Virtumonde

**Atmashine** · 2008-11-26, 15:44

Spybot found Virtumonde. I tried removing it with Spybot a few times and came here. Here's the HJT log. It's my bedtime now so I'll be back in 8 or so hours. :-)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:27:39 AM, on 11/26/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {460aa492-2468-4d2d-a0a5-b2624aeba749} - C:\Windows\system32\kiporiju.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [pujojimefo] Rundll32.exe "C:\Windows\system32\susujewe.dll",s
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [pujojimefo] Rundll32.exe "C:\Windows\system32\susujewe.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll C:\Windows\system32\kitiyija.dll c:\windows\system32\juropawo.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\juropawo.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 5538 bytes

**Shaba** · 2008-11-28, 10:47

Hi Atmashine

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

Make sure you are connected to the Internet.
Double-click on mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
- Update Malwarebytes' Anti-Malware
- Launch Malwarebytes' Anti-Malware
Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
- Make sure the "Perform Full Scan" option is selected.
- Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Post:

- mbam log
- rsit logs (taken after mbam run)

**Atmashine** · 2008-11-30, 07:10

Sorry, I played with this using Combofix while waiting. I dunno if the thing's removed completely or not so here's the new HJT log along with the things you requested. Malwarebytes didn't find anything to remove using full scan so I was never prompted to check anything.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:48:03 PM, on 11/29/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll C:\Windows\system32\kitiyija.dll c:\windows\system32\juropawo.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 4443 bytes

--------------------------------------------------------------------------

Malwarebytes' Anti-Malware 1.30
Database version: 1437
Windows 6.0.6001 Service Pack 1

11/29/2008 11:56:23 PM
mbam-log-2008-11-29 (23-56-23).txt

Scan type: Full Scan (C:\|)
Objects scanned: 160692
Time elapsed: 1 hour(s), 56 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

**Shaba** · 2008-11-30, 11:20

ComboFix is a tool which you should never use unsupervised. It is a very powerful tool.

But as you have done it anyway, please post next contents of c:\ComboFix.txt here.

**Atmashine** · 2008-11-30, 13:40

ComboFix 08-11-27.01 - MySweetBunny 2008-11-27 6:58:37.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.1375 [GMT -6:00]
Running from: c:\users\MySweetBunny\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\mayabazo.dll
c:\windows\system32\olikubek.ini
c:\windows\system32\ozabayam.ini
c:\windows\system32\ridadane.dll
.
---- Previous Run -------
.
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\kebukilo.dll
c:\windows\system32\kitiyija.dll
c:\windows\system32\mayabazo.dll
c:\windows\system32\olikubek.ini
c:\windows\system32\ozabayam.ini
c:\windows\system32\ridadane.dll

.
((((((((((((((((((((((((( Files Created from 2008-10-27 to 2008-11-27 )))))))))))))))))))))))))))))))
.

