Jump to content

Please help get rid of my Malware!


Recommended Posts

Ok here is the MBAM log. The Panda Scan is currently running but I will post that and a HiJackThis log as soon as it finishes. Please help me get rid of this Malware. Thank you very much in advance for any help.

Malwarebytes' Anti-Malware 1.30

Database version: 1425

Windows 5.1.2600 Service Pack 2

12/21/2008 7:00:12 PM

mbam-log-2008-12-21 (19-00-12).txt

Scan type: Quick Scan

Objects scanned: 56534

Time elapsed: 7 minute(s), 32 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 1

Registry Keys Infected: 6

Registry Values Infected: 2

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 6

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

K:\WINDOWS\system32\dayatife.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dc5c6568-616c-447d-bca1-4e79c5f14059} (Trojan.BHO.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{dc5c6568-616c-447d-bca1-4e79c5f14059} (Trojan.BHO.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm3344f5e2 (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nunomebadi (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

K:\WINDOWS\system32\dayatife.dll (Trojan.Vundo.H) -> Delete on reboot.

K:\WINDOWS\system32\efitayad.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

K:\WINDOWS\system32\nuwuwufu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

K:\WINDOWS\system32\ufuwuwun.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

K:\WINDOWS\system32\kofibeha.dll (Trojan.BHO.H) -> Delete on reboot.

k:\WINDOWS\system32\yiliyawu.dll (Trojan.Agent) -> Delete on reboot.

Link to post
Share on other sites

Ok here is the Panda Log

;*******************************************************************************

********************************************************************************

*

*******************

ANALYSIS: 2008-12-22 07:35:44

PROTECTIONS: 0

MALWARE: 54

SUSPECTS: 9

;*******************************************************************************

********************************************************************************

*

*******************

PROTECTIONS

Description Version Active Updated

;===============================================================================

================================================================================

=

===================

;===============================================================================

================================================================================

=

===================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===============================================================================

================================================================================

=

===================

00035328 Application/KillApp.A HackTools No 0 Yes No C:\hp\bin\Terminator.exe

00122168 Application/Restart HackTools No 0 Yes No K:\WINDOWS\system32\Tools\Restart.exe

00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No K:\Documents and Settings\Zahuindanda\Cookies\zahuindanda@trafficmp[1].txt

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No K:\Documents and Settings\Zahuindanda\Local Settings\Temp\Cookies\zahuindanda@doubleclick[1].txt

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No K:\Documents and Settings\Zahuindanda\Cookies\zahuindanda@doubleclick[1].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No K:\Documents and Settings\Zahuindanda\Local Settings\Temp\Cookies\zahuindanda@atdmt[2].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No K:\Documents and Settings\Zahuindanda\Cookies\zahuindanda@atdmt[1].txt

00145405 Cookie/RealMedia TrackingCookie No 0 Yes No K:\Documents and Settings\Zahuindanda\Cookies\zahuindanda@247realmedia[2].txt

00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No K:\Documents and Settings\Zahuindanda\Cookies\zahuindanda@tribalfusion[1].txt

00149116 Cookie/Ccbill TrackingCookie No 0 Yes No C:\Documents and Settings\Zahuindanda\Cookies\zahuindanda@ccbill[2].txt

00167430 Cookie/myaffiliateprogram TrackingCookie No 0 Yes No K:\Documents and Settings\Zahuindanda\Cookies\zahuindanda@www.myaffiliateprogram[2].txt

00167642 Cookie/Com.com TrackingCookie No 0 Yes No K:\Documents and Settings\Zahuindanda\Cookies\zahuindanda@com[1].txt

00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Zahuindanda\Cookies\zahuindanda@com[2].txt

00167672 Cookie/DomainSponsor TrackingCookie No 0 Yes No C:\Documents and Settings\Zahuindanda\Cookies\zahuindanda@landing.domainsponsor[2].txt

00167726 Cookie/Tickle TrackingCookie No 0 Yes No C:\Documents and Settings\Zahuindanda\Cookies\zahuindanda@tickle[1].txt

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No K:\Documents and Settings\Zahuindanda\Cookies\zahuindanda@serving-sys[2].txt

00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No K:\Documents and Settings\Zahuindanda\Cookies\zahuindanda@bs.serving-sys[2].txt

00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No K:\Documents and Settings\Zahuindanda\Cookies\zahuindanda@www.burstbeacon[1].txt

00168109 Cookie/Adtech TrackingCookie No 0 Yes No K:\Documents and Settings\Zahuindanda\Cookies\zahuindanda@adtech[1].txt

00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No K:\Documents and Settings\Zahuindanda\Cookies\zahuindanda@server.iad.liveperson[2].txt

00169190 Cookie/Advertising TrackingCookie No 0 Yes No K:\Documents and Settings\Zahuindanda\Cookies\zahuindanda@advertising[2].txt

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No K:\Documents and Settings\Zahuindanda\Cookies\zahuindanda@ads.pointroll[1].txt

00170554 Cookie/Overture TrackingCookie No 0 Yes No K:\Documents and Settings\Zahuindanda\Cookies\zahuindanda@overture[2].txt

00170556 Cookie/RealMedia TrackingCookie No 0 Yes No K:\Documents and Settings\Zahuindanda\Cookies\zahuindanda@realmedia[1].txt

00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No K:\Documents and Settings\Zahuindanda\Cookies\zahuindanda@questionmarket[1].txt

00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Zahuindanda\Cookies\zahuindanda@go[6].txt

00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Zahuindanda\Cookies\zahuindanda@go[9].txt

00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Zahuindanda\Cookies\zahuindanda@go[7].txt

00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Zahuindanda\Cookies\zahuindanda@go[10].txt

00194327 Cookie/Go TrackingCookie No 0 Yes No K:\Documents and Settings\Zahuindanda\Cookies\zahuindanda@go[2].txt

00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Zahuindanda\Cookies\zahuindanda@go[5].txt

00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Zahuindanda\Cookies\zahuindanda@go[11].txt

00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Zahuindanda\Cookies\zahuindanda@go[1].txt

00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Zahuindanda\Cookies\zahuindanda@go[2].txt

00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Zahuindanda\Cookies\zahuindanda@go[3].txt

00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\Zahuindanda\Cookies\zahuindanda@searchportal.information[2].txt

00207338 Cookie/Target TrackingCookie No 0 Yes No K:\Documents and Settings\Zahuindanda\Cookies\zahuindanda@target[1].txt

00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Zahuindanda\Cookies\zahuindanda@target[2].txt

00262020 Cookie/Atwola TrackingCookie No 0 Yes No K:\Documents and Settings\Zahuindanda\Cookies\zahuindanda@atwola[2].txt

00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No K:\Documents and Settings\Zahuindanda\Cookies\zahuindanda@ads.addynamix[1].txt

00447834 Adware/Lop Adware No 0 Yes No C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\1A7C721C

00447834 Adware/Lop Adware No 0 Yes No C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\36A22693

00447834 Adware/Lop Adware No 0 Yes No C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\7A0D661E.dll

00447834 Adware/Lop Adware No 0 Yes No C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\1A9A7001

00447834 Adware/Lop Adware No 0 Yes No C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\1B6B64CD

00447834 Adware/Lop Adware No 0 Yes No C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\73205576

00447834 Adware/Lop Adware No 0 Yes No C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\4C875734

00447834 Adware/Lop Adware No 0 Yes No C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\7F26196C

00456116 Adware/Antivirus2009 Adware No 0 Yes No K:\Documents and Settings\Zahuindanda\Local Settings\Temp\Temporary Internet Files\Content.IE5\0DMF5SV2\freescan[1].htm

00456116 Adware/Antivirus2009 Adware No 0 Yes No K:\Documents and Settings\Zahuindanda\Local Settings\Temporary Internet Files\Content.IE5\FCPWN7JD\freescan[1].htm

00466989 Spyware/Virtumonde Spyware No 1 Yes No K:\WINDOWS\system32\havowezi.dll

00466989 Spyware/Virtumonde Spyware No 1 Yes No K:\WINDOWS\system32\relohuna.dll

00466989 Spyware/Virtumonde Spyware No 1 Yes No K:\WINDOWS\system32\mezayuku.dll

00466989 Spyware/Virtumonde Spyware No 1 Yes No K:\WINDOWS\system32\yugaveye.dll

00466989 Spyware/Virtumonde Spyware No 1 Yes No K:\WINDOWS\system32\jowenobi.dll

00466989 Spyware/Virtumonde Spyware No 1 Yes No K:\WINDOWS\system32\fujivebo.dll

00477757 Spyware/Virtumonde Spyware No 1 Yes No K:\WINDOWS\system32\wolusiwu.dll

00477757 Spyware/Virtumonde Spyware No 1 Yes No K:\WINDOWS\system32\woyobopo.dll

00477798 Spyware/Virtumonde Spyware No 1 Yes No K:\WINDOWS\system32\zuwupima.dll

00477798 Spyware/Virtumonde Spyware No 1 Yes No K:\WINDOWS\system32\wirahahe.dll

00477798 Spyware/Virtumonde Spyware No 1 Yes No K:\WINDOWS\system32\vusilina.dll

00477814 Spyware/Virtumonde Spyware No 1 Yes No K:\WINDOWS\system32\sakudozu.dll

00477820 Spyware/Virtumonde Spyware No 1 Yes No K:\WINDOWS\system32\zigigeje.dll

00477820 Spyware/Virtumonde Spyware No 1 Yes No K:\WINDOWS\system32\wikegivi.dll

00477820 Spyware/Virtumonde Spyware No 1 Yes No K:\WINDOWS\system32\vineyibu.dll

00477861 Spyware/Virtumonde Spyware No 1 Yes No K:\WINDOWS\system32\payahasa.dll

00477866 Spyware/Virtumonde Spyware No 1 Yes No K:\WINDOWS\system32\nupasula.dll

00478052 Spyware/Virtumonde Spyware No 1 Yes No K:\WINDOWS\system32\verapogi.dll

00478064 Spyware/Virtumonde Spyware No 1 Yes No K:\WINDOWS\system32\mofohupu.dll

00478077 Spyware/Virtumonde Spyware No 1 Yes No K:\WINDOWS\system32\ludiyofu.dll

00478077 Spyware/Virtumonde Spyware No 1 Yes No K:\WINDOWS\system32\yeyikufa.dll

00478077 Spyware/Virtumonde Spyware No 1 Yes No K:\WINDOWS\system32\jurisesa.dll

00478148 Spyware/Virtumonde Spyware No 1 Yes No K:\WINDOWS\system32\vopidezu.dll

00478183 Spyware/Virtumonde Spyware No 1 Yes No K:\WINDOWS\system32\fugudipi.dll

00478183 Spyware/Virtumonde Spyware No 1 Yes No K:\WINDOWS\system32\fukiroki.dll

00478239 Spyware/Virtumonde Spyware No 1 Yes No K:\WINDOWS\system32\harowofa.dll

00478239 Spyware/Virtumonde Spyware No 1 Yes No K:\WINDOWS\system32\koyorero.dll

00478239 Spyware/Virtumonde Spyware No 1 Yes No K:\WINDOWS\system32\nubukege.dll

00478239 Spyware/Virtumonde Spyware No 1 Yes No K:\WINDOWS\system32\vevikome.dll

00478239 Spyware/Virtumonde Spyware No 1 Yes No K:\WINDOWS\system32\yitosere.dll

00478360 Spyware/Virtumonde Spyware No 1 Yes No K:\WINDOWS\system32\zotokenu.dll

00478360 Spyware/Virtumonde Spyware No 1 Yes No K:\WINDOWS\system32\damuwiwi.dll

00478360 Spyware/Virtumonde Spyware No 1 Yes No K:\WINDOWS\system32\memigeda.dll

00478395 Spyware/Virtumonde Spyware No 1 Yes No K:\WINDOWS\system32\widunebu.dll

00478427 Spyware/Virtumonde Spyware No 1 Yes No K:\WINDOWS\system32\wiwedino.dll

00520936 Application/ViewPoint HackTools No 0 No No C:\System Volume Information\_restore{1411EB45-DEEF-49B6-A0AA-F85B814604DC}\RP1286\A0133783.exe[ViewBarBHO.dll]

00520936 Application/ViewPoint HackTools No 0 No No C:\System Volume Information\_restore{1411EB45-DEEF-49B6-A0AA-F85B814604DC}\RP1297\A0134018.exe[ViewBarBHO.dll]

00520936 Application/ViewPoint HackTools No 0 No No C:\System Volume Information\_restore{1411EB45-DEEF-49B6-A0AA-F85B814604DC}\RP1309\A0134497.exe[ViewBarBHO.dll]

