R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspn et_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\Presen tationFontCache.exe [2008-07-29 46104] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336] S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240] S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408] S3 ZuneNetworkSvc;Zune Network Sharing Service; c:\Program Files\Zune\ZuneNss.exe [2008-11-10 5117568] S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service; c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-11-10 243840] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-10 47128] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-10 369688] S4 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-07-10 258072] -----------------EOF----------------- |
|
#7
9th Mar 2009, 13:25
| |||
| |||
| The TROJAN.VUNDO.H is IMPOSSIBLE to Get Rid Of!!! Please Help :) ? 2nd file, info.txt info.txt logfile of random's system information tool 1.05 2009-03-09 14:20:49 ======Uninstall list====== -->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419} ABBYY FineReader 6.0 Sprint-->MsiExec.exe /X{ACF60000-22B9-4CE9-98D6-2CCF359BAC07} Actiontec Gateway/Router-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A4D490D0-CF24-47AB-B8B3-BE19366D80C8}\setup.exe" -l0x9 Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7} Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_acti veX.exe Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003} AutoIt v3.2.12.1-->C:\Program Files\AutoIt3\Uninstall.exe AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch-->C:\Program Files\InstallShield Installation Information\{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}\setup.exe -runfromtemp -l0x0409 Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch-->C:\Program Files\InstallShield Installation Information\{931C37FC-594D-43A9-B10F-A2F2B1F03498}\setup.exe -runfromtemp -l0x0409 DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN Download Manager 2.3.7-->C:\Program Files\Download Manager\uninst.exe Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0531C63A913 CC9D1.exe" /uninstall Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB945282)-->C:\WINDOWS\system32\msiexec.exe /package {A4418082-E601-3954-805B-D56A2B50EC8B} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB946040)-->C:\WINDOWS\system32\msiexec.exe /package {A4418082-E601-3954-805B-D56A2B50EC8B} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB946308)-->C:\WINDOWS\system32\msiexec.exe /package {A4418082-E601-3954-805B-D56A2B50EC8B} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB947540)-->C:\WINDOWS\system32\msiexec.exe /package {A4418082-E601-3954-805B-D56A2B50EC8B} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB947789)-->C:\WINDOWS\system32\msiexec.exe /package {A4418082-E601-3954-805B-D56A2B50EC8B} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe" Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spunin st.exe" Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spunin st.exe" Hotfix for Windows XP (KB932716-v2)-->"C:\WINDOWS\$NtUninstallKB932716-v2$\spuninst\spuninst.exe" Hotfix for Windows XP (KB942288-v3)-->"C:\WINDOWS\$NtUninstallKB942288-v3$\spuninst\spuninst.exe" Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spunin st.exe" Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spunin st.exe" HP Memories Disc-->MsiExec.exe /X{D35191B3-F340-4C11-A4E0-8B09477B4302} HP Software Update-->MsiExec.exe /X{DDA2B32F-EB16-4C96-A130-4E4A4C1E6B12} Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF} Java(TM) 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060} KeyMaestro Input Device Driver V2.0.W-127AC MUL-->C:\WINDOWS\system32\KmRemove.exe Lexmark 2500 Series-->C:\Program Files\Lexmark 2500 Series\Install\x86\Uninst.exe LimeWire 4.18.5-->"C:\Program Files\LimeWire\uninstall.exe" Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Upd ates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Upda tes\M928366\M928366Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microso ft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\sp uninst.exe" Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationA PIs$\spuninst\spuninst.exe" Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spunin st.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMa pping$\spuninst\spuninst.exe" Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE} Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE} Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE} Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE} Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE} Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE} Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE} Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE} Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE} Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE} Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE} Microsoft Office Ultimate 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ULTIMATER /dll OSETUP.DLL Microsoft Office Ultimate 2007-->MsiExec.exe /X{91120000-002E-0000-0000-0000000FF1CE} Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE} Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft SQL Server 2008 Browser-->MsiExec.exe /X{C688457E-03FD-4941-923B-A27F4D42A7DD} Microsoft SQL Server 2008 Common Files-->MsiExec.exe /I{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7} Microsoft SQL Server 2008 Common Files-->MsiExec.exe /I{4A6F34E2-09E5-4616-B227-4A26A488A6F9} Microsoft SQL Server 2008 Database Engine Services-->MsiExec.exe /I{58721EC3-8D4E-4B79-BC51-1054E2DDCD10} Microsoft SQL Server 2008 Database Engine Services-->MsiExec.exe /I{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2} Microsoft SQL Server 2008 Database Engine Shared-->MsiExec.exe /I{4815BD99-96A4-49FE-A885-DCF06E9E4E78} Microsoft SQL Server 2008 Database Engine Shared-->MsiExec.exe /I{F3494AB6-6900-41C6-AF57-823626827ED8} Microsoft SQL Server 2008 Management Objects-->MsiExec.exe /I{F5E87B12-3C27-452F-8E78-21D42164FD83} Microsoft SQL Server 2008 Native Client-->MsiExec.exe /I{D9D937B0-E842-4130-9588-B948E876904A} Microsoft SQL Server 2008 RsFx Driver-->MsiExec.exe /I{F1DC7648-8623-442F-92B7-E118DF61872E} Microsoft SQL Server 2008 Setup Support Files (English)-->MsiExec.exe /X{9D6D76A6-4328-49E8-97A7-531A74841DA5} Microsoft SQL Server 2008-->"c:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Release\x86\SetupARP.exe" /x86 Microsoft SQL Server 2008-->"c:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Release\x86\SetupARP.exe" /X86 Microsoft SQL Server Compact 3.5 SP1 Design Tools English-->MsiExec.exe /X{0C19D563-5F25-4621-BF10-01F741BD283F} Microsoft SQL Server Compact 3.5 SP1 English-->MsiExec.exe /I{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B} Microsoft SQL Server VSS Writer-->MsiExec.exe /I{B857D868-F8B0-43EE-BC2B-D9E5ED21F237} Microsoft User-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWudf01007$\spuninst\spuni nst.exe" Microsoft Visual C# 2008 Express Edition with SP1 - ENU-->C:\Program Files\Microsoft Visual Studio 9.0\Microsoft Visual C# 2008 Express Edition with SP1 - ENU\setup.exe Microsoft Visual C# 2008 Express Edition with SP1 - ENU-->MsiExec.exe /X{A4418082-E601-3954-805B-D56A2B50EC8B} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729-->MsiExec.exe /X{3C3D696B-0DB7-3C6D-A356-3DB8CE541918} Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu-->MsiExec.exe /X{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D} Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32-->MsiExec.exe /X{044F9133-B8D7-4d11-BF39-803FA20F5C8B} Microsoft WinUsb 1.0-->"C:\WINDOWS\$NtUninstallwinusb0100$\spuninst\spun inst.exe" Mozilla Firefox (3.0.7)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E} NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI Photosmart 140,240,7200,7600,7700,7900 Series-->C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\setup\hpzscr01.exe -datfile hphscr01.dat QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175} Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\ 50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85} Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7} Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2} Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B} Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4} Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77} Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85} Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F} Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC} Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C} Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe" Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\sp uninst.exe" Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\ spuninst.exe" Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\s puninst.exe" Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spunin st.exe" Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spunin st.exe" Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spunin st.exe" Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spunin st.exe" Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spunin st.exe" Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spunin st.exe" Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spunin st.exe" Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spunin st.exe" Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spunin st.exe" Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spunin st.exe" Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spunin st.exe" Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spunin st.exe" Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spunin st.exe" Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spunin st.exe" Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spunin st.exe" Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spunin st.exe" Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spunin st.exe" Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spunin st.exe" Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spunin st.exe" Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spunin st.exe" Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spunin st.exe" Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spunin st.exe" Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spunin st.exe" Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spunin st.exe" Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spunin st.exe" Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe" Sql Server Customer Experience Improvement Program-->MsiExec.exe /I{C965F01C-76EA-4BD7-973E-46236AE312D7} SQL Server System CLR Types-->MsiExec.exe /I{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490} System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756} Update for Office 2007 (KB946691)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278} Update for Outlook 2007 Junk Email Filter (kb959634)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {50C77E2F-5C1C-467D-9BC8-3CA07D28C9F2} Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spunin st.exe" Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spunin st.exe" Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spunin st.exe" Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F} Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (04/28/2006 1.3.1.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B 6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_9EA6D2FA46FEFFB 7011ED0B6015B626D07F1EEF7\amdk8.inf Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320} Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0} Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuni nst.exe" Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst. exe" Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840} Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spu ninst.exe" World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe XP Codec Pack-->C:\Program Files\XP Codec Pack\Uninstall.exe Zune Language Pack (ES)-->MsiExec.exe /X{EE4ACABF-531E-419A-9225-B8E0FA4955AF} Zune Language Pack (FR)-->MsiExec.exe /X{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3} Zune-->c:\Program Files\Zune\ZuneSetup.exe /x Zune-->MsiExec.exe /X{FF70513F-E3A7-402F-84FB-B7810A064BE2} ======Hosts File====== 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com ======Security center information====== AV: AVG Anti-Virus Free System event log Computer Name: MATT-298F8A5215 Event Code: 18 Message: Installation Ready: The following updates are downloaded and ready for installation. This computer is currently scheduled to install these updates on Sunday, November 02, 2008 at 3:00 AM: - Security Update for the 2007 Microsoft Office System (KB936514) - Security Update for Microsoft Office system 2007 (KB951808) - Security Update for Microsoft Office Excel 2007 (KB955470) - Update for Office 2007 (KB934393) - Security Update for Microsoft Office OneNote 2007 (KB950130) - Security Update for Microsoft Office PowerPoint 2007 (KB951338) - Security Update for 2007 Microsoft Office System (KB955936) - Security Update for Microsoft Office Publisher 2007 (KB950114) - Security Update for the 2007 Microsoft Office System (KB951944) - Security Update for Microsoft Office Word 2007 (KB950113) - Security Update for Microsoft Office Outlook 2007 (KB946983) - Security Update for the 2007 Microsoft Office System (KB954326) - Update for Office 2007 (KB934391) Record Number: 6034 Source Name: Windows Update Agent Time Written: 20081101210004.000000-420 Event Type: information User: Computer Name: MATT-298F8A5215 Event Code: 18 Message: Installation Ready: The following updates are downloaded and ready for installation. This computer is currently scheduled to install these updates on Sunday, November 02, 2008 at 3:00 AM: - Security Update for the 2007 Microsoft Office System (KB936514) - Security Update for Microsoft Office system 2007 (KB951808) - Security Update for Microsoft Office Excel 2007 (KB955470) - Update for Office 2007 (KB934393) - Security Update for Microsoft Office OneNote 2007 (KB950130) - Security Update for Microsoft Office PowerPoint 2007 (KB951338) - Security Update for 2007 Microsoft Office System (KB955936) - Security Update for Microsoft Office Publisher 2007 (KB950114) - Security Update for the 2007 Microsoft Office System (KB951944) - Security Update for Microsoft Office Word 2007 (KB950113) - Security Update for Microsoft Office Outlook 2007 (KB946983) - Security Update for the 2007 Microsoft Office System (KB954326) Record Number: 6033 Source Name: Windows Update Agent Time Written: 20081101205959.000000-420 Event Type: information User: Computer Name: MATT-298F8A5215 Event Code: 18 Message: Installation Ready: The following updates are downloaded and ready for installation. This computer is currently scheduled to install these updates on Sunday, November 02, 2008 at 3:00 AM: - Security Update for the 2007 Microsoft Office System (KB936514) - Security Update for Microsoft Office system 2007 (KB951808) - Security Update for Microsoft Office Excel 2007 (KB955470) - Update for Office 2007 (KB934393) - Security Update for Microsoft Office OneNote 2007 (KB950130) - Security Update for Microsoft Office PowerPoint 2007 (KB951338) - Security Update for 2007 Microsoft Office System (KB955936) - Security Update for Microsoft Office Publisher 2007 (KB950114) - Security Update for the 2007 Microsoft Office System (KB951944) - Security Update for Microsoft Office Word 2007 (KB950113) - Security Update for Microsoft Office Outlook 2007 (KB946983) Record Number: 6032 Source Name: Windows Update Agent Time Written: 20081101205959.000000-420 Event Type: information User: Computer Name: MATT-298F8A5215 Event Code: 18 Message: Installation Ready: The following updates are downloaded and ready for installation. This computer is currently scheduled to install these updates on Sunday, November 02, 2008 at 3:00 AM: - Security Update for the 2007 Microsoft Office System (KB936514) - Security Update for Microsoft Office system 2007 (KB951808) - Security Update for Microsoft Office Excel 2007 (KB955470) - Update for Office 2007 (KB934393) - Security Update for Microsoft Office OneNote 2007 (KB950130) - Security Update for Microsoft Office PowerPoint 2007 (KB951338) - Security Update for 2007 Microsoft Office System (KB955936) - Security Update for Microsoft Office Publisher 2007 (KB950114) - Security Update for the 2007 Microsoft Office System (KB951944) - Security Update for Microsoft Office Word 2007 (KB950113) Record Number: 6031 Source Name: Windows Update Agent Time Written: 20081101205950.000000-420 Event Type: information User: Computer Name: MATT-298F8A5215 Event Code: 7036 Message: The Windows Installer service entered the stopped state. Record Number: 6030 Source Name: Service Control Manager Time Written: 20081101205942.000000-420 Event Type: information User: Application event log Computer Name: MATT-298F8A5215 Event Code: 0 Message: Record Number: 457 Source Name: gusvc Time Written: 20080818101236.000000-360 Event Type: information User: Computer Name: MATT-298F8A5215 Event Code: 1800 Message: The Windows Security Center Service has started. Record Number: 456 Source Name: SecurityCenter Time Written: 20080817183347.000000-360 Event Type: information User: Computer Name: MATT-298F8A5215 Event Code: 0 Message: Record Number: 455 Source Name: gusvc Time Written: 20080817183346.000000-360 Event Type: information User: Computer Name: MATT-298F8A5215 Event Code: 4097 Message: The application, C:\Program Files\PlayOnline\SquareEnix\PlayOnlineViewer\pol.e xe, generated an application error The error occurred on 08/15/2008 @ 11:48:46.218 The exception generated was c0000005 at address 00413846 (pol) Record Number: 454 Source Name: DrWatson Time Written: 20080815114846.000000-360 Event Type: information User: Computer Name: MATT-298F8A5215 Event Code: 1000 Message: Faulting application pol.exe, version 1.18.7.0, faulting module pol.exe, version 1.18.7.0, fault address 0x00013846. Record Number: 453 Source Name: Application Error Time Written: 20080815114843.000000-360 Event Type: error User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemR oot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\ "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 75 Stepping 2, AuthenticAMD "PROCESSOR_REVISION"=4b02 "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;. WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_06\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre1.6.0_06\lib\ext\QTJava.zip -----------------EOF----------------- |
|
#8
9th Mar 2009, 13:28
| |||
| |||
| The TROJAN.VUNDO.H is IMPOSSIBLE to Get Rid Of!!! Please Help :) ? Sorry it didnt post my first message. Anyway here is the log.txt And THANK you for replying, I want to get rid of this asap :) Logfile of random's system information tool 1.05 (written by random/random) Run by Owner at 2009-03-09 14:20:29 Microsoft Windows XP Home Edition Service Pack 3 System drive C: has 40 GB (26%) free of 153 GB Total RAM: 3070 MB (73% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:20:47 PM, on 3/9/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\lxddcoms.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe c:\WINDOWS\system32\ZuneBusEnum.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Zune\ZuneLauncher.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 9.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\hphmon05.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\system32\HPZipm12.exe c:\Program Files\Zune\zune.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\Owner\Desktop\RSIT.exe C:\Program Files\Trend Micro\HijackThis\Owner.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\sw g.