00520936 Application/ViewPoint HackTools No 0 No No C:\System Volume Information\_restore{1411EB45-DEEF-49B6-A0AA-F85B814604DC}\RP1276\A0132602.exe[ViewBarBHO.dll]

00520936 Application/ViewPoint HackTools No 0 No No C:\System Volume Information\_restore{1411EB45-DEEF-49B6-A0AA-F85B814604DC}\RP1362\A0138084.exe[ViewBarBHO.dll]

00520936 Application/ViewPoint HackTools No 0 No No C:\System Volume Information\_restore{1411EB45-DEEF-49B6-A0AA-F85B814604DC}\RP1324\A0136680.exe[ViewBarBHO.dll]

00520936 Application/ViewPoint HackTools No 0 No No C:\System Volume Information\_restore{1411EB45-DEEF-49B6-A0AA-F85B814604DC}\RP1335\A0137149.exe[ViewBarBHO.dll]

00520936 Application/ViewPoint HackTools No 0 No No C:\System Volume Information\_restore{1411EB45-DEEF-49B6-A0AA-F85B814604DC}\RP1348\A0137388.exe[ViewBarBHO.dll]

00523358 Application/ViewPoint HackTools No 0 Yes No C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll

01048936 Generic Malware Virus/Trojan No 0 Yes No C:\Program Files\GameSpy Arcade\Services\_common\PortraitLoader.dll

01162707 HackTool/KillProcWin.A HackTools No 0 No No C:\Documents and Settings\Zahuindanda\Local Settings\Application Data\Wildtangent\Cdacache\00\00\18.dat[simple_killw.exe]

01196325 Cookie/Enhance TrackingCookie No 0 Yes No K:\Documents and Settings\Zahuindanda\Cookies\zahuindanda@enhance[1].txt

01260840 Trj/Downloader.PME Virus/Trojan No 1 Yes No C:\Documents and Settings\Zahuindanda\Local Settings\Application Data\Wildtangent\Cdacache\00\00\15.dat

03982751 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.2.0.007\npwthost.dll

04199671 Trj/Downloader.MDW Virus/Trojan No 1 Yes No D:\Random Crap\fp2006-final-3[1].00-setup.exe

04207774 Generic Trojan Virus/Trojan No 0 Yes No C:\Program Files\DIGStream\digstream.exe

;===============================================================================

================================================================================

=

===================

SUSPECTS

Sent Location 4

;===============================================================================

================================================================================

=

===================

No C:\Program Files\support.com\temp\ComcastToolbar.exe[

Link to post
Share on other sites

Here is the HJT Log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:38:24 AM, on 12/22/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

K:\WINDOWS\System32\smss.exe

K:\WINDOWS\system32\winlogon.exe

K:\WINDOWS\system32\services.exe

K:\WINDOWS\system32\lsass.exe

K:\WINDOWS\system32\svchost.exe

K:\WINDOWS\System32\svchost.exe

K:\WINDOWS\system32\spoolsv.exe

K:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

K:\Program Files\Bonjour\mDNSResponder.exe

K:\WINDOWS\System32\svchost.exe

K:\Program Files\Java\jre6\bin\jqs.exe

D:\Program Files\MagicTune Premium\MagicTuneEngine.exe

K:\WINDOWS\system32\nvsvc32.exe

K:\WINDOWS\system32\HPZipm12.exe

K:\WINDOWS\System32\svchost.exe

K:\WINDOWS\Explorer.EXE

K:\WINDOWS\system32\VTTimer.exe

K:\Program Files\HP\HP Software Update\HPWuSchd2.exe

K:\WINDOWS\system32\RUNDLL32.EXE

D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

K:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe

K:\Program Files\Java\jre6\bin\jusched.exe

D:\Zahuindanda\Application Data\Apple Computer\iTunes\iTunesHelper.exe

K:\WINDOWS\system32\ctfmon.exe

K:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

K:\Program Files\Windows Media Player\WMPNSCFG.exe

D:\Program Files\MagicTune Premium\GammaTray.exe

K:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

D:\Program Files\SEC\Natural Color Pro\NCProTray.exe

K:\Program Files\iPod\bin\iPodService.exe

K:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

K:\WINDOWS\system32\rundll32.exe

K:\WINDOWS\system32\taskmgr.exe

D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - K:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - K:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - k:\program files\google\googletoolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - K:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - K:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: (no name) - {dc5c6568-616c-447d-bca1-4e79c5f14059} - K:\WINDOWS\system32\kofibeha.dll (file missing)

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - K:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - k:\program files\google\googletoolbar3.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [HP Software Update] K:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE K:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE K:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [GrooveMonitor] "D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [XboxStat] "K:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [sunJavaUpdateSched] "K:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [CloneCDElbyCDFL] "D:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL

O4 - HKLM\..\Run: [AppleSyncNotifier] K:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "D:\Zahuindanda\Application Data\Apple Computer\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [nunomebadi] Rundll32.exe "K:\WINDOWS\system32\sonosoku.dll",s

O4 - HKLM\..\Run: [205dc13d] rundll32.exe "K:\WINDOWS\system32\hupekepo.dll",b

O4 - HKLM\..\Run: [CPM3344f5e2] Rundll32.exe "k:\windows\system32\kayufegi.dll",a

O4 - HKCU\..\Run: [ctfmon.exe] K:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] K:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [AdobeUpdater] "K:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"

O4 - HKCU\..\Run: [WMPNSCFG] K:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [nunomebadi] Rundll32.exe "K:\WINDOWS\system32\sonosoku.dll",s (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [nunomebadi] Rundll32.exe "K:\WINDOWS\system32\sonosoku.dll",s (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] D:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] D:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')

O4 - Global Startup: GammaTray.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = K:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: NCProTray.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - K:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - K:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - K:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - K:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommo...IOS/tgctlcm.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1174202081312

O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup163.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O20 - AppInit_DLLs: k:\windows\system32\hajigira.dll k:\windows\system32\fejufani.dll k:\windows\system32\wutiporu.dll K:\WINDOWS\system32\kayiduri.dll k:\windows\system32\yiliyawu.dll k:\windows\system32\kayufegi.dll

O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

O23 - Service: Apple Mobile Device - Apple Inc. - K:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - K:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Updater Service (gusvc) - Google - K:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - K:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - K:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: MagicTuneEngine - Unknown owner - D:\Program Files\MagicTune Premium\MagicTuneEngine.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - K:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - K:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - K:\Program Files\WinPcap\rpcapd.exe

--

End of file - 10275 bytes

Link to post
Share on other sites

Here is the new MBAM Log;

Malwarebytes' Anti-Malware 1.31

Database version: 1531

Windows 5.1.2600 Service Pack 2

12/22/2008 7:52:49 AM

mbam-log-2008-12-22 (07-52-49).txt

Scan type: Quick Scan

Objects scanned: 58633

Time elapsed: 8 minute(s), 7 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 2

Registry Keys Infected: 6

Registry Values Infected: 3

Registry Data Items Infected: 2

Folders Infected: 0

Files Infected: 58

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

K:\WINDOWS\system32\hupekepo.dll (Trojan.Vundo.H) -> Delete on reboot.

k:\WINDOWS\system32\kayufegi.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dc5c6568-616c-447d-bca1-4e79c5f14059} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{dc5c6568-616c-447d-bca1-4e79c5f14059} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\205dc13d (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nunomebadi (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm3344f5e2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: k:\windows\system32\kayufegi.dll -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\kayufegi.dll -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

K:\WINDOWS\system32\hupekepo.dll (Trojan.Vundo.H) -> Delete on reboot.

K:\WINDOWS\system32\opekepuh.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

k:\WINDOWS\system32\kayufegi.dll (Trojan.Vundo.H) -> Delete on reboot.

K:\WINDOWS\system32\punahudo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

K:\WINDOWS\system32\fugudipi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

K:\WINDOWS\system32\fukiroki.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

K:\WINDOWS\system32\gajopuba.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

K:\WINDOWS\system32\gekisoke.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

K:\WINDOWS\system32\lirudufu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

K:\WINDOWS\system32\lodetulu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

K:\WINDOWS\system32\jijosoju.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

K:\WINDOWS\system32\memigeda.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

K:\WINDOWS\system32\metuwone.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

K:\WINDOWS\system32\nubukege.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

K:\WINDOWS\system32\sokidehe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

K:\WINDOWS\system32\soleheno.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

K:\WINDOWS\system32\widunebu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

K:\WINDOWS\system32\wirahahe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

K:\WINDOWS\system32\wiwedino.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

K:\WINDOWS\system32\verapogi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

K:\WINDOWS\system32\vevikome.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

K:\WINDOWS\system32\woyobopo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

K:\WINDOWS\system32\korofoke.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

K:\WINDOWS\system32\koyorero.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

K:\WINDOWS\system32\kujamura.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

K:\WINDOWS\system32\piwodife.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

K:\WINDOWS\system32\tupumogu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

K:\WINDOWS\system32\silovehe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

K:\WINDOWS\system32\batiwonu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

K:\WINDOWS\system32\bedokelo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

K:\WINDOWS\system32\vusilina.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

K:\WINDOWS\system32\samisede.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

K:\WINDOWS\system32\dalizipa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

K:\WINDOWS\system32\damuwiwi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

K:\WINDOWS\system32\yilomuze.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

K:\WINDOWS\system32\yitosere.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

K:\WINDOWS\system32\yufikili.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

K:\WINDOWS\system32\zezosivi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

K:\WINDOWS\system32\zotokenu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

K:\WINDOWS\system32\zuwupima.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

K:\WINDOWS\system32\wodenoha.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

K:\WINDOWS\system32\wolusiwu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

K:\WINDOWS\system32\huyavamu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

K:\WINDOWS\system32\namogizu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

K:\WINDOWS\system32\narudoku.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

K:\WINDOWS\system32\pawipepo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

K:\WINDOWS\system32\dokejudo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

K:\WINDOWS\system32\mafoyina.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

K:\WINDOWS\system32\mibuwefe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

K:\WINDOWS\system32\miheyono.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

K:\WINDOWS\system32\mijelumu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

K:\WINDOWS\system32\mizokomo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

K:\WINDOWS\system32\levipona.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

K:\WINDOWS\system32\nihosusi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

K:\WINDOWS\system32\gufezaki.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

K:\WINDOWS\system32\harowofa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

K:\WINDOWS\system32\hipofahi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

K:\WINDOWS\system32\putabami.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

Link to post
Share on other sites

Thanks. Please start MBAM and go to the UPDATE tab and update the program again and do a Quick Scan and fix anything found and reboot the computer.

After the reboot start HJT and do a Scan and save log.

Post back the most recent MBAM and HJT logs

Ok I did what you said and here is the new MBAM log and the new HJT log

Malwarebytes' Anti-Malware 1.31

Database version: 1533

Windows 5.1.2600 Service Pack 2

12/22/2008 4:47:53 PM

mbam-log-2008-12-22 (16-47-53).txt

Scan type: Quick Scan

Objects scanned: 62211

Time elapsed: 9 minute(s), 16 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 3

Registry Keys Infected: 4

Registry Values Infected: 1

Registry Data Items Infected: 3

Folders Infected: 0

Files Infected: 5

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

K:\WINDOWS\system32\gabujiha.dll (Trojan.Vundo.H) -> Delete on reboot.

K:\WINDOWS\system32\tayudupi.dll (Trojan.Vundo.H) -> Delete on reboot.

K:\WINDOWS\system32\wibovoko.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dc5c6568-616c-447d-bca1-4e79c5f14059} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{dc5c6568-616c-447d-bca1-4e79c5f14059} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{dc5c6568-616c-447d-bca1-4e79c5f14059} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Delete on reboot.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nunomebadi (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: k:\windows\system32\gabujiha.dll -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: k:\windows\system32\gabujiha.dll -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\gabujiha.dll -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

K:\WINDOWS\system32\wibovoko.dll (Trojan.Vundo.H) -> Delete on reboot.

K:\WINDOWS\system32\tayudupi.dll (Trojan.Vundo.H) -> Delete on reboot.

K:\WINDOWS\system32\gabujiha.dll (Trojan.Vundo.H) -> Delete on reboot.