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O2 - BHO: (no name) - {cfad96da-2132-40f8-b075-f7f77213274e} - C:\WINDOWS\system32\hoviwifo.dll (file missing) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [BtcMaestro] C:\Program Files\KMaestro\KMaestro.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 9.exe O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe O4 - HKLM\..\Run: [LXDDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtim e.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [wusimeyuti] Rundll32.exe "C:\WINDOWS\system32\nenanizo.dll",s O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [wusimeyuti] Rundll32.exe "C:\WINDOWS\system32\nenanizo.dll",s (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-18\..\Run: [msiexec.exe] msiconf.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [msiexec.exe] msiconf.exe (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: *.antimalwareguard.com O15 - Trusted Zone: *.gomyhit.com O15 - Trusted Zone: *.antimalwareguard.com (HKLM) O15 - Trusted Zone: *.gomyhit.com (HKLM) O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab2.cab O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players...stallAsst2.cab O16 - DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} (Enlite 2.x Simulation Engine Installer) - http://myitlab.pearsoned.com/Pegasus...es/ax/stub.cab O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: qenvsr.dll,C:\WINDOWS\system32\topahola.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe -- End of file - 8361 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\ggogpupo.job C:\WINDOWS\tasks\HP Usg Daily.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}] AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-01-31 1078552] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-31 320920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-02-08 251504] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\sw g.dll [2009-02-11 657904] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}] Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2009-02-08 522224] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{cfad96da-2132-40f8-b075-f7f77213274e}] C:\WINDOWS\system32\hoviwifo.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-31 34816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-31 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-02-08 251504] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-02 13529088] "nwiz"=nwiz.exe /install [] "SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536] "BtcMaestro"=C:\Program Files\KMaestro\KMaestro.exe [] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-01-31 136600] "Zune Launcher"=c:\Program Files\Zune\ZuneLauncher.exe [2008-11-10 157312] "AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-01-31 1601304] "HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\ 3\hpztsb09.exe [2004-05-04 176128] "HPHUPD05"=C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe [2004-03-31 49152] "HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2003-12-22 241664] "HP Software Update"=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [2003-12-05 49152] "HPHmon05"=C:\WINDOWS\system32\hphmon05.exe [2004-05-04 491520] "LXDDCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtim e.dll [] "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696] "wusimeyuti"=C:\WINDOWS\system32\nenanizo.dll [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\RunOnce] "Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-02-11 399504] "Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-02-11 1273488] [HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe [2008-05-17 68856] "igndlm.exe"=C:\Program Files\Download Manager\DLM.exe [2008-08-01 1103216] "msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer] C:\Program Files\Lexmark Fax Solutions\fm3032.exe /s [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxddamon] C:\Program Files\Lexmark 2500 Series\lxddamon.exe [2007-02-05 20480] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxddmon.exe] C:\Program Files\Lexmark 2500 Series\lxddmon.exe [2007-02-12 291760] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] C:\WINDOWS\system32\NvMcTray.dll [2008-05-02 86016] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="qenvsr.dll,C:\WINDOWS\system32\top ahola.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter] C:\WINDOWS\system32\avgrsstx.dll [2009-01-31 10520] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Lsa] "notification packages"=scecli C:\WINDOWS\system32\topahola.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\Wdf01000.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32 \sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Actiontec\BroadBand\gwconfig.exe"="C:\Progra m Files\Actiontec\BroadBand\gwconfig.exe:*:Enabled:m onitor" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Wyzo\wyzo.exe"="C:\Program Files\Wyzo\wyzo.exe:*:Enabled:Wyzo" "C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent" "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire" "C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager" "C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe"="C:\Pr ogram Files\Sony\Station\LaunchPad\LaunchPad.exe:*:Enabl ed:LaunchPad" "C:\Documents and Settings\Owner\Desktop\wowclient-downloader(2).exe"="C:\Documents and Settings\Owner\Desktop\wowclient-downloader(2).exe:*:Enabled:Blizzard Downloader" "C:\Documents and Settings\Owner\Desktop\WoW-BurningCrusade-enUS-Installer-downloader.exe"="C:\Documents and Settings\Owner\Desktop\WoW-BurningCrusade-enUS-Installer-downloader.exe:*:Enabled:Blizzard Downloader" "C:\Program Files\PlayOnline\SquareEnix\PlayOnlineViewer\pol.e xe"="C:\Program Files\PlayOnline\SquareEnix\PlayOnlineViewer\pol.e xe:*:Enabled:PlayOnline Viewer" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\sys tem32\PnkBstrA.exe:*:Enabled:PnkBstrA" "C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\sys tem32\PnkBstrB.exe:*:Enabled:PnkBstrB" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\Program Files\Curse\CurseClient.exe"="C:\Program Files\Curse\CurseClient.exe:*:Enabled:Curse Client" "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\syst em32\logonui.exe:*:Enabled:LogonUI" "C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe" "C:\Documents and Settings\Owner\Local Settings\Temp\Blizzard Launcher Temporary - 3de9d780\Launcher.exe"="C:\Documents and Settings\Owner\Local Settings\Temp\Blizzard Launcher Temporary - 3de9d780\Launcher.exe:*:Enabled:Blizzard Launcher" "C:\WINDOWS\system32\lxddcoms.exe"="C:\WINDOWS\sys tem32\lxddcoms.exe:*:Enabled:2500 Series Server" "C:\Program Files\Lexmark 2500 Series\App4R.exe"="C:\Program Files\Lexmark 2500 Series\App4R.exe:*:Enabled: " "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"="C:\Program Files\Lexmark 2500 Series\lxddamon.exe:*:Disabled:Device Monitor Appliaction" "C:\Documents and Settings\Owner\Local Settings\Temp\Blizzard Launcher Temporary - ad59ac20\Launcher.exe"="C:\Documents and Settings\Owner\Local Settings\Temp\Blizzard Launcher Temporary - ad59ac20\Launcher.exe:*:Enabled:Blizzard Launcher" "C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe :*:Enabled:Explorer" "C:\Program Files\Windows Media Player\wmplayer.exe"="C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:wmplayer" [HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32 \sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\Program Files\Lexmark 2500 Series\app4r.exe"="C:\Program Files\Lexmark 2500 Series\app4r.exe:*:Enabled:BorgListener" ======List of files/folders created in the last 3 months====== 2009-03-09 14:20:29 ----D---- C:\rsit 2009-03-09 01:10:06 ----SH---- C:\WINDOWS\system32\vamomino.dll 2009-03-09 01:09:44 ----SH---- C:\WINDOWS\system32\nayuvaku.dll 2009-03-09 01:09:43 ----SH---- C:\WINDOWS\system32\nagohuwo.dll 2009-03-08 21:18:18 ----A---- C:\WINDOWS\ndlxebb.txt 2009-03-08 19:28:47 ----D---- C:\Program Files\Trend Micro 2009-03-08 13:10:00 ----SH---- C:\WINDOWS\system32\taviduwa.dll 2009-03-08 13:09:39 ----SH---- C:\WINDOWS\system32\zenufiwu.dll 2009-03-08 13:09:39 ----SH---- C:\WINDOWS\system32\reteleza.dll 2009-02-25 04:00:25 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$ 2009-02-25 04:00:18 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$ 2009-02-11 04:00:44 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$ 2009-01-31 04:02:03 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$ 2009-01-31 04:01:52 ----D---- C:\Program Files\MSXML 4.0 2009-01-31 00:45:01 ----A---- C:\WINDOWS\system32\deploytk.dll 2009-01-31 00:36:57 ----A---- C:\WINDOWS\system32\avgrsstx.dll 2009-01-30 23:41:56 ----D---- C:\WINDOWS\pss 2009-01-30 23:36:22 ----D---- C:\Program Files\Lx_cats 2009-01-30 23:35:37 ----A---- C:\WINDOWS\system32\lxddvs.dll 2009-01-30 23:35:32 ----A---- C:\WINDOWS\system32\lxddcoin.dll 2009-01-30 23:34:46 ----A---- C:\WINDOWS\system32\wiafbdrv.dll 2009-01-30 23:34:42 ----A---- C:\WINDOWS\system32\lxddcaps.dll 2009-01-30 23:34:41 ----A---- C:\WINDOWS\system32\lxdddrs.dll 2009-01-30 23:34:41 ----A---- C:\WINDOWS\system32\lxddcnv4.dll 2009-01-30 23:33:43 ----A---- C:\WINDOWS\system32\LXF3PMRC.DLL 2009-01-30 23:33:43 ----A---- C:\WINDOWS\system32\IMHOST32.DLL 2009-01-30 23:33:43 ----A---- C:\WINDOWS\system32\IMGMAN32.DLL 2009-01-30 23:33:33 ----D---- C:\Documents and Settings\All Users\Application Data\FaxCtr 2009-01-30 23:31:45 ----D---- C:\Program Files\Lexmark Fax Solutions 2009-01-30 23:31:35 ----A---- C:\WINDOWS\system32\lxddrwrd.ini 2009-01-30 23:31:08 ----D---- C:\Program Files\Abbyy FineReader 6.0 Sprint 2009-01-30 23:29:37 ----D---- C:\Program Files\Lexmark 2500 Series 2009-01-30 23:29:26 ----A---- C:\WINDOWS\system32\lxddutil.dll 2009-01-30 23:29:26 ----A---- C:\WINDOWS\system32\LXDDinst.dll 2009-01-30 23:29:26 ----A---- C:\WINDOWS\system32\lxddinpa.dll 2009-01-30 23:29:26 ----A---- C:\WINDOWS\system32\lxddiesc.dll 2009-01-30 23:29:26 ----A---- C:\WINDOWS\system32\LXDDhcp.dll 2009-01-30 23:29:25 ----A---- C:\WINDOWS\system32\lxddusb1.dll 2009-01-30 23:29:25 ----A---- C:\WINDOWS\system32\lxddserv.dll 2009-01-30 23:29:25 ----A---- C:\WINDOWS\system32\lxddprox.dll 2009-01-30 23:29:25 ----A---- C:\WINDOWS\system32\lxddpplc.dll 2009-01-30 23:29:25 ----A---- C:\WINDOWS\system32\lxddpmui.dll 2009-01-30 23:29:24 ----A---- C:\WINDOWS\system32\lxddlmpm.dll 2009-01-30 23:29:24 ----A---- C:\WINDOWS\system32\lxddjswr.dll 2009-01-30 23:29:24 ----A---- C:\WINDOWS\system32\lxddinsr.dll 2009-01-30 23:29:24 ----A---- C:\WINDOWS\system32\lxddinsb.dll 2009-01-30 23:29:24 ----A---- C:\WINDOWS\system32\lxddins.dll 2009-01-30 23:29:24 ----A---- C:\WINDOWS\system32\lxddih.exe 2009-01-30 23:29:24 ----A---- C:\WINDOWS\system32\lxddhbn3.dll 2009-01-30 23:29:23 ----A---- C:\WINDOWS\system32\lxddgrd.dll 2009-01-30 23:29:23 ----A---- C:\WINDOWS\system32\lxddgf.dll 2009-01-30 23:29:23 ----A---- C:\WINDOWS\system32\lxddcur.dll 2009-01-30 23:29:23 ----A---- C:\WINDOWS\system32\lxddcub.dll 2009-01-30 23:29:22 ----A---- C:\WINDOWS\system32\lxddcu.dll 2009-01-30 23:29:21 ----A---- C:\WINDOWS\system32\lxddcoms.exe 2009-01-30 23:29:21 ----A---- C:\WINDOWS\system32\lxddcomm.dll 2009-01-30 23:29:21 ----A---- C:\WINDOWS\system32\lxddcomc.dll 2009-01-30 23:29:21 ----A---- C:\WINDOWS\system32\lxddcfg.exe 2009-01-30 23:29:20 ----A---- C:\WINDOWS\system32\lxddcfg.dll 2009-01-18 16:44:31 ----RA---- C:\WINDOWS\system32\MSXML4r.dll 2009-01-18 16:44:31 ----RA---- C:\WINDOWS\system32\MSXML4a.dll 2009-01-18 16:44:31 ----RA---- C:\WINDOWS\system32\hpvcr70.dll 2009-01-18 16:44:31 ----RA---- C:\WINDOWS\system32\hpvcp70.dll 2009-01-18 16:44:31 ----RA---- C:\WINDOWS\system32\hpvaut32.dll 2009-01-18 16:43:14 ----A---- C:\WINDOWS\system32\HPZisn12.dll 2009-01-18 16:43:14 ----A---- C:\WINDOWS\system32\HPZipt12.dll 2009-01-18 16:43:14 ----A---- C:\WINDOWS\system32\HPZipr12.dll 2009-01-18 16:43:14 ----A---- C:\WINDOWS\system32\HPZipm12.exe 2009-01-18 16:43:14 ----A---- C:\WINDOWS\system32\HPZinw12.exe 2009-01-18 16:43:13 ----D---- C:\Program Files\HP 2009-01-18 16:43:13 ----A---- C:\WINDOWS\system32\HPZidr12.dll 2009-01-18 16:43:09 ----A---- C:\WINDOWS\IsUninst.exe 2009-01-18 16:41:15 ----D---- C:\Program Files\Hewlett-Packard 2009-01-12 19:56:09 ----A---- C:\WINDOWS\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.0.1600.22.dll 2009-01-12 19:56:04 ----A---- C:\WINDOWS\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.0.1600.22.dll 2009-01-12 19:55:34 ----D---- C:\WINDOWS\system32\RsFx 2009-01-12 19:54:56 ----D---- C:\Program Files\MSXML 6.0 2009-01-12 19:50:31 ----HDC---- C:\WINDOWS\$NtUninstallKB942288-v3$ 2009-01-12 19:50:20 ----D---- C:\Program Files\Microsoft SQL Server 2009-01-12 19:50:15 ----D---- C:\Program Files\Microsoft Synchronization Services 2009-01-12 19:50:15 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition 2009-01-12 19:48:21 ----D---- C:\Program Files\Microsoft Visual Studio 9.0 2009-01-12 19:48:03 ----D---- C:\Program Files\Microsoft SDKs 2009-01-12 19:46:27 ----D---- C:\c08128ae44b12d3c3b 2009-01-07 00:15:27 ----A---- C:\WINDOWS\ntbtlog.txt 2009-01-06 23:54:24 ----HD---- C:\$AVG8.VAULT$ 2009-01-06 23:50:33 ----D---- C:\Program Files\AVG 2009-01-06 23:50:33 ----D---- C:\Documents and Settings\All Users\Application Data\avg8 2009-01-06 23:39:05 ----D---- C:\Program Files\Spybot - Search & Destroy 2009-01-06 23:39:05 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-12-31 01:22:42 ----D---- C:\Documents and Settings\Owner\Application Data\Malwarebytes 