K:\WINDOWS\system32\meyeyihi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

K:\WINDOWS\system32\viheheji.dll (Trojan.Vundo) -> Delete on reboot.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 4:50:43 PM, on 12/22/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

K:\WINDOWS\System32\smss.exe

K:\WINDOWS\system32\winlogon.exe

K:\WINDOWS\system32\services.exe

K:\WINDOWS\system32\lsass.exe

K:\WINDOWS\system32\svchost.exe

K:\WINDOWS\System32\svchost.exe

K:\WINDOWS\system32\spoolsv.exe

K:\WINDOWS\Explorer.EXE

K:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

K:\Program Files\Bonjour\mDNSResponder.exe

K:\WINDOWS\System32\svchost.exe

K:\Program Files\Java\jre6\bin\jqs.exe

D:\Program Files\MagicTune Premium\MagicTuneEngine.exe

K:\WINDOWS\system32\nvsvc32.exe

K:\WINDOWS\system32\HPZipm12.exe

K:\WINDOWS\System32\svchost.exe

K:\WINDOWS\system32\wscntfy.exe

K:\WINDOWS\system32\VTTimer.exe

K:\Program Files\HP\HP Software Update\HPWuSchd2.exe

K:\WINDOWS\system32\RUNDLL32.EXE

D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

K:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe

K:\Program Files\Java\jre6\bin\jusched.exe

D:\Zahuindanda\Application Data\Apple Computer\iTunes\iTunesHelper.exe

D:\Program Files\Adobe\Reader\Reader_sl.exe

K:\WINDOWS\system32\ctfmon.exe

K:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

K:\Program Files\Windows Media Player\WMPNSCFG.exe

D:\Program Files\MagicTune Premium\GammaTray.exe

K:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

D:\Program Files\SEC\Natural Color Pro\NCProTray.exe

K:\Program Files\iPod\bin\iPodService.exe

K:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

D:\Program Files\MagicTune Premium\MagicTune.exe

D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - K:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - K:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - k:\program files\google\googletoolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - K:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - K:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - K:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - k:\program files\google\googletoolbar3.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [HP Software Update] K:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE K:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE K:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [GrooveMonitor] "D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [XboxStat] "K:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [sunJavaUpdateSched] "K:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [CloneCDElbyCDFL] "D:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL

O4 - HKLM\..\Run: [AppleSyncNotifier] K:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "D:\Zahuindanda\Application Data\Apple Computer\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [ctfmon.exe] K:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] K:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [AdobeUpdater] "K:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"

O4 - HKCU\..\Run: [WMPNSCFG] K:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] D:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] D:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')

O4 - Global Startup: GammaTray.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = K:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: NCProTray.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - K:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - K:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - K:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - K:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommo...IOS/tgctlcm.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1174202081312

O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup163.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O20 - AppInit_DLLs: k:\windows\system32\hajigira.dll k:\windows\system32\fejufani.dll k:\windows\system32\wutiporu.dll k:\windows\system32\yiliyawu.dll

O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

O23 - Service: Apple Mobile Device - Apple Inc. - K:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - K:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Updater Service (gusvc) - Google - K:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - K:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - K:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: MagicTuneEngine - Unknown owner - D:\Program Files\MagicTune Premium\MagicTuneEngine.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - K:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - K:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - K:\Program Files\WinPcap\rpcapd.exe

--

End of file - 9685 bytes

Link to post
Share on other sites

  • Root Admin

Please close all open applications and browsers including the one you're viewing this post with.

Reconfigure Windows XP to show hidden files:

To enable the viewing of Hidden files follow these steps:

* Close all programs so that you are at your desktop.

* Double-click on the My Computer icon.

* Select the Tools menu and click Folder Options.

* After the new window appears select the View tab.

* Put a checkmark in the checkbox labeled Display the contents of system folders.

* Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.

* Remove the checkmark from the checkbox labeled Hide file extensions for known file types.

* Remove the checkmark from the checkbox labeled Hide protected operating system files.

* Press the Apply button and then the OK button and exit My Computer.

* Now your computer is configured to show all hidden files.

Start HJT and do a Scan only and place a check mark on the following entries

O20 - AppInit_DLLs: k:\windows\system32\hajigira.dll k:\windows\system32\fejufani.dll k:\windows\system32\wutiporu.dll k:\windows\system32\yiliyawu.dll

Then click on
"Fix checked"

Upload the following files to the site for review.

Go here
uploads.malwarebytes.org
and browse and upload the following files if found.

k:\windows\system32\hajigira.dll

k:\windows\system32\fejufani.dll

k:\windows\system32\wutiporu.dll

k:\windows\system32\yiliyawu.dll

Start MBAM and do another update check and then another Quick Scan and fix anything found and reboot your computer.

After the reboot run another HJT and save the log and post back the most recent MBAM and HJT logs.
Link to post
Share on other sites

Please close all open applications and browsers including the one you're viewing this post with.
Reconfigure Windows XP to show hidden files:
To enable the viewing of Hidden files follow these steps:
* Close all programs so that you are at your desktop.
* Double-click on the My Computer icon.
* Select the Tools menu and click Folder Options.
* After the new window appears select the View tab.
* Put a checkmark in the checkbox labeled Display the contents of system folders.
* Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
* Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
* Remove the checkmark from the checkbox labeled Hide protected operating system files.
* Press the Apply button and then the OK button and exit My Computer.
* Now your computer is configured to show all hidden files.
Start HJT and do a Scan only and place a check mark on the following entries

O20 - AppInit_DLLs: k:\windows\system32\hajigira.dll k:\windows\system32\fejufani.dll k:\windows\system32\wutiporu.dll k:\windows\system32\yiliyawu.dll
Then click on
"Fix checked"
Upload the following files to the site for review.
Go here
and browse and upload the following files if found.
k:\windows\system32\hajigira.dll

k:\windows\system32\fejufani.dll

k:\windows\system32\wutiporu.dll

k:\windows\system32\yiliyawu.dll
Start MBAM and do another update check and then another Quick Scan and fix anything found and reboot your computer.
After the reboot run another HJT and save the log and post back the most recent MBAM and HJT logs.

Ok did that. Here is the MBAM and HJT logs

Malwarebytes' Anti-Malware 1.31

Database version: 1534

Windows 5.1.2600 Service Pack 2

12/22/2008 6:47:47 PM

mbam-log-2008-12-22 (18-47-47).txt

Scan type: Quick Scan

Objects scanned: 62699

Time elapsed: 8 minute(s), 46 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Delete on reboot.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 6:52:23 PM, on 12/22/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

K:\WINDOWS\System32\smss.exe

K:\WINDOWS\system32\winlogon.exe

K:\WINDOWS\system32\services.exe

K:\WINDOWS\system32\lsass.exe

K:\WINDOWS\system32\svchost.exe

K:\WINDOWS\System32\svchost.exe

K:\WINDOWS\system32\spoolsv.exe

K:\WINDOWS\Explorer.EXE

K:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

K:\Program Files\Bonjour\mDNSResponder.exe

K:\WINDOWS\System32\svchost.exe

K:\Program Files\Java\jre6\bin\jqs.exe

D:\Program Files\MagicTune Premium\MagicTuneEngine.exe

K:\WINDOWS\system32\nvsvc32.exe

K:\WINDOWS\system32\HPZipm12.exe

K:\WINDOWS\System32\svchost.exe

K:\WINDOWS\system32\VTTimer.exe

K:\Program Files\HP\HP Software Update\HPWuSchd2.exe

K:\WINDOWS\system32\RUNDLL32.EXE

D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

K:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe

K:\Program Files\Java\jre6\bin\jusched.exe

D:\Zahuindanda\Application Data\Apple Computer\iTunes\iTunesHelper.exe

D:\Program Files\Adobe\Reader\Reader_sl.exe

K:\WINDOWS\system32\ctfmon.exe

K:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

K:\Program Files\Windows Media Player\WMPNSCFG.exe

K:\WINDOWS\system32\wscntfy.exe

D:\Program Files\MagicTune Premium\GammaTray.exe

K:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

D:\Program Files\SEC\Natural Color Pro\NCProTray.exe

K:\Program Files\iPod\bin\iPodService.exe

K:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - K:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - K:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - k:\program files\google\googletoolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - K:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - K:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - K:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - k:\program files\google\googletoolbar3.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [HP Software Update] K:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE K:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE K:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [GrooveMonitor] "D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [XboxStat] "K:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [sunJavaUpdateSched] "K:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [CloneCDElbyCDFL] "D:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL

O4 - HKLM\..\Run: [AppleSyncNotifier] K:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "D:\Zahuindanda\Application Data\Apple Computer\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [ctfmon.exe] K:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] K:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [AdobeUpdater] "K:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"

O4 - HKCU\..\Run: [WMPNSCFG] K:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] D:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] D:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')

O4 - Global Startup: GammaTray.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = K:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: NCProTray.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - K:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - K:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - K:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - K:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommo...IOS/tgctlcm.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1174202081312

O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup163.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

O23 - Service: Apple Mobile Device - Apple Inc. - K:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - K:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Updater Service (gusvc) - Google - K:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - K:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - K:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: MagicTuneEngine - Unknown owner - D:\Program Files\MagicTune Premium\MagicTuneEngine.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - K:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - K:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - K:\Program Files\WinPcap\rpcapd.exe

--

End of file - 9480 bytes

Link to post
Share on other sites

  • Root Admin

Important!

All of the following instructions must be run on the affected computer. Logs from a different computer will not help me help you. So, if you need to download all of this and then copy it to CD or memory stick and take it to the other computer, please do so. Either way, it's important. The logs have to be made by the computer with the problem.

I also need for you to download this program
OTListIt2.exe
to your desktop.
  • Close all applications and windows so that you have nothing open and are at your Desktop

  • Double-click on the OTListIt.exe file to start OTListIt. OK any warning about running OTListIt.

  • Place a checkmark in the
    "Scan All Users"
    checkbox (Leave the 'Use Whitelist' checked' and the 'File Age:' at 30 days)

  • Click the Run Scan button

  • NOTE:
    Please be patient and let the scan run without using the computer

  • When the scan is complete, a text file (
    OTListIt.Txt
    ) will open in Notepad (if not, it can be found on your Desktop)

  • In Notepad, click
    Edit
    ,
    Select all
    then
    Edit
    ,
    Copy

  • Reply to this topic, click in the topic reply window, and press Ctrl+V to paste the log or Righ click paste.

  • Submit your reply and close the Notepad window with
    OTList.txt

  • Also OTListIt's
    Extras.txt
    log file will be minimized in the Taskbar (and located on your Desktop) - click on this and maximize the window

  • In Notepad, click
    Edit
    ,
    Select all
    then
    Edit
    ,
    Copy

  • Reply to this topic again, click in the topic reply window, and press Ctrl+V to paste the extras log or Right click paste.

  • NOTE:
    If the files (
    OTListIt.txt, Extras.txt
    ) do not appear in your taskbar, just open the files in notepad from your desktop.


Please allow me time to analyze your post. If you don't see a reply from me after 24 hours, feel free to PM me.

Link to post
Share on other sites

OTListIt logfile created on: 12/23/2008 3:52:34 PM - Run 2

OTListIt2 by OldTimer - Version 1.0.1.0 Folder = K:\Documents and Settings\Zahuindanda\Desktop

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.29 Mb Total Physical Memory | 241.54 Mb Available Physical Memory | 47.24% Memory free

2.15 Gb Paging File | 1.90 Gb Available in Paging File | 88.29% Paging File free

Paging file location(s): D:\pagefile.sys 1000 3000;K:\pagefile.sys 720 1440;

%SystemDrive% = K: | %SystemRoot% = K:\WINDOWS | %ProgramFiles% = K:\Program Files

Drive C: | 108.07 Gb Total Space | 57.97 Gb Free Space | 53.64% Space Free | Partition Type: NTFS

Drive D: | 232.88 Gb Total Space | 164.27 Gb Free Space | 70.54% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive K: | 6.41 Gb Total Space | 0.64 Gb Free Space | 9.93% Space Free | Partition Type: NTFS

Computer Name: SHADOW

Current User Name: Zahuindanda

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Output = Standard

File Age = 30 Days

Company Name Whitelist: On

========== Processes (SafeList) ==========

[2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- K:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- K:\Program Files\Bonjour\mDNSResponder.exe

[2008/12/11 20:50:42 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- K:\Program Files\Java\jre6\bin\jqs.exe

[2007/08/23 14:05:18 | 00,045,056 | ---- | M] () -- D:\Program Files\MagicTune Premium\MagicTuneEngine.exe

[2007/04/19 12:26:00 | 00,159,810 | ---- | M] (NVIDIA Corporation) -- K:\WINDOWS\system32\nvsvc32.exe

[2007/08/08 23:27:52 | 00,073,728 | ---- | M] (HP) -- K:\WINDOWS\system32\HPZipm12.exe

[2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- K:\Program Files\Windows Media Player\wmpnetwk.exe

[2005/03/07 11:33:28 | 00,053,248 | R--- | M] (S3 Graphics, Inc.) -- K:\WINDOWS\system32\VTTimer.exe

[2007/05/08 15:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) -- K:\Program Files\HP\HP Software Update\hpwuSchd2.exe

[2004/08/03 23:56:55 | 00,033,280 | ---- | M] (Microsoft Corporation) -- K:\WINDOWS\system32\rundll32.exe

[2006/10/26 23:47:42 | 00,031,016 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[2007/09/26 17:05:58 | 00,734,264 | ---- | M] (Microsoft Corporation) -- K:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe

[2008/12/11 20:50:42 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- K:\Program Files\Java\jre6\bin\jusched.exe

[2008/11/20 13:20:54 | 00,290,088 | ---- | M] (Apple Inc.) -- D:\Zahuindanda\Application Data\Apple Computer\iTunes\iTunesHelper.exe

[2007/06/13 10:51:46 | 00,068,856 | ---- | M] (Google Inc.) -- K:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[2006/10/18 21:05:26 | 00,204,288 | ---- | M] (Microsoft Corporation) -- K:\Program Files\Windows Media Player\wmpnscfg.exe

[2004/08/03 23:56:57 | 00,013,824 | ---- | M] (Microsoft Corporation) -- K:\WINDOWS\system32\wscntfy.exe

[2007/01/15 15:18:00 | 00,036,864 | ---- | M] () -- D:\Program Files\MagicTune Premium\GammaTray.exe

[2006/02/19 04:21:22 | 00,288,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- K:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

[2006/04/10 13:24:20 | 00,049,220 | ---- | M] (Samsung) -- D:\Program Files\SEC\Natural Color Pro\NCProTray.exe

[2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- K:\Program Files\iPod\bin\iPodService.exe

[2006/02/19 05:24:52 | 00,239,320 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- K:\Program Files\HP\Digital Imaging\bin\hpqste08.exe

[2008/12/23 07:55:05 | 00,419,328 | ---- | M] (OldTimer Tools) -- K:\Documents and Settings\Zahuindanda\Desktop\OTListIt2.exe

========== (O23) Win32 Services (SafeList) ==========

[2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- K:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])

[2007/10/24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- K:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])

[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- K:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])

[2007/10/24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- K:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])

[2007/04/10 21:14:40 | 00,138,168 | ---- | M] (Google) -- K:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])

[2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- K:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])

[2008/12/11 20:50:42 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- K:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])

[2007/08/23 14:05:18 | 00,045,056 | ---- | M] () -- D:\Program Files\MagicTune Premium\MagicTuneEngine.exe -- (MagicTuneEngine [Auto | Running])

[2006/10/26 23:47:54 | 00,065,824 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])

[2007/04/19 12:26:00 | 00,159,810 | ---- | M] (NVIDIA Corporation) -- K:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])

[2006/10/26 18:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- K:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])

[2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- K:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])

[2007/08/08 23:27:52 | 00,073,728 | ---- | M] (HP) -- K:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Running])

[2005/08/02 13:18:50 | 00,086,016 | ---- | M] (CACE Technologies) -- K:\Program Files\WinPcap\rpcapd.exe -- (rpcapd [On_Demand | Stopped])

[2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- K:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [Auto | Running])

========== Driver Services (SafeList) ==========

[2005/06/20 06:08:44 | 02,324,480 | R--- | M] (Realtek Semiconductor Corp.) -- K:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])

[2002/11/28 06:18:04 | 00,015,360 | ---- | M] (Elaborate Bytes AG) -- K:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL [On_Demand | Running])

[2002/11/29 03:38:16 | 00,016,320 | ---- | M] (Elaborate Bytes AG) -- K:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO [Auto | Running])

[2002/11/28 02:43:49 | 00,022,016 | ---- | M] (Elaborate Bytes AG) -- K:\WINDOWS\system32\drivers\ElbyVCD.sys -- (ElbyVCD [boot | Running])

[2005/03/18 00:39:04 | 00,042,496 | R--- | M] (VIA Technologies, Inc. ) -- K:\WINDOWS\system32\drivers\fetnd5bv.sys -- (FETND5BV [On_Demand | Running])

[2001/08/17 12:13:08 | 00,027,165 | ---- | M] (VIA Technologies, Inc. ) -- K:\WINDOWS\system32\drivers\fetnd5.sys -- (FETNDIS [On_Demand | Stopped])

[2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- K:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])

[2006/01/31 16:48:56 | 00,049,664 | R--- | M] (HP) -- K:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412 [On_Demand | Running])

[2006/01/31 16:48:57 | 00,016,496 | R--- | M] (HP) -- K:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12 [On_Demand | Running])

[2006/01/31 16:48:53 | 00,021,568 | ---- | M] (HP) -- K:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12 [On_Demand | Running])

[2005/10/21 06:25:32 | 00,013,396 | ---- | M] () -- K:\WINDOWS\system32\drivers\MTictwl.sys -- (MagicTune [On_Demand | Stopped])

[2005/10/21 06:25:32 | 00,013,396 | ---- | M] () -- K:\WINDOWS\system32\drivers\MTictwl.sys -- (NCPro [system | Running])

[2004/08/03 21:59:50 | 00,040,320 | ---- | M] (Microsoft Corporation) -- K:\WINDOWS\system32\drivers\nmnt.sys -- (nm [On_Demand | Stopped])

[2005/08/02 13:10:14 | 00,032,512 | ---- | M] (CACE Technologies) -- K:\WINDOWS\system32\drivers\npf.sys -- (NPF [On_Demand | Stopped])

[2001/12/03 11:55:12 | 00,026,560 | ---- | M] (Zoran Ltd.) -- K:\WINDOWS\system32\drivers\nuvaud2.sys -- (nuvaud2 [On_Demand | Stopped])

[2001/12/03 11:55:14 | 00,155,264 | ---- | M] (Zoran Ltd.) -- K:\WINDOWS\system32\drivers\nuvvid2.sys -- (NUVision [On_Demand | Stopped])

[2007/04/19 12:26:00 | 03,988,384 | ---- | M] (NVIDIA Corporation) -- K:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])

[2008/06/19 17:24:30 | 00,028,544 | ---- | M] (Panda Security, S.L.) -- K:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot [boot | Running])

[2002/09/03 11:52:41 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- K:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])

[2007/03/26 23:55:31 | 00,036,624 | ---- | M] (Sonic Solutions) -- K:\WINDOWS\system32\drivers\PxHelp20.sys -- (PxHelp20 [boot | Running])

[2004/08/03 21:31:32 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- K:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139 [On_Demand | Running])

[2008/08/19 23:34:20 | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- D:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV [system | Running])

[2008/08/19 23:34:22 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- D:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Running])

[2008/08/19 23:34:20 | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- D:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL [system | Running])

[2007/11/13 02:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- K:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [Auto | Running])

[2003/07/01 12:42:00 | 00,027,904 | R--- | M] (VIA Technologies, Inc.) -- K:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1 [boot | Running])

[2005/12/26 19:06:22 | 00,247,040 | R--- | M] (Copyright © VIA/S3 Graphics Co, Ltd.) -- K:\WINDOWS\system32\drivers\vtmini.sys -- (viagfx [On_Demand | Stopped])

[2006/04/19 23:44:38 | 00,479,200 | ---- | M] (Microsoft Corporation) -- K:\WINDOWS\system32\drivers\wdf01000.sys -- (Wdf01000 [On_Demand | Stopped])

[2007/02/26 17:15:22 | 00,061,984 | ---- | M] (Microsoft Corporation) -- K:\WINDOWS\system32\drivers\xusb21.sys -- (xusb21 [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = K:\WINDOWS\system32\blank.htm

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-21-436374069-1326574676-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = K:\WINDOWS\system32\blank.htm

HKU\S-1-5-21-436374069-1326574676-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

HKU\S-1-5-21-436374069-1326574676-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

HKU\S-1-5-21-436374069-1326574676-839522115-1003\S-1-5-21-436374069-1326574676-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-21-436374069-1326574676-839522115-1003\S-1-5-21-436374069-1326574676-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

O1 HOSTS File: (288517 bytes) - K:\WINDOWS\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 9942 more lines...

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - K:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - K:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - k:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - K:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - K:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - K:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - k:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)

O3 - HKCU\..\Toolbar: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - k:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)

O3 - HKU\S-1-5-21-436374069-1326574676-839522115-1003\..\Toolbar: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - k:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader\Reader_sl.exe" (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AppleSyncNotifier] K:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)

O4 - HKLM..\Run: [CloneCDElbyCDFL] "D:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL (Elaborate Bytes AG)

O4 - HKLM..\Run: [GrooveMonitor] "D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)

O4 - HKLM..\Run: [HP Software Update] K:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)

O4 - HKLM..\Run: [iTunesHelper] "D:\Zahuindanda\Application Data\Apple Computer\iTunes\iTunesHelper.exe" (Apple Inc.)

O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE K:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE K:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] nwiz.exe /install ()

O4 - HKLM..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)

O4 - HKLM..\Run: [soundMan] SOUNDMAN.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [sunJavaUpdateSched] "K:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [VTTimer] VTTimer.exe (S3 Graphics, Inc.)

O4 - HKLM..\Run: [VTTrayp] VTtrayp.exe (S3 Graphics Co., Ltd.)

O4 - HKLM..\Run: [XboxStat] "K:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun (Microsoft Corporation)

O4 - HKCU..\Run: [AdobeUpdater] "K:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" (Adobe Systems Incorporated)

O4 - HKCU..\Run: [sUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

O4 - HKCU..\Run: [swg] K:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - HKCU..\Run: [WMPNSCFG] K:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)

O4 - HKU\.DEFAULT..\Run: [Picasa Media Detector] D:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)

O4 - HKU\S-1-5-18..\Run: [Picasa Media Detector] D:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)

O4 - HKU\S-1-5-21-436374069-1326574676-839522115-1003..\Run: [AdobeUpdater] "K:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" (Adobe Systems Incorporated)

O4 - HKU\S-1-5-21-436374069-1326574676-839522115-1003..\Run: [sUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

O4 - HKU\S-1-5-21-436374069-1326574676-839522115-1003..\Run: [swg] K:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - HKU\S-1-5-21-436374069-1326574676-839522115-1003..\Run: [WMPNSCFG] K:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)

O4 - Startup: K:\Documents and Settings\All Users\Start Menu\Programs\Startup\GammaTray.lnk = D:\Program Files\MagicTune Premium\GammaTray.exe ()

O4 - Startup: K:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = K:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)

O4 - Startup: K:\Documents and Settings\All Users\Start Menu\Programs\Startup\NCProTray.lnk = D:\Program Files\SEC\Natural Color Pro\NCProTray.exe (Samsung)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-436374069-1326574676-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - K:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - K:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - K:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O15 - HKLM\..Trusted Sites: 50 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKCU\..Trusted Sites: turbotax.com (https in Trusted sites)

O15 - HKCU\..Trusted Sites: 49 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKU\.DEFAULT\..Trusted Sites: 49 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKU\S-1-5-18\..Trusted Sites: 49 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKU\S-1-5-21-436374069-1326574676-839522115-1003\..Trusted Sites: turbotax.com (https in Trusted sites)

O15 - HKU\S-1-5-21-436374069-1326574676-839522115-1003\..Trusted Sites: 49 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfios.verizon.net/sdcCommo...IOS/tgctlcm.cab (Support.com Configuration Class)

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab (QuickTime Object)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab (MSN Photo Upload Tool)

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.systemrequirementslab.com/sysreqlab2.cab (System Requirements Lab Class)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1174202081312 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key does not exist or could not be opened.)

O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)

O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} http://download.abacast.com/download/files/abasetup163.cab (Reg Error: Key does not exist or could not be opened.)

O16 - DPF: DirectAnimation Java Classes file://K:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key does not exist or could not be opened.)

O16 - DPF: Microsoft XML Parser for Java file://K:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key does not exist or could not be opened.)