2008-12-31 01:22:37 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2008-12-31 01:22:37 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-12-31 00:37:25 ----A---- C:\WINDOWS\system32\ab72c757-.txt 2008-12-11 04:02:40 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$ 2008-12-11 04:01:09 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$ 2008-12-11 04:00:45 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$ 2008-12-11 04:00:40 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$ ======List of files/folders modified in the last 3 months====== 2009-03-09 14:20:17 ----D---- C:\WINDOWS\Prefetch 2009-03-09 14:17:05 ----D---- C:\WINDOWS\Temp 2009-03-09 14:16:43 ----D---- C:\WINDOWS\system32 2009-03-09 13:41:42 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater 2009-03-08 21:18:18 ----D---- C:\WINDOWS\system32\drivers 2009-03-08 21:18:18 ----D---- C:\WINDOWS 2009-03-08 19:28:47 ----RD---- C:\Program Files 2009-03-08 19:27:30 ----D---- C:\Program Files\Mozilla Firefox 2009-03-03 18:23:06 ----D---- C:\Program Files\World of Warcraft 2009-02-27 15:08:02 ----D---- C:\WINDOWS\system32\CatRoot2 2009-02-26 20:44:01 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-02-26 04:00:20 ----SHD---- C:\WINDOWS\Installer 2009-02-26 04:00:18 ----D---- C:\Program Files\Microsoft Silverlight 2009-02-25 15:28:57 ----D---- C:\Documents and Settings\Owner\Application Data\U3 2009-02-25 04:00:37 ----HD---- C:\WINDOWS\inf 2009-02-25 04:00:36 ----D---- C:\WINDOWS\system32\CatRoot 2009-02-25 04:00:30 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-02-25 04:00:24 ----A---- C:\WINDOWS\imsins.BAK 2009-02-24 17:09:03 ----HD---- C:\WINDOWS\$hf_mig$ 2009-02-23 13:04:29 ----D---- C:\Documents and Settings\Owner\Application Data\LimeWire 2009-02-23 12:54:15 ----D---- C:\Documents and Settings\Owner\Application Data\uTorrent 2009-02-14 19:30:54 ----SHD---- C:\RECYCLER 2009-02-11 04:09:33 ----D---- C:\Program Files\Internet Explorer 2009-02-11 04:08:19 ----D---- C:\Program Files\Google 2009-02-11 04:01:14 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2009-02-08 01:18:34 ----D---- C:\Documents and Settings\All Users\Application Data\Google 2009-01-31 04:07:56 ----D---- C:\WINDOWS\security 2009-01-31 04:01:54 ----D---- C:\WINDOWS\WinSxS 2009-01-31 00:50:45 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-01-31 00:44:50 ----A---- C:\WINDOWS\system32\javaws.exe 2009-01-31 00:44:50 ----A---- C:\WINDOWS\system32\javaw.exe 2009-01-31 00:44:50 ----A---- C:\WINDOWS\system32\java.exe 2009-01-31 00:44:47 ----D---- C:\Program Files\Java 2009-01-30 23:54:18 ----RSH---- C:\boot.ini 2009-01-30 23:54:18 ----A---- C:\WINDOWS\win.ini 2009-01-30 23:54:18 ----A---- C:\WINDOWS\system.ini 2009-01-18 16:44:42 ----SD---- C:\WINDOWS\Tasks 2009-01-18 16:44:36 ----SD---- C:\Documents and Settings\Owner\Application Data\Microsoft 2009-01-16 22:35:14 ----A---- C:\WINDOWS\system32\mshtml.dll 2009-01-15 18:20:06 ----D---- C:\Documents and Settings\Owner\Application Data\Mozilla 2009-01-12 20:17:25 ----D---- C:\WINDOWS\Microsoft.NET 2009-01-12 20:17:23 ----RSD---- C:\WINDOWS\assembly 2009-01-12 19:55:02 ----D---- C:\Program Files\Common Files\Microsoft Shared 2009-01-12 19:54:54 ----D---- C:\WINDOWS\system32\1033 2009-01-12 19:54:47 ----D---- C:\Program Files\Microsoft.NET 2009-01-12 19:50:18 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft 2009-01-12 19:47:08 ----D---- C:\WINDOWS\system32\XPSViewer 2009-01-12 19:47:07 ----D---- C:\WINDOWS\system32\en-US 2009-01-12 19:47:04 ----RSD---- C:\WINDOWS\Fonts 2009-01-07 00:15:40 ----D---- C:\Documents and Settings 2009-01-01 02:58:53 ----D---- C:\WINDOWS\system32\LogFiles 2008-12-27 12:49:04 ----D---- C:\Program Files\Windows Live 2008-12-20 17:15:41 ----A---- C:\WINDOWS\system32\wininet.dll 2008-12-20 17:15:40 ----A---- C:\WINDOWS\system32\webcheck.dll 2008-12-20 17:15:40 ----A---- C:\WINDOWS\system32\urlmon.dll 2008-12-20 17:15:39 ----A---- C:\WINDOWS\system32\url.dll 2008-12-20 17:15:38 ----A---- C:\WINDOWS\system32\pngfilt.dll 2008-12-20 17:15:38 ----A---- C:\WINDOWS\system32\occache.dll 2008-12-20 17:15:32 ----A---- C:\WINDOWS\system32\mstime.dll 2008-12-20 17:15:31 ----A---- C:\WINDOWS\system32\msrating.dll 2008-12-20 17:15:30 ----A---- C:\WINDOWS\system32\mshtmled.dll 2008-12-20 17:15:24 ----A---- C:\WINDOWS\system32\msfeedsbs.dll 2008-12-20 17:15:23 ----A---- C:\WINDOWS\system32\msfeeds.dll 2008-12-20 17:15:23 ----A---- C:\WINDOWS\system32\jsproxy.dll 2008-12-20 17:15:22 ----A---- C:\WINDOWS\system32\iertutil.dll 2008-12-20 17:15:21 ----A---- C:\WINDOWS\system32\iernonce.dll 2008-12-20 17:15:21 ----A---- C:\WINDOWS\system32\ieframe.dll 2008-12-20 17:15:16 ----A---- C:\WINDOWS\system32\iedkcs32.dll 2008-12-20 17:15:15 ----A---- C:\WINDOWS\system32\ieapfltr.dll 2008-12-20 17:15:14 ----A---- C:\WINDOWS\system32\ieaksie.dll 2008-12-20 17:15:14 ----A---- C:\WINDOWS\system32\ieakeng.dll 2008-12-20 17:15:13 ----A---- C:\WINDOWS\system32\icardie.dll 2008-12-20 17:15:13 ----A---- C:\WINDOWS\system32\extmgr.dll 2008-12-20 17:15:13 ----A---- C:\WINDOWS\system32\dxtrans.dll 2008-12-20 17:15:12 ----A---- C:\WINDOWS\system32\dxtmsft.dll 2008-12-20 17:15:11 ----A---- C:\WINDOWS\system32\advpack.dll 2008-12-19 03:10:15 ----A---- C:\WINDOWS\system32\ieudinit.exe 2008-12-19 03:10:15 ----A---- C:\WINDOWS\system32\ie4uinit.exe 2008-12-18 23:23:56 ----A---- C:\WINDOWS\system32\ieakui.dll ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2009-01-18 43672] R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-05-10 36864] R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-01-31 325128] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-01-31 27656] R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592] R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856] R2 zumbus;Zune Bus Enumerator Driver; C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-09-12 40832] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-01-24 4127488] R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160] R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-12 5810] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-02 6554496] R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-04-14 34176] R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-04-14 13056] R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288] R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152] R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008] S1 seneka;seneka; C:\WINDOWS\system32\drivers\senekaqfbksrhx.sys [] S2 npkcrypt;npkcrypt; \??\C:\Nexon\MapleStory\npkcrypt.sys [] S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-03-17 51088] S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-03-17 16496] S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-03-17 21744] S3 npkcusb;npkcusb; \??