O18 - Protocol\Handler: - grooveLocalGWS - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler: - ipp - No CLSID value found

O18 - Protocol\Handler: - ipp\0x00000001 - K:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler: - msdaipp - No CLSID value found

O18 - Protocol\Handler: - msdaipp\0x00000001 - K:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler: - msdaipp\oledb - K:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler: - ms-help - K:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Filter: - text/xml - K:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - See sections below for AppInitDlls and Winlogon settings

========== Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]

!SASWinLogon: "DllName" = D:\Program Files\SUPERAntiSpyware\SASWINLO.DLL -- D:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" (HKLM) -- D:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" (HKLM) -- D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

========== Safeboot Options ==========

"AlternateShell" = cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]

"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []

[2003/04/23 18:01:37 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[23 K:\WINDOWS\System32\*.tmp files]

[2008/12/23 07:56:39 | 00,013,200 | ---- | C] () -- K:\Documents and Settings\Zahuindanda\Desktop\deleting spyware 3.docx

[2008/12/23 07:55:05 | 00,419,328 | ---- | C] (OldTimer Tools) -- K:\Documents and Settings\Zahuindanda\Desktop\OTListIt2.exe

[2008/12/22 18:30:27 | 00,011,339 | ---- | C] () -- K:\Documents and Settings\Zahuindanda\Desktop\deleting spyware 2.docx

[2008/12/21 19:09:37 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- K:\WINDOWS\System32\drivers\pavboot.sys

[2008/12/21 19:09:28 | 00,000,000 | ---D | C] -- K:\Program Files\Panda Security

[2008/12/21 19:02:53 | 00,013,002 | ---- | C] () -- K:\Documents and Settings\Zahuindanda\Desktop\deleting spyware.docx

[2008/12/10 20:46:43 | 00,000,000 | ---D | C] -- K:\Documents and Settings\All Users\Application Data\HP Product Assistant

[2008/12/08 07:37:03 | 00,000,014 | ---- | C] () -- K:\Documents and Settings\All Users\Application Data\AdobeUpdater.rbt

[2008/12/08 07:36:10 | 00,000,000 | ---D | C] -- K:\Program Files\Adobe

[2008/12/01 17:32:28 | 00,002,223 | ---- | C] () -- K:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2008/12/01 17:32:14 | 00,000,000 | ---D | C] -- K:\Program Files\iPod

[2008/12/01 17:31:54 | 00,000,000 | ---D | C] -- K:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

[2008/11/27 11:56:46 | 00,000,817 | ---- | C] () -- K:\Documents and Settings\Zahuindanda\Desktop\HijackThis.lnk

[2008/11/26 22:54:04 | 00,000,000 | ---D | C] -- K:\WINDOWS\System32\NtmsData

[2008/11/26 16:28:24 | 00,000,707 | ---- | C] () -- K:\WINDOWS\wininit.ini

[2008/11/26 08:00:25 | 00,000,802 | ---- | C] () -- K:\Documents and Settings\Zahuindanda\Desktop\Spybot - Search & Destroy.lnk

[2008/11/26 08:00:18 | 00,000,000 | ---D | C] -- K:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

[2008/11/25 07:47:12 | 00,000,000 | ---D | C] -- K:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

[2008/11/25 07:47:08 | 00,000,651 | ---- | C] () -- K:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk

[2008/11/25 07:47:06 | 00,000,000 | ---D | C] -- K:\Documents and Settings\Zahuindanda\Application Data\SUPERAntiSpyware.com

[2008/11/25 07:46:28 | 00,000,000 | ---D | C] -- K:\Program Files\Common Files\Wise Installation Wizard

[2008/11/24 23:41:35 | 00,000,000 | ---D | C] -- K:\Documents and Settings\Zahuindanda\Application Data\Malwarebytes

[2008/11/24 23:41:29 | 00,000,571 | ---- | C] () -- K:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2008/11/24 23:41:28 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- K:\WINDOWS\System32\drivers\mbam.sys

[2008/11/24 23:41:26 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- K:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2008/11/24 23:41:24 | 00,000,000 | ---D | C] -- K:\Documents and Settings\All Users\Application Data\Malwarebytes

[2008/11/24 18:09:12 | 00,000,618 | ---- | C] () -- K:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk

========== Files - Modified Within 30 Days ==========

[23 K:\WINDOWS\System32\*.tmp files]

[2008/12/23 07:56:40 | 00,013,200 | ---- | M] () -- K:\Documents and Settings\Zahuindanda\Desktop\deleting spyware 3.docx

[2008/12/23 07:55:05 | 00,419,328 | ---- | M] (OldTimer Tools) -- K:\Documents and Settings\Zahuindanda\Desktop\OTListIt2.exe

[2008/12/22 18:51:16 | 00,013,754 | ---- | M] () -- K:\WINDOWS\System32\wpa.dbl

[2008/12/22 18:51:06 | 00,088,637 | ---- | M] () -- K:\WINDOWS\System32\nvapps.xml

[2008/12/22 18:50:51 | 00,000,006 | -H-- | M] () -- K:\WINDOWS\tasks\SA.DAT

[2008/12/22 18:50:50 | 00,002,048 | --S- | M] () -- K:\WINDOWS\bootstat.dat

[2008/12/22 18:49:38 | 04,810,464 | -H-- | M] () -- K:\Documents and Settings\Zahuindanda\Local Settings\Application Data\IconCache.db

[2008/12/22 18:30:27 | 00,011,339 | ---- | M] () -- K:\Documents and Settings\Zahuindanda\Desktop\deleting spyware 2.docx

[2008/12/22 16:48:17 | 00,006,456 | -H-- | M] () -- K:\WINDOWS\System32\fahadure

[2008/12/21 19:02:53 | 00,013,002 | ---- | M] () -- K:\Documents and Settings\Zahuindanda\Desktop\deleting spyware.docx

[2008/12/21 18:49:49 | 00,288,517 | R--- | M] () -- K:\WINDOWS\System32\drivers\etc\hosts

[2008/12/21 17:52:09 | 00,000,707 | ---- | M] () -- K:\WINDOWS\wininit.ini

[2008/12/20 17:35:02 | 00,000,284 | ---- | M] () -- K:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2008/12/18 04:26:40 | 00,102,002 | -HS- | M] (ABBYY (BIT Software)) -- K:\WINDOWS\System32\vumehijo.dll

[2008/12/17 16:26:29 | 00,102,020 | -HS- | M] (ABBYY (BIT Software)) -- K:\WINDOWS\System32\hefeduzo.dll

[2008/12/16 16:26:13 | 00,066,726 | -HS- | M] () -- K:\WINDOWS\System32\wozigiyu.dll

[2008/12/16 04:26:08 | 00,095,935 | -HS- | M] () -- K:\WINDOWS\System32\netozaka.dll

[2008/12/15 16:26:01 | 00,097,444 | -HS- | M] () -- K:\WINDOWS\System32\wiwopota.dll

[2008/12/15 15:25:49 | 00,095,874 | -HS- | M] () -- K:\WINDOWS\System32\jukazena.dll

[2008/12/15 15:25:48 | 00,067,296 | -HS- | M] (ABBYY (BIT Software)) -- K:\WINDOWS\System32\veharuno.dll

[2008/12/15 03:25:42 | 00,092,861 | -HS- | M] (ESET) -- K:\WINDOWS\System32\hawuzado.dll

[2008/12/14 15:25:34 | 00,091,754 | -HS- | M] (ESET) -- K:\WINDOWS\System32\zetayeja.dll

[2008/12/14 09:44:18 | 00,001,146 | -H-- | M] () -- K:\Documents and Settings\Zahuindanda\My Documents\Default.rdp

[2008/12/14 03:25:27 | 00,091,740 | -HS- | M] (ESET) -- K:\WINDOWS\System32\sokepami.dll

[2008/12/13 15:25:22 | 00,090,920 | -HS- | M] (ESET) -- K:\WINDOWS\System32\tazetayi.dll

[2008/12/13 03:25:16 | 00,091,775 | -HS- | M] (ESET) -- K:\WINDOWS\System32\babitote.dll

[2008/12/12 15:25:10 | 00,090,892 | -HS- | M] (ESET) -- K:\WINDOWS\System32\gamuduhe.dll

[2008/12/12 03:25:04 | 00,090,755 | -HS- | M] (ESET) -- K:\WINDOWS\System32\paloyihi.dll

[2008/12/11 15:24:47 | 00,092,755 | -HS- | M] (ESET) -- K:\WINDOWS\System32\zojunazi.dll

[2008/12/11 03:24:41 | 00,091,857 | -HS- | M] (ESET) -- K:\WINDOWS\System32\lepopami.dll

[2008/12/10 15:24:27 | 00,090,811 | -HS- | M] (ESET) -- K:\WINDOWS\System32\nulagebo.dll

[2008/12/10 15:24:27 | 00,061,561 | -HS- | M] (ESET) -- K:\WINDOWS\System32\mujowotu.dll

[2008/12/10 03:24:20 | 00,093,862 | -HS- | M] (ESET) -- K:\WINDOWS\System32\payahasa.dll

[2008/12/09 15:24:13 | 00,093,460 | -HS- | M] (ESET) -- K:\WINDOWS\System32\vopidezu.dll

[2008/12/08 15:23:41 | 00,063,143 | -HS- | M] (ESET) -- K:\WINDOWS\System32\buveyifo.dll

[2008/12/08 15:23:40 | 00,093,879 | -HS- | M] (ESET) -- K:\WINDOWS\System32\delagowu.dll

[2008/12/08 07:37:03 | 00,000,014 | ---- | M] () -- K:\Documents and Settings\All Users\Application Data\AdobeUpdater.rbt

[2008/12/08 03:23:33 | 00,093,938 | -HS- | M] () -- K:\WINDOWS\System32\ralofiyi.dll

[2008/12/07 15:23:27 | 00,093,870 | -HS- | M] () -- K:\WINDOWS\System32\sakudozu.dll

[2008/12/07 03:23:22 | 00,095,019 | -HS- | M] () -- K:\WINDOWS\System32\topolobu.dll

[2008/12/06 15:23:04 | 00,065,205 | -HS- | M] () -- K:\WINDOWS\System32\hajakari.dll

[2008/12/06 15:23:02 | 00,092,856 | -HS- | M] (Microsoft Corporation) -- K:\WINDOWS\System32\mofohupu.dll

[2008/12/04 17:30:59 | 00,002,223 | ---- | M] () -- K:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2008/12/04 09:36:53 | 00,095,343 | -HS- | M] () -- K:\WINDOWS\System32\jewodipi.dll

[2008/12/04 08:36:43 | 00,066,101 | -HS- | M] () -- K:\WINDOWS\System32\habamuwo.dll

[2008/12/03 20:36:37 | 00,094,773 | -HS- | M] () -- K:\WINDOWS\System32\zigigeje.dll

[2008/12/03 19:52:38 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- K:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2008/12/03 19:52:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- K:\WINDOWS\System32\drivers\mbam.sys

[2008/12/03 19:36:27 | 00,064,053 | -HS- | M] () -- K:\WINDOWS\System32\ribatini.dll

[2008/12/03 07:36:21 | 00,094,773 | -HS- | M] () -- K:\WINDOWS\System32\wikegivi.dll

[2008/12/02 19:36:14 | 00,093,237 | -HS- | M] () -- K:\WINDOWS\System32\yeyikufa.dll

[2008/12/02 07:36:09 | 00,093,237 | -HS- | M] () -- K:\WINDOWS\System32\jurisesa.dll

[2008/12/01 19:35:53 | 00,093,236 | -HS- | M] () -- K:\WINDOWS\System32\ludiyofu.dll

[2008/12/01 07:35:48 | 00,097,332 | -HS- | M] () -- K:\WINDOWS\System32\nupasula.dll

[2008/11/30 19:35:42 | 00,095,284 | -HS- | M] () -- K:\WINDOWS\System32\mezayuku.dll

[2008/11/30 07:35:35 | 00,095,284 | -HS- | M] () -- K:\WINDOWS\System32\fujivebo.dll

[2008/11/29 19:35:29 | 00,095,284 | -HS- | M] () -- K:\WINDOWS\System32\jowenobi.dll

[2008/11/29 07:35:21 | 00,095,284 | -HS- | M] () -- K:\WINDOWS\System32\havowezi.dll

[2008/11/28 19:35:15 | 00,095,284 | -HS- | M] () -- K:\WINDOWS\System32\yugaveye.dll

[2008/11/28 07:35:08 | 00,095,284 | -HS- | M] () -- K:\WINDOWS\System32\relohuna.dll

[2008/11/27 11:56:46 | 00,000,817 | ---- | M] () -- K:\Documents and Settings\Zahuindanda\Desktop\HijackThis.lnk

[2008/11/26 08:00:25 | 00,000,802 | ---- | M] () -- K:\Documents and Settings\Zahuindanda\Desktop\Spybot - Search & Destroy.lnk

[2008/11/25 07:47:08 | 00,000,651 | ---- | M] () -- K:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk

[2008/11/24 23:41:29 | 00,000,571 | ---- | M] () -- K:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2008/11/24 18:09:12 | 00,000,618 | ---- | M] () -- K:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> %AllUsersProfile%\Application Data\TEMP:DFC5A2B2

< End of report >

Link to post
Share on other sites

OTListIt Extras logfile created on: 12/23/2008 3:52:34 PM - Run 2

OTListIt2 by OldTimer - Version 1.0.1.0 Folder = K:\Documents and Settings\Zahuindanda\Desktop

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.29 Mb Total Physical Memory | 241.54 Mb Available Physical Memory | 47.24% Memory free

2.15 Gb Paging File | 1.90 Gb Available in Paging File | 88.29% Paging File free

Paging file location(s): D:\pagefile.sys 1000 3000;K:\pagefile.sys 720 1440;

%SystemDrive% = K: | %SystemRoot% = K:\WINDOWS | %ProgramFiles% = K:\Program Files

Drive C: | 108.07 Gb Total Space | 57.97 Gb Free Space | 53.64% Space Free | Partition Type: NTFS

Drive D: | 232.88 Gb Total Space | 164.27 Gb Free Space | 70.54% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive K: | 6.41 Gb Total Space | 0.64 Gb Free Space | 9.93% Space Free | Partition Type: NTFS

Computer Name: SHADOW

Current User Name: Zahuindanda

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Output = Standard

File Age = 30 Days

Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 1

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[2006/10/10 04:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

File not found -- K:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1

File not found -- K:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

[2006/02/19 04:21:22 | 00,288,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- K:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe

[2006/02/19 05:24:52 | 00,239,320 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- K:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe

[2006/03/09 04:11:22 | 00,231,128 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- K:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe

[2006/03/09 01:28:06 | 00,040,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- K:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe

[2006/03/09 03:41:32 | 00,087,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- K:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe

[2006/02/17 00:19:34 | 00,192,512 | ---- | M] () -- K:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe

[2006/02/16 22:49:52 | 01,085,440 | R--- | M] (Hewlett-Packard) -- K:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe

[2006/03/09 04:04:24 | 00,181,976 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- K:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe

[2006/02/15 10:37:26 | 00,147,511 | R--- | M] (Hewlett-Packard) -- K:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe

[2006/03/09 01:38:02 | 00,454,656 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- K:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe

[2006/02/09 16:43:36 | 00,110,592 | R--- | M] (Hewlett-Packard) -- K:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe

[2006/02/09 16:41:28 | 00,573,440 | ---- | M] ( ) -- K:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe

[2006/03/09 03:40:10 | 00,063,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- K:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe

[2006/02/19 05:29:46 | 00,139,264 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- K:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe

[2006/10/10 04:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

File not found -- D:\Program Files\XBC\neXBC.exe:*:Enabled:XBConnect

[2005/11/10 10:27:06 | 00,049,248 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\Java\jdk1.5.0_06\jre\bin\java.exe:*:Enabled:Java 2 Platform Standard Edition binary

[2008/08/22 21:56:15 | 00,635,848 | ---- | M] (Microsoft Corporation) -- K:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer

[2004/10/13 08:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) -- K:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger

File not found -- K:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1

File not found -- K:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[2006/10/25 08:34:28 | 00,849,920 | ---- | M] (Abacast, Inc.) -- K:\Program Files\Abacast\Abaclient.exe:*:Enabled:Abaclient

File not found -- D:\Program Files\Microsoft Games\Halo\halo.exe:*:Enabled:Halo

File not found -- D:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax

File not found -- D:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager

[2008/05/21 03:37:24 | 12,844,576 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook

[2006/10/27 14:37:44 | 00,338,216 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove

[2008/05/21 04:54:40 | 01,022,496 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote

[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- K:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour

File not found -- D:\Program Files\Spyware Doctor\sdhelp.exe:*:Enabled:sdhelp

[2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- K:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe:*:Enabled:AppleMobileDeviceService

[2008/11/20 13:20:48 | 14,294,824 | ---- | M] (Apple Inc.) -- D:\Zahuindanda\Application Data\Apple Computer\iTunes\iTunes.exe:*:Enabled:iTunes

[2007/08/08 23:27:52 | 00,073,728 | ---- | M] (HP) -- K:\WINDOWS\system32\HPZipm12.exe:*:Enabled:HPZipm12

[2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- K:\Program Files\iPod\bin\iPodService.exe:*:Enabled:iPodService

[2007/01/15 15:18:00 | 00,036,864 | ---- | M] () -- D:\Program Files\MagicTune Premium\GammaTray.exe:*:Enabled:GammaTray

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress

"{2604C0F9-BFD3-4BA0-9EB5-22537C648F03}" = MobileMe Control Panel

"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 11

"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes

"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6

"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java SE Runtime Environment 6 Update 1

"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3

"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7

"{32A3A4F4-B792-11D6-A78A-00B0D0150060}" = J2SE Development Kit 5.0 Update 6

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion

"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone

"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant

"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm

"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant

"{6283826F-59A2-11D9-BB04-000AE6BE6EE7}" = On-line Help Console

"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{66F0AC35-4805-44BC-A3D4-347D4196F9B3}" = Microsoft Xbox 360 Accessories 1.1

"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI

"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec

"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English

"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI

"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status

"{84F1DE76-C48C-4281-87A0-CC9548D1E7F9}" = Rhapsody Player Engine

"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour

"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc

"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player

"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload

"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6

"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy

"{9FC8D8F8-AF3A-4488-98AF-51C6DEC732F2}" = c3100_Help

"{A9F5421F-DA70-4C77-BB97-8D77EC33ED5E}" = HP Photosmart and Deskjet 7.0.A

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player

"{BEF3EFE7-5159-436D-9BF0-CCC633179EB4}" = EVGA Display Driver

"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter

"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA

"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition

"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader

"{D6044256-A309-43B5-9833-D3FAFE2AD24D}" = MagicTune Premium

"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp

"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer

"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential

"{EB8C9964-09AC-48bf-8B98-027609C78251}" = C3100

"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support

"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC

"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan

"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA

"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime

"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio

"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations

"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA

"{FC2C7405-BC58-4E11-8F51-29671BEAC06B}" = Natural Color Pro

"Abacast Client" = Abacast Client

"ActiveScan 2.0" = Panda ActiveScan 2.0

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"AutoHotkey" = AutoHotkey 1.0.47.05

"CloneCD" = CloneCD

"CutePDF Writer Installation" = CutePDF Writer 2.7

"ENTERPRISER" = Microsoft Office Enterprise 2007

"Finale NotePad 2007" = Finale NotePad 2007

"HijackThis" = HijackThis 2.0.2

"HP Imaging Device Functions" = HP Imaging Device Functions 7.0

"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0

"HPOCR" = OCR Software by I.R.I.S 7.0

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"NVIDIA Drivers" = NVIDIA Drivers

"Picasa2" = Picasa 2

"Spyware Doctor_is1" = Spyware Doctor 2.1

"SystemRequirementsLab" = System Requirements Lab

"VIA/S3G UniChrome Family Win2K/XP/Server2003 Display" = VIA/S3G Display Driver

"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter

"Wdf01001" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.1

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 2

"WinPcapInst" = WinPcap 3.1

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-436374069-1326574676-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 6/14/2008 1:56:22 AM | Computer Name = SHADOW | Source = Application Hang | ID = 1002

Description = Hanging application WINWORD.EXE, version 12.0.6308.5000, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/14/2008 1:56:38 AM | Computer Name = SHADOW | Source = Application Hang | ID = 1001

Description = Fault bucket 734307661.

Error - 6/25/2008 11:06:59 AM | Computer Name = SHADOW | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 7.0.6000.16674, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/25/2008 11:07:01 AM | Computer Name = SHADOW | Source = Application Hang | ID = 1001

Description = Fault bucket 767637487.

Error - 6/30/2008 8:52:56 PM | Computer Name = SHADOW | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 7.0.6000.16674, faulting

module user32.dll, version 5.1.2600.3099, fault address 0x00019a3e.

Error - 6/30/2008 8:53:03 PM | Computer Name = SHADOW | Source = Application Error | ID = 1001

Description = Fault bucket 796309597.

Error - 7/8/2008 11:14:38 AM | Computer Name = SHADOW | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 7.0.6000.16674, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/8/2008 11:14:42 AM | Computer Name = SHADOW | Source = Application Hang | ID = 1001

Description = Fault bucket 767637487.

Error - 7/12/2008 12:03:15 AM | Computer Name = SHADOW | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 7.0.6000.16674, faulting

module ntdll.dll, version 5.1.2600.2180, fault address 0x00031c6b.

Error - 7/21/2008 8:15:34 PM | Computer Name = SHADOW | Source = MsiInstaller | ID = 11605

Description = Product: Apple Mobile Device Support -- Disk full: There is not enough

disk space on the volume 'K:' to continue the install with recovery enabled. 50,572

KB are required, but only 34,380 KB are available. Click Ignore to continue the

install without saving recovery information, click Retry to check for available

space again, or click Cancel to quit the installation.

[ System Events ]

Error - 12/11/2008 11:47:52 PM | Computer Name = SHADOW | Source = Service Control Manager | ID = 7034

Description = The MagicTuneEngine service terminated unexpectedly. It has done

this 1 time(s).

Error - 12/17/2008 1:30:44 PM | Computer Name = SHADOW | Source = Service Control Manager | ID = 7034

Description = The MagicTuneEngine service terminated unexpectedly. It has done

this 1 time(s).

Error - 12/17/2008 10:17:23 PM | Computer Name = SHADOW | Source = Service Control Manager | ID = 7034

Description = The MagicTuneEngine service terminated unexpectedly. It has done

this 1 time(s).

Error - 12/19/2008 11:36:01 AM | Computer Name = SHADOW | Source = Service Control Manager | ID = 7034

Description = The MagicTuneEngine service terminated unexpectedly. It has done

this 1 time(s).

Error - 12/21/2008 11:02:59 PM | Computer Name = SHADOW | Source = Service Control Manager | ID = 7034

Description = The MagicTuneEngine service terminated unexpectedly. It has done

this 1 time(s).

Error - 12/22/2008 11:56:50 AM | Computer Name = SHADOW | Source = Service Control Manager | ID = 7034

Description = The MagicTuneEngine service terminated unexpectedly. It has done

this 1 time(s).

Error - 12/22/2008 12:56:39 PM | Computer Name = SHADOW | Source = DCOM | ID = 10005

Description = DCOM got error "%1058" attempting to start the service wuauserv with

arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 12/22/2008 8:48:07 PM | Computer Name = SHADOW | Source = Service Control Manager | ID = 7034

Description = The MagicTuneEngine service terminated unexpectedly. It has done

this 1 time(s).

Error - 12/22/2008 10:49:38 PM | Computer Name = SHADOW | Source = Service Control Manager | ID = 7034

Description = The MagicTuneEngine service terminated unexpectedly. It has done

this 1 time(s).

< End of report >

Link to post
Share on other sites

  • Root Admin

Please note the Holidays are approaching and I may be unavailable for a couple days.

Please be patient, I've not forgotten you and will resume assistance when I return

I will try to read your logs and provide feedback tonight if I can, but I can not promise I'll have time.

Link to post
Share on other sites

  • Root Admin

Open notepad and copy and paste in the following:

@ECHO OFF

MD "%USERPROFILE%"\desktop\malware

xcopy K:\WINDOWS\System32\vumehijo.dll "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy K:\WINDOWS\System32\hefeduzo.dll "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy K:\WINDOWS\System32\wozigiyu.dll "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy K:\WINDOWS\System32\netozaka.dll "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy K:\WINDOWS\System32\wiwopota.dll "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy K:\WINDOWS\System32\jukazena.dll "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy K:\WINDOWS\System32\veharuno.dll "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy K:\WINDOWS\System32\hawuzado.dll "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy K:\WINDOWS\System32\zetayeja.dll "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy K:\WINDOWS\System32\sokepami.dll "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy K:\WINDOWS\System32\tazetayi.dll "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy K:\WINDOWS\System32\babitote.dll "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy K:\WINDOWS\System32\gamuduhe.dll "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy K:\WINDOWS\System32\paloyihi.dll "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy K:\WINDOWS\System32\zojunazi.dll "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy K:\WINDOWS\System32\lepopami.dll "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy K:\WINDOWS\System32\nulagebo.dll "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy K:\WINDOWS\System32\mujowotu.dll "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy K:\WINDOWS\System32\payahasa.dll "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy K:\WINDOWS\System32\vopidezu.dll "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy K:\WINDOWS\System32\buveyifo.dll "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy K:\WINDOWS\System32\delagowu.dll "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy K:\WINDOWS\System32\ralofiyi.dll "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy K:\WINDOWS\System32\sakudozu.dll "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy K:\WINDOWS\System32\topolobu.dll "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy K:\WINDOWS\System32\hajakari.dll "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy K:\WINDOWS\System32\mofohupu.dll "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy K:\WINDOWS\System32\jewodipi.dll "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy K:\WINDOWS\System32\habamuwo.dll "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy K:\WINDOWS\System32\zigigeje.dll "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy K:\WINDOWS\System32\ribatini.dll "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy K:\WINDOWS\System32\wikegivi.dll "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy K:\WINDOWS\System32\yeyikufa.dll "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy K:\WINDOWS\System32\jurisesa.dll "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy K:\WINDOWS\System32\ludiyofu.dll "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy K:\WINDOWS\System32\nupasula.dll "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy K:\WINDOWS\System32\mezayuku.dll "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy K:\WINDOWS\System32\fujivebo.dll "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy K:\WINDOWS\System32\jowenobi.dll "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy K:\WINDOWS\System32\havowezi.dll "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy K:\WINDOWS\System32\yugaveye.dll "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy K:\WINDOWS\System32\relohuna.dll "%USERPROFILE%"\desktop\malware /c /q /r /h /y

Attrib -r -a -s -h "%USERPROFILE%"\desktop\malware\*.*

Save it as "getmalware.bat" (keep the quote marks) to the desktop and double-click on it to run it. It will create a folder called malware on your desktop. Please zip up this folder and attach that zipped file here in a new topic with a link to this thread. I will get back to you once they have been analyzed or when I'm back from Holiday

While we're waiting for these files to be analyzed please run this tool to remove all the old versions of Java on your system and then re-install the latest version.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please download
JavaRa
and unzip it to your desktop.