\C:\Nexon\MapleStory\npkcusb.sys [] S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS [] S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 WinUSB;WinUSB; C:\WINDOWS\system32\DRIVERS\WinUSB.sys [2006-11-02 39368] S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] S4 RsFx0102;RsFx0102 Driver; C:\WINDOWS\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336] R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-01-31 298264] R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-09 168432] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-31 152984] R2 lxdd_device;lxdd_device; C:\WINDOWS\system32\lxddcoms.exe [2007-02-12 537520] R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2008-07-10 40999448] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-02 159812] R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-08-12 66872] R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-07-10 98840] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336] R2 ZuneBusEnum;Zune Bus Enumerator; c:\WINDOWS\system32\ZuneBusEnum.exe [2008-11-10 60032] R3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-03-18 65536] R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspn et_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\Presen tationFontCache.exe [2008-07-29 46104] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336] S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240] S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408] S3 ZuneNetworkSvc;Zune Network Sharing Service; c:\Program Files\Zune\ZuneNss.exe [2008-11-10 5117568] S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service; c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-11-10 243840] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-10 47128] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-10 369688] S4 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-07-10 258072] -----------------EOF----------------- |
|
#9
9th Mar 2009, 14:37
| |||
| |||
| The TROJAN.VUNDO.H is IMPOSSIBLE to Get Rid Of!!! Please Help :) ? Open HijackThis and select Do a system scan only. Place a check mark next to the following entries: (if there)
Important: Close all open windows except for HijackThis and then click Fix checked. Once completed, exit HijackThis. ---------- Go to Start > Run and type notepad.exe then click OK Copy and paste the below into Notepad and save as fixme.reg to Your Desktop Code: REGEDIT4
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cfad96da-2132-40f8-b075-f7f77213274e}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"wusimeyuti"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=""
Delete the fixme.reg from the Desktop. ---------- Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop. Link #1 Link #2 **Note: It is important that it is saved directly to your Desktop Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix. Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. Double click combofix.exe & follow the prompts. When finished ComboFix will produce a log for you. Post the ComboFix log in your next reply. Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall. Remember to re-enable your antivirus and antispyware protection when ComboFix is complete. If you have problems with ComboFix usage, see How to use ComboFix
__________________ |
|
#10
9th Mar 2009, 16:12
| |||
| |||
| The TROJAN.VUNDO.H is IMPOSSIBLE to Get Rid Of!!! Please Help :) ? Ok I followed all the instructions. Here is log : ComboFix 09-03-06.02 - Owner 2009-03-09 16:15:39.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2402 [GMT -6:00] Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ----- BITS: Possible infected sites ----- hxxp://82.98.235.205 . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_seneka ((((((((((((((((((((((((( Files Created from 2009-02-09 to 2009-03-09 ))))))))))))))))))))))))))))))) . 2009-03-09 14:20 . 2009-03-09 14:20 <DIR> d-------- C:\rsit 2009-03-09 01:10 . 2009-03-09 01:10 2,713 ---hs---- c:\windows\system32\vamomino.dll 2009-03-09 01:09 . 2009-03-09 01:09 5,183 ---hs---- c:\windows\system32\nayuvaku.dll 2009-03-09 01:09 . 2009-03-09 01:09 5,183 ---hs---- c:\windows\system32\nagohuwo.dll 2009-03-08 19:28 . 2009-03-08 19:28 <DIR> d-------- c:\program files\Trend Micro 2009-03-08 13:10 . 2009-03-08 13:10 2,713 ---hs---- c:\windows\system32\taviduwa.dll 2009-03-08 13:09 . 2009-03-08 13:09 5,183 ---hs---- c:\windows\system32\zenufiwu.dll 2009-03-08 13:09 . 2009-03-08 13:09 5,183 ---hs---- c:\windows\system32\reteleza.dll 2009-03-07 12:41 . 2009-03-07 12:41 244 --ah----- C:\sqmnoopt17.sqm 2009-03-07 12:41 . 2009-03-07 12:41 232 --ah----- C:\sqmdata17.sqm 2009-03-06 12:44 . 2009-03-06 12:44 244 --ah----- C:\sqmnoopt16.sqm 2009-03-06 12:44 . 2009-03-06 12:44 232 --ah----- C:\sqmdata16.sqm 2009-03-06 00:15 . 2009-03-06 00:15 244 --ah----- C:\sqmnoopt15.sqm 2009-03-06 00:15 . 2009-03-06 00:15 232 --ah----- C:\sqmdata15.sqm 2009-02-24 17:09 . 2009-01-09 13:19 1,089,593 -----c--- c:\windows\system32\dllcache\ntprint.cat 2009-02-19 17:01 . 2009-02-19 17:01 268 --ah----- C:\sqmdata14.sqm 2009-02-19 17:01 . 2009-02-19 17:01 244 --ah----- C:\sqmnoopt14.sqm 2009-02-12 09:21 . 2009-02-12 09:21 268 --ah----- C:\sqmdata13.sqm 2009-02-12 09:21 . 2009-02-12 09:21 244 --ah----- C:\sqmnoopt13.sqm 2009-02-10 21:46 . 2009-02-10 21:46 244 --ah----- C:\sqmnoopt12.sqm 2009-02-10 21:46 . 2009-02-10 21:46 232 --ah----- C:\sqmdata12.sqm . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2009-03-09 22:18 --------- d-----w c:\program files\Lx_cats 2009-03-09 22:11 --------- d-----w c:\documents and settings\All Users\Application Data\avg8 2009-03-09 19:41 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater 2009-03-09 01:27 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-03-08 19:00 --------- d-----w c:\program files\Spybot - Search & Destroy 2009-03-04 00:23 --------- d-----w c:\program files\World of Warcraft 2009-02-26 10:00 --------- d-----w c:\program files\Microsoft Silverlight 2009-02-25 21:28 --------- d-----w c:\documents and settings\Owner\Application Data\U3 2009-02-23 19:04 --------- d-----w c:\documents and settings\Owner\Application Data\LimeWire 2009-02-23 18:54 --------- d-----w c:\documents and settings\Owner\Application Data\uTorrent 2009-02-11 16:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-11 16:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-02-11 10:08 --------- d-----w c:\program files\Google 2009-02-11 10:01 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2009-01-31 10:01 --------- d-----w c:\program