***Please close any instances of Internet Explorer (or other web browser) before continuing!***

  • Double-click on
    JavaRa.exe
    to start the program.
  • From the drop-down menu, choose
    English
    and click on
    Select
    .

  • JavaRa will open; click on
    Remove Older Versions
    to remove the older versions of Java installed on your computer.

  • Click
    Yes
    when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click
    OK
    .

  • A logfile will pop up. Please save it to a convenient location.

Update Java Runtime

The most current version of Sun Java is:
Java Runtime Environment (JRE) 6 Update 11
.
  • Go to
    http://java.sun.com/javase/downloads/index.jsp
  • Go to
    Java Runtime Environment (JRE) 6 Update 11
    about half way down the page and click on the
    Download
    button.

  • In Platform box choose Windows.

  • Check the box to
    Accept License Agreement
    and click Continue.

  • Click on
    Windows Offline Installation,
    click on the link under it which says
    jre-6u11-windows-i586-p.exe
    and save the downloaded file to your desktop.

  • Install the new version by running the newly-downloaded file with the java icon which will be on your desktop, and follow the on-screen instructions.

  • Uncheck the Toolbar button (unless you want the toolbar)

  • Reboot your computer

Link to post
Share on other sites

  • 2 weeks later...

New MBAM and HJT logs as requested:

Malwarebytes' Anti-Malware 1.32

Database version: 1627

Windows 5.1.2600 Service Pack 2

1/7/2009 7:35:59 AM

mbam-log-2009-01-07 (07-35-59).txt

Scan type: Quick Scan

Objects scanned: 62579

Time elapsed: 8 minute(s), 4 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Delete on reboot.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:45:14 AM, on 1/7/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

K:\WINDOWS\System32\smss.exe

K:\WINDOWS\system32\winlogon.exe

K:\WINDOWS\system32\services.exe

K:\WINDOWS\system32\lsass.exe

K:\WINDOWS\system32\svchost.exe

K:\WINDOWS\System32\svchost.exe

K:\WINDOWS\system32\spoolsv.exe

K:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

K:\Program Files\Bonjour\mDNSResponder.exe

K:\WINDOWS\System32\svchost.exe

K:\Program Files\Java\jre6\bin\jqs.exe

D:\Program Files\MagicTune Premium\MagicTuneEngine.exe

K:\WINDOWS\system32\nvsvc32.exe

K:\WINDOWS\system32\HPZipm12.exe

K:\WINDOWS\System32\svchost.exe

K:\WINDOWS\system32\wscntfy.exe

K:\WINDOWS\Explorer.EXE

K:\WINDOWS\system32\VTTimer.exe

K:\Program Files\HP\HP Software Update\HPWuSchd2.exe

K:\WINDOWS\system32\RUNDLL32.EXE

D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

K:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe

D:\Zahuindanda\Application Data\Apple Computer\iTunes\iTunesHelper.exe

D:\Program Files\Adobe\Reader\Reader_sl.exe

K:\Program Files\Java\jre6\bin\jusched.exe

K:\WINDOWS\system32\ctfmon.exe

K:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

K:\Program Files\Windows Media Player\WMPNSCFG.exe

D:\Program Files\MagicTune Premium\GammaTray.exe

K:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

D:\Program Files\SEC\Natural Color Pro\NCProTray.exe

K:\Program Files\iPod\bin\iPodService.exe

K:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

D:\Program Files\MagicTune Premium\MagicTune.exe

D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - K:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - K:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - k:\program files\google\googletoolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - K:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - K:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - K:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - k:\program files\google\googletoolbar3.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [HP Software Update] K:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE K:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE K:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [GrooveMonitor] "D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [XboxStat] "K:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [CloneCDElbyCDFL] "D:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL

O4 - HKLM\..\Run: [AppleSyncNotifier] K:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "D:\Zahuindanda\Application Data\Apple Computer\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "K:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] K:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] K:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [AdobeUpdater] "K:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"

O4 - HKCU\..\Run: [WMPNSCFG] K:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] D:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] D:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')

O4 - Global Startup: GammaTray.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = K:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: NCProTray.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - K:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - K:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - K:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - K:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommo...IOS/tgctlcm.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1174202081312

O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup163.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

O23 - Service: Apple Mobile Device - Apple Inc. - K:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - K:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Updater Service (gusvc) - Google - K:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - K:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - K:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: MagicTuneEngine - Unknown owner - D:\Program Files\MagicTune Premium\MagicTuneEngine.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - K:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - K:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - K:\Program Files\WinPcap\rpcapd.exe

--

End of file - 9528 bytes

Link to post
Share on other sites

  • Root Admin

You will want to print out or copy these instructions to Notepad for Safe Mode/offline reference!

These steps are for member
shadowfirez only

. If you are a lurker, do NOT try this on your system!

If you are not
shadowfirez
and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

icon_arrow.gif

Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

STEP00

Please download and run the following file to repair file and registry permissions

STEP01

Reconfigure Windows XP to show hidden files:

To enable the viewing of Hidden files follow these steps:

* Close all programs so that you are at your desktop.

* Double-click on the My Computer icon.

* Select the Tools menu and click Folder Options.

* After the new window appears select the View tab.

* Put a checkmark in the checkbox labeled Display the contents of system folders.

* Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.

* Remove the checkmark from the checkbox labeled Hide file extensions for known file types.

* Remove the checkmark from the checkbox labeled Hide protected operating system files.

* Press the Apply button and then the OK button and exit My Computer.

* Now your computer is configured to show all hidden files.

STEP02

    Download and install
    CCleaner
  • CCleaner

  • Double-click on the downloaded file "ccsetup215.exe" and install the application.

  • Keep the default installation folder "C:\Program Files\CCleaner"

  • Uncheck "Add CCleaner Yahoo! Toolbar and use CCleaner from your browser"

  • Click finish when done and close
    ALL PROGRAMS

  • Start the
    CCleaner
    program.

  • Click on
    Registry
    and
    Uncheck
    Registry Integrity so that it does not run

  • Click on
    Options
    -
    Advanced
    and
    Uncheck
    "Only delete files in Windows Temp folders older than 48 hours"

  • Click back to
    Cleaner
    and under SYSTEM uncheck the Memory Dumps and Windows Log Files

  • Click on
    Run Cleaner
    button on the bottom right side of the program.

  • Click OK to any prompts

STEP03

Disable your AntiVirus and AntiSpyware

applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.

This should apply to AVG8:

To
disable the Resident Shield
, please:

open AVG User Interface

double-click on the Resident Shield

un-tick the option Resident Shield active

save the changes.

STEP04

icon_arrow.gif

If you have a prior copy of Combofix, delete it now !

Download ComboFix from one of these locations, saving to DESKTOP:

* IMPORTANT !!! Save ComboFix.exe to your Desktop

If your I.E. browser shows a warning message at the top, do a Right-Click on the bar and select Download, saving it to the Desktop.

  • Disable your AntiVirus and AntiSpyware
    applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on Combo-Fix.exe & follow the prompts.

  • If and only if you are prompted to download a new version of Combofix, reply NO .

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

Please watch Combofix as it runs, as you may see messages which require your response, or the pressing of OK button.

IF

you should see a message like this:

Rookit_found.gif

then, be sure to write down fully and also copy that into your next reply here and then await for my response.

When finished, it shall produce a log for you. Please include the
C:\ComboFix.txt
in your next reply.

-------------------------------------------------------

A caution -
Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

Even when ComboFix appears to be doing nothing, look at your Drive light.

If it is flashing, Combofix is still at work.

STEP05

Malwarebytes' Anti-Malware

  • Start MalwareBytes AntiMalware

    • Update
      Malwarebytes' Anti-Malware
    • Select the
      Update
      tab

    • Click
      Update
      -
      (Don't forget to UPDATE!!)

    [*]
    When the update is complete, select the
    Scanner
    tab

    [*]
    Select
    Perform quick scan
    , then click
    Scan
    .

    [*]
    When the scan is complete, click
    OK
    , then
    Show Results
    to view the results.

    [*]
    Be sure that everything is checked, and click
    Remove Selected
    .

    [*]
    When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\
      mbam-log-date (time).txt

Then RESTART the computer and AFTER the reboot run HJT Do a system scan and save a logfile

Please reply with a copy of
C:\Combofix.txt
,
MBAM
, and
HJT
Logs

and advise, How is your system now?

RE-Enable your AntiVirus and AntiSpyware

applications.
Link to post
Share on other sites

Ok I did everything exactly to the letter. Here are the scans. Looks like everything is gone now! So is that correct and can I assume it is safe now? Also I now have my Windows prompting me to download a bunch of updates. Is that normal? Did the steps remove some of those updates?

ComboFix 09-01-07.02 - Zahuindanda 2009-01-07 22:36:56.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.192 [GMT -8:00]

Running from: k:\documents and settings\Zahuindanda\Desktop\Combo-Fix.exe

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

k:\windows\Downloaded Program Files\setup.inf

k:\windows\system32\babitote.dll

k:\windows\system32\buveyifo.dll

k:\windows\system32\delagowu.dll

k:\windows\system32\drivers\npf.sys

k:\windows\system32\fujivebo.dll

k:\windows\system32\gamuduhe.dll

k:\windows\system32\habamuwo.dll

k:\windows\system32\hajakari.dll

k:\windows\system32\havowezi.dll

k:\windows\system32\hawuzado.dll

k:\windows\system32\hefeduzo.dll

k:\windows\system32\jewodipi.dll

k:\windows\system32\jowenobi.dll

k:\windows\system32\jukazena.dll

k:\windows\system32\jurisesa.dll

k:\windows\system32\lepopami.dll

k:\windows\system32\ludiyofu.dll

k:\windows\system32\mezayuku.dll

k:\windows\system32\mofohupu.dll

k:\windows\system32\mujowotu.dll

k:\windows\system32\netozaka.dll

k:\windows\system32\nulagebo.dll

k:\windows\system32\nupasula.dll

k:\windows\system32\packet.dll

k:\windows\system32\paloyihi.dll

k:\windows\system32\payahasa.dll

k:\windows\system32\pthreadVC.dll

k:\windows\system32\ralofiyi.dll

k:\windows\system32\relohuna.dll

k:\windows\system32\ribatini.dll

k:\windows\system32\sakudozu.dll

k:\windows\system32\sokepami.dll

k:\windows\system32\tazetayi.dll

k:\windows\system32\topolobu.dll

k:\windows\system32\veharuno.dll

k:\windows\system32\vopidezu.dll

k:\windows\system32\vumehijo.dll

k:\windows\system32\wanpacket.dll

k:\windows\system32\wikegivi.dll

k:\windows\system32\wiwopota.dll

k:\windows\system32\wozigiyu.dll

k:\windows\system32\wpcap.dll

k:\windows\system32\yeyikufa.dll

k:\windows\system32\yugaveye.dll

k:\windows\system32\zetayeja.dll

k:\windows\system32\zigigeje.dll

k:\windows\system32\zojunazi.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_NPF

((((((((((((((((((((((((( Files Created from 2008-12-08 to 2009-01-08 )))))))))))))))))))))))))))))))

.