files\MSXML 4.0 2009-01-31 06:44 --------- d-----w c:\program files\Java 2009-01-31 06:36 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys 2009-01-31 06:18 --------- d-----w c:\program files\Lexmark Fax Solutions 2009-01-31 05:35 --------- d-----w c:\program files\Lexmark 2500 Series 2009-01-31 05:33 --------- d-----w c:\documents and settings\All Users\Application Data\FaxCtr 2009-01-31 05:31 --------- d-----w c:\program files\Abbyy FineReader 6.0 Sprint 2009-01-18 22:44 43,672 ----a-w c:\windows\system32\drivers\AFS2K.SYS 2009-01-18 22:44 --------- d-----w c:\program files\HP 2009-01-18 22:44 --------- d-----w c:\program files\Hewlett-Packard 2009-01-13 01:55 --------- d-----w c:\program files\Microsoft SQL Server 2009-01-13 01:54 --------- d-----w c:\program files\MSXML 6.0 2009-01-13 01:54 --------- d-----w c:\program files\Microsoft.NET 2009-01-13 01:50 --------- d-----w c:\program files\Microsoft Synchronization Services 2009-01-13 01:50 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition 2009-01-13 01:49 --------- d-----w c:\program files\Microsoft Visual Studio 9.0 2009-01-13 01:48 --------- d-----w c:\program files\Microsoft SDKs 2008-08-13 05:47 22,328 ----a-w c:\documents and settings\Owner\Application Data\PnkBstrK.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2008-05-17 68856] "igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2008-08-01 1103216] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-02 13529088] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-31 136600] "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-11-10 157312] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-31 1601304] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86 \3\hpztsb09.exe" [2004-05-04 176128] "HPHUPD05"="c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2004-03-31 49152] "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664] "HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2003-12-05 49152] "HPHmon05"="c:\windows\system32\hphmon05.exe" [2004-05-04 491520] "LXDDCATS"="c:\windows\System32\spool\DRIVERS\W32X 86\3\LXDDtime.dll" [2007-01-22 102400] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696] "nwiz"="nwiz.exe" [2008-05-02 c:\windows\system32\nwiz.exe] "SoundMan"="SOUNDMAN.EXE" [2007-04-16 c:\windows\SOUNDMAN.EXE] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-01-31 00:36 10520 c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\topahola.dl l [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.ffds"= ffdshow.ax "msacm.ac3filter"= ac3filter.acm [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-11 23:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxddamon] --a------ 2007-02-05 17:32 20480 c:\program files\Lexmark 2500 Series\lxddamon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxddmon.exe] --a------ 2007-02-12 17:58 291760 c:\program files\Lexmark 2500 Series\lxddmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-10-18 11:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2008-05-02 23:46 86016 c:\windows\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-05-27 11:50 413696 c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Actiontec\\BroadBand\\gwconfig.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\WINDOWS\\system32\\lxddcoms.exe"= "c:\\Program Files\\Lexmark 2500 Series\\App4R.exe"= "c:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"= "c:\\Program Files\\Windows Media Player\\wmplayer.exe"= "c:\\Program Files\\Common Files\\Adobe\\Updater5\\AdobeUpdater.exe"= "c:\\Program Files\\Hewlett-Packard\\HP Software Update\\hpwuSchd2.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 "6999:TCP"= 6999:TCP:blizz [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-01-06 325128] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-31 298264] R2 lxdd_device;lxdd_device;c:\windows\system32\lxddco ms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2008-07-10 47128] S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-07-10 242712] S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-10 369688] . Contents of the 'Scheduled Tasks' folder 2009-03-09 c:\windows\Tasks\ggogpupo.job - c:\windows\system32\awttrRhF.dll [] 2009-03-09 c:\windows\Tasks\HP Usg Daily.job - c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe [2004-03-31 22:35] . - - - - ORPHANS REMOVED - - - - HKLM-Run-BtcMaestro - c:\program files\KMaestro\KMaestro.exe HKLM-Run-wusimeyuti - c:\windows\system32\nenanizo.dll MSConfigStartUp-FaxCenterServer - c:\program files\Lexmark Fax Solutions\fm3032.exe . ------- Supplementary Scan ------- . IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\w7f9tc1y.default\ FF - prefs.js: browser.search.selectedEngine - FireSearch FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - plugin: c:\program files\Download Manager\npfpdlm.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll . ************************************************** ************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-09 16:18:51 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run LXDDCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXDDtim e.dll,_RunDLLEntry@16????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************** ************************ . ------------------------ Other Running Processes ------------------------ . c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\lxddcoms.exe c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe c:\program files\AVG\AVG8\avgrsx.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\PnkBstrA.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\windows\system32\ZuneBusEnum.exe c:\windows\system32\HPZipm12.exe c:\windows\system32\wscntfy.exe . ************************************************** ************************ . Completion time: 2009-03-09 16:23:02 - machine was rebooted ComboFix-quarantined-files.txt 2009-03-09 22:23:00 Pre-Run: 42,242,281,472 bytes free Post-Run: 42,746,093,568 bytes free 209 --- E O F --- 2009-02-26 10:00:21 |
|
| |
| Bookmarks |
Similar Threads | ||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Need Help... Can't Get Rid of TROJAN.VUNDO.H. | sukun | Virus, Spyware & Security | 1 | 2nd May 2009 16:27 |
| I Can't Get Rid of TROJAN.VUNDO.H from my PC | theprodigycmb | Virus, Spyware & Security | 13 | 16th Mar 2009 16:40 |
| Need Help w/ Trojan.Vundo H! | Nicholas02 | Virus, Spyware & Security | 22 | 22nd Dec 2008 17:59 |
| Trojan.vundo.h , trojan.agent , adware.mirar + MORE! :( | sillyarfer | Virus, Spyware & Security | 1 | 14th Dec 2008 09:59 |
| Whatever I do I can't get rid of TROJAN.VUNDO.H | redsowwer | Virus, Spyware & Security | 25 | 3rd Nov 2008 18:10 |
| Thread Tools | |
| |