2009-01-07 22:32 . 2009-01-07 22:32 <DIR> d-------- k:\program files\CCleaner

2008-12-24 11:00 . 2008-12-24 11:00 <DIR> d-------- k:\program files\Java

2008-12-24 11:00 . 2008-12-24 11:00 73,728 --a------ k:\windows\system32\javacpl.cpl

2008-12-24 11:00 . 2008-12-24 11:00 0 --a------ k:\windows\system32\REN54.tmp

2008-12-24 11:00 . 2008-12-24 11:00 0 --a------ k:\windows\system32\REN53.tmp

2008-12-24 11:00 . 2008-12-24 11:00 0 --a------ k:\windows\system32\REN52.tmp

2008-12-21 19:09 . 2008-12-21 19:09 <DIR> d-------- k:\program files\Panda Security

2008-12-21 19:09 . 2008-06-19 17:24 28,544 --a------ k:\windows\system32\drivers\pavboot.sys

2008-12-11 20:50 . 2008-12-24 11:00 410,984 --a------ k:\windows\system32\deploytk.dll

2008-12-10 20:46 . 2008-12-10 20:46 <DIR> d-------- k:\documents and settings\All Users\Application Data\HP Product Assistant

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-08 06:34 --------- d-----w k:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-01-06 01:31 --------- d-----w k:\documents and settings\Zahuindanda\Application Data\Move Networks

2009-01-05 02:38 38,496 ----a-w k:\windows\system32\drivers\mbamswissarmy.sys

2009-01-05 02:38 15,504 ----a-w k:\windows\system32\drivers\mbam.sys

2008-12-08 15:36 --------- d-----w k:\program files\Common Files\Adobe

2008-12-02 01:32 --------- d-----w k:\program files\iPod

2008-12-02 01:32 --------- d-----w k:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-12-02 01:29 --------- d-----w k:\program files\Common Files\Apple

2008-11-28 17:52 --------- d-----w k:\documents and settings\Zahuindanda\Application Data\U3

2008-11-25 15:47 --------- d-----w k:\documents and settings\Zahuindanda\Application Data\SUPERAntiSpyware.com

2008-11-25 15:47 --------- d-----w k:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2008-11-25 15:46 --------- d-----w k:\program files\Common Files\Wise Installation Wizard

2008-11-25 07:41 --------- d-----w k:\documents and settings\Zahuindanda\Application Data\Malwarebytes

2008-11-25 07:41 --------- d-----w k:\documents and settings\All Users\Application Data\Malwarebytes

2008-11-25 02:08 --------- d---a-w k:\documents and settings\All Users\Application Data\TEMP

2008-11-12 15:48 --------- d-----w k:\documents and settings\All Users\Application Data\Microsoft Help

2008-11-10 06:42 --------- d-----w k:\program files\Bonjour

2008-11-10 06:40 --------- d-----w k:\program files\Apple Software Update

2008-09-04 16:36 93,696 --sha-w k:\windows\system32\loranana.dll

2008-09-04 03:36 94,720 --sha-w k:\windows\system32\vineyibu.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="k:\windows\system32\ctfmon.exe" [2004-08-03 15360]

"swg"="k:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-13 68856]

"SUPERAntiSpyware"="d:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-17 1809648]

"AdobeUpdater"="k:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-09-26 2356088]

"WMPNSCFG"="k:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HP Software Update"="k:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"NvCplDaemon"="k:\windows\system32\NvCpl.dll" [2007-04-19 7700480]

"NvMediaCenter"="k:\windows\system32\NvMcTray.dll" [2007-04-19 86016]

"GrooveMonitor"="d:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]

"XboxStat"="k:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 734264]

"CloneCDElbyCDFL"="d:\program files\Elaborate Bytes\CloneCD\ElbyCheck.exe" [2002-11-01 45056]

"AppleSyncNotifier"="k:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]

"QuickTime Task"="d:\program files\QuickTime\qttask.exe" [2008-11-04 413696]

"iTunesHelper"="d:\zahuindanda\Application Data\Apple Computer\iTunes\iTunesHelper.exe" [2008-11-20 290088]

"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader\Reader_sl.exe" [2008-10-15 39792]

"SunJavaUpdateSched"="k:\program files\Java\jre6\bin\jusched.exe" [2008-12-24 136600]

"VTTimer"="VTTimer.exe" [2005-03-07 k:\windows\system32\VTTimer.exe]

"VTTrayp"="VTtrayp.exe" [2005-10-31 k:\windows\system32\VTTrayp.exe]

"SoundMan"="SOUNDMAN.EXE" [2005-06-20 k:\windows\SOUNDMAN.EXE]

"nwiz"="nwiz.exe" [2007-04-19 k:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Picasa Media Detector"="d:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-25 443968]

k:\documents and settings\All Users\Start Menu\Programs\Startup\

GammaTray.lnk - d:\program files\MagicTune Premium\GammaTray.exe [2008-07-22 36864]

HP Digital Imaging Monitor.lnk - k:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]

NCProTray.lnk - d:\program files\SEC\Natural Color Pro\NCProTray.exe [2008-07-22 49220]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-12-17 18:31 352256 d:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.PIXL"= pclepixl.dll

"VIDC.NTN1"= NUVision.ax

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]

--a------ 2002-12-02 06:17 73728 d:\program files\Elaborate Bytes\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"k:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"k:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"k:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"k:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"k:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"k:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"k:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"k:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"k:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"k:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"k:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"k:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"k:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"k:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"d:\\Program Files\\Java\\jdk1.5.0_06\\jre\\bin\\java.exe"=

"k:\\Program Files\\Messenger\\msmsgs.exe"=

"k:\\Program Files\\Abacast\\Abaclient.exe"=

"d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"d:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"k:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"k:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=

"d:\\Zahuindanda\\Application Data\\Apple Computer\\iTunes\\iTunes.exe"=

"k:\\WINDOWS\\system32\\HPZipm12.exe"=

"k:\\Program Files\\iPod\\bin\\iPodService.exe"=

"d:\\Program Files\\MagicTune Premium\\GammaTray.exe"=

R0 ElbyVCD;ElbyVCD;k:\windows\system32\drivers\ElbyVCD.sys [2002-11-28 22016]

R0 pavboot;pavboot;k:\windows\system32\drivers\pavboot.sys [2008-12-21 28544]

R1 SASDIFSV;SASDIFSV;d:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-08-19 8944]

R1 SASKUTIL;SASKUTIL;d:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-08-19 55024]

R3 SASENUM;SASENUM;d:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-08-19 7408]

S3 NUVision;Pinnacle DVC 80 Video;k:\windows\system32\drivers\nuvvid2.sys [2007-06-10 155264]

.

Contents of the 'Scheduled Tasks' folder

2009-01-04 k:\windows\Tasks\AppleSoftwareUpdate.job

- k:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

Trusted Zone: *.turbotax.com

O16 -: DirectAnimation Java Classes - file://k:\windows\Java\classes\dajava.cab

k:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://k:\windows\Java\classes\xmldso.cab

k:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-07 22:41:24

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSSdk23]

"ImagePath"="\??\k:\windows\system32\Drivers\PsSdk23.drv"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(796)

d:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

------------------------ Other Running Processes ------------------------

.

k:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

k:\program files\Bonjour\mDNSResponder.exe

k:\program files\Java\jre6\bin\jqs.exe

d:\program files\MagicTune Premium\MagicTuneEngine.exe

k:\windows\system32\nvsvc32.exe

k:\windows\system32\HPZipm12.exe

k:\program files\Windows Media Player\wmpnetwk.exe

k:\windows\system32\wscntfy.exe

k:\windows\system32\rundll32.exe

k:\program files\iPod\bin\iPodService.exe

k:\program files\HP\Digital Imaging\bin\hpqste08.exe

.

**************************************************************************

.

Completion time: 2009-01-07 22:46:20 - machine was rebooted

ComboFix-quarantined-files.txt 2009-01-08 06:46:15

Pre-Run: 916,627,456 bytes free

Post-Run: 862,892,032 bytes free

229 --- E O F --- 2008-11-12 15:49:02

Malwarebytes' Anti-Malware 1.32

Database version: 1629

Windows 5.1.2600 Service Pack 2

1/7/2009 10:53:37 PM

mbam-log-2009-01-07 (22-53-37).txt

Scan type: Quick Scan

Objects scanned: 54735

Time elapsed: 5 minute(s), 46 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:57:32 PM, on 1/7/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

K:\WINDOWS\System32\smss.exe

K:\WINDOWS\system32\winlogon.exe

K:\WINDOWS\system32\services.exe

K:\WINDOWS\system32\lsass.exe

K:\WINDOWS\system32\svchost.exe

K:\WINDOWS\System32\svchost.exe

K:\WINDOWS\system32\spoolsv.exe

K:\WINDOWS\Explorer.EXE

K:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

K:\Program Files\Bonjour\mDNSResponder.exe

K:\WINDOWS\System32\svchost.exe

K:\Program Files\Java\jre6\bin\jqs.exe

D:\Program Files\MagicTune Premium\MagicTuneEngine.exe

K:\WINDOWS\system32\nvsvc32.exe

K:\WINDOWS\system32\VTTimer.exe

K:\Program Files\HP\HP Software Update\HPWuSchd2.exe

K:\WINDOWS\system32\RUNDLL32.EXE

D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

K:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe

D:\Zahuindanda\Application Data\Apple Computer\iTunes\iTunesHelper.exe

D:\Program Files\Adobe\Reader\Reader_sl.exe

K:\Program Files\Java\jre6\bin\jusched.exe

K:\WINDOWS\system32\ctfmon.exe

K:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

K:\Program Files\Windows Media Player\WMPNSCFG.exe

D:\Program Files\MagicTune Premium\GammaTray.exe

K:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

D:\Program Files\SEC\Natural Color Pro\NCProTray.exe

K:\WINDOWS\system32\HPZipm12.exe

K:\WINDOWS\System32\svchost.exe

K:\Program Files\iPod\bin\iPodService.exe

K:\WINDOWS\system32\wscntfy.exe

K:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

D:\Program Files\MagicTune Premium\MagicTune.exe

D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

K:\WINDOWS\system32\wuauclt.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - K:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - K:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - k:\program files\google\googletoolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - K:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - K:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - K:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - k:\program files\google\googletoolbar3.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [HP Software Update] K:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE K:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE K:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [GrooveMonitor] "D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [XboxStat] "K:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun

O4 - HKLM\..\Run: [CloneCDElbyCDFL] "D:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL

O4 - HKLM\..\Run: [AppleSyncNotifier] K:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "D:\Zahuindanda\Application Data\Apple Computer\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "K:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] K:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] K:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [AdobeUpdater] "K:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"

O4 - HKCU\..\Run: [WMPNSCFG] K:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] D:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] D:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')

O4 - Global Startup: GammaTray.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = K:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: NCProTray.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - K:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - K:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - K:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - K:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommo...IOS/tgctlcm.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1174202081312

O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup163.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

O23 - Service: Apple Mobile Device - Apple Inc. - K:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - K:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Updater Service (gusvc) - Google - K:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - K:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - K:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: MagicTuneEngine - Unknown owner - D:\Program Files\MagicTune Premium\MagicTuneEngine.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - K:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - K:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - K:\Program Files\WinPcap\rpcapd.exe

--

End of file - 9489 bytes

Link to post
Share on other sites

  • Root Admin

No, but Windows update could easily have been blocked before and now it's able to contact Microsoft for updates.

Please don't install them yet though as we're not quite done.

Please run the following.

Please download the following scanning tool. GMER

  • Open the zip file and copy the file
    gmer.exe
    to your Desktop.
  • Double click on
    gmer.exe
    and run it.

  • It may take a minute to load and become available.

  • Do not make any changes. Click on the
    SCAN
    button and DO NOT use the computer while it's scanning.

  • Once the scan is done click on the
    SAVE
    button and browse to your Desktop and save the file as
    GMER.LOG

  • Zip up the
    GMER.LOG
    file and save it as
    gmerlog.zip
    and attach it to your reply post.

  • DO NOT
    directly post this log into a reply. You
    MUST
    attach it as a .ZIP file.

  • Click OK and quit the GMER program.

Then run this again.

Malwarebytes' Anti-Malware

  • Start MalwareBytes AntiMalware (
    Vista
    users must Right click and choose RunAs Admin)
  • DO NOT
    run MBAM in
    Safe Mode
    unless requested to, you MUST run it in normal Windows

    • Update
      Malwarebytes' Anti-Malware
    • Select the
      Update
      tab

    • Click
      Update
      -
      (Don't forget to UPDATE!!)

    [*]
    When the update is complete, select the
    Scanner
    tab

    [*]
    Select
    Perform quick scan
    , then click
    Scan
    .

    [*]
    When the scan is complete, click
    OK
    , then
    Show Results
    to view the results.

    [*]
    Be sure that everything is checked, and click
    Remove Selected
    .

    [*]
    When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\
      mbam-log-date (time).txt

Then RESTART the computer and AFTER the reboot run HJT Do a system scan and save a logfile

The post back NEW MBAM and HJT logs in that order please.
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.