2008-11-26 08:26 . 2008-11-26 08:26 <DIR> d-------- c:\program files\Trend Micro
2008-11-24 23:57 . 2008-11-26 13:08 <DIR> d--h----- C:\$AVG8.VAULT$
2008-11-17 14:05 . 2008-10-16 15:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-11-17 14:05 . 2008-10-16 14:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-11-17 14:05 . 2008-10-16 15:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-11-17 14:05 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-11-17 14:05 . 2008-10-16 14:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-11-17 14:05 . 2008-10-16 15:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-11-17 14:05 . 2008-10-16 15:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-11-17 14:05 . 2008-10-16 15:08 34,328 --a------ c:\windows\System32\wups.dll
2008-11-17 14:05 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-13 19:52 . 2008-11-13 19:52 192 --a------ c:\windows\cdplayer.ini
2008-11-13 07:28 . 2008-11-27 07:03 32,536 --a------ c:\users\All Users\nvModes.dat
2008-11-13 07:28 . 2008-11-27 07:03 32,536 --a------ c:\programdata\nvModes.dat
2008-11-11 15:24 . 2008-09-09 21:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2008-11-11 15:24 . 2008-09-04 23:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-11-11 15:24 . 2008-08-26 19:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-06 19:51 . 2008-11-06 19:51 <DIR> d-------- C:\PFiles
2008-11-03 01:02 . 2008-11-27 06:44 <DIR> d-------- c:\windows\System32\drivers\Avg
2008-11-03 01:02 . 2008-11-03 01:02 97,928 --a------ c:\windows\System32\drivers\avgldx86.sys
2008-11-03 01:02 . 2008-11-03 01:02 69,128 --a------ c:\windows\System32\drivers\avgwfpx.sys
2008-11-03 01:02 . 2008-11-03 01:02 10,520 --a------ c:\windows\System32\avgrsstx.dll
2008-11-03 01:01 . 2008-11-03 01:01 <DIR> d-------- c:\program files\AVG
2008-10-28 16:36 . 2008-10-28 16:36 823,296 --a------ c:\windows\System32\divx_xx0c.dll
2008-10-28 16:36 . 2008-10-28 16:36 823,296 --a------ c:\windows\System32\divx_xx07.dll
2008-10-28 16:35 . 2008-10-28 16:35 815,104 --a------ c:\windows\System32\divx_xx0a.dll
2008-10-28 16:35 . 2008-10-28 16:35 802,816 --a------ c:\windows\System32\divx_xx11.dll
2008-10-28 16:35 . 2008-10-28 16:35 729,088 --a------ c:\windows\System32\divxdec.ax
2008-10-28 16:35 . 2008-10-28 16:35 684,032 --a------ c:\windows\System32\DivX.dll
2008-10-28 15:30 . 2008-08-11 21:39 443,392 --a------ c:\windows\System32\win32spl.dll
2008-10-28 15:30 . 2008-09-17 22:56 147,456 --a------ c:\windows\System32\Faultrep.dll
2008-10-28 15:30 . 2008-09-17 22:56 125,952 --a------ c:\windows\System32\wersvc.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-23 02:37 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-19 14:16 --------- d-----w c:\users\MySweetBunny\AppData\Roaming\SPORE
2008-11-16 12:34 --------- d-----w c:\programdata\NVIDIA
2008-11-15 14:43 --------- d-----w c:\program files\DivX
2008-11-15 12:30 --------- d-----w c:\program files\Rhapsody
2008-11-13 13:30 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-13 13:30 --------- d-----w c:\program files\AGEIA Technologies
2008-11-11 23:00 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-03 07:01 --------- d-----w c:\programdata\avg8
2008-11-03 03:31 --------- d-----w c:\program files\CONEXANT
2008-11-03 03:28 --------- d-----w c:\programdata\Ulead Systems
2008-11-03 03:28 --------- d-----w c:\program files\InterVideo
2008-11-03 03:28 --------- d-----w c:\program files\Common Files\Ulead Systems
2008-11-03 03:19 --------- d-----w c:\program files\Toshiba
2008-11-03 03:15 --------- d-----w c:\program files\Windows Live
2008-11-03 00:49 --------- d-----w c:\program files\Microsoft Works
2008-11-03 00:42 --------- d-----w c:\program files\Common Files\logishrd
2008-11-03 00:41 --------- d-----w c:\programdata\Logishrd
2008-11-03 00:34 --------- d-----w c:\programdata\Microsoft Help
2008-10-22 18:42 7,610,144 ----a-w c:\windows\system32\drivers\nvlddmkm.sys
2008-10-22 18:42 4,160 ----a-w c:\windows\system32\drivers\nvBridge.kmd
2008-10-21 13:01 --------- d-----w c:\programdata\SecTaskMan
2008-10-20 22:00 57,688 ----a-w c:\users\MySweetBunny\AppData\Roaming\nvModes.dat
2008-10-20 12:43 --------- d-----w c:\program files\Microsoft Games
2008-10-19 21:49 --------- d-----w c:\program files\Eusing Free Registry Cleaner
2008-10-19 21:20 --------- d-----w c:\users\MySweetBunny\AppData\Roaming\Uniblue
2008-10-16 08:10 --------- d-----w c:\program files\Windows Mail
2008-10-13 16:35 --------- d-----w c:\program files\CycloDSEvolution Tools
2008-10-12 11:26 --------- d-----w c:\program files\RogueSynapse
2008-10-10 01:38 --------- d-----w c:\program files\Yahoo!
2008-06-18 19:15 174 --sha-w c:\program files\desktop.ini
2007-05-12 23:20 262,144 ----a-w c:\programdata\ntuser.dat
2008-08-26 20:49 2,713 --sh--w c:\windows\System32\barijatu.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2006-12-03 18:03 2854912 --a------ c:\program files\Protector Suite QL\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2006-12-03 18:03 2854912 --a------ c:\program files\Protector Suite QL\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2008-07-21 2752512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-22 13675040]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-22 92704]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"DisableCAD"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-12-03 17:50 90112 c:\windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll c:\windows\system32\kitiyija.dll c:\windows\system32\juropawo.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ymetray.lnk]
backup=c:\windows\pss\ymetray.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
--a------ 2006-12-15 17:59 530552 c:\program files\Toshiba\FlashCards\TCrdMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HSON]
--a------ 2006-12-07 18:49 55416 c:\program files\Toshiba\TBS\HSON.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PINGER]
--a------ 2006-07-20 14:45 151552 c:\toshiba\IVP\ISM\pinger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
--a------ 2006-12-11 19:45 448632 c:\program files\Toshiba\SmoothView\SmoothView.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPwrMain]
--a------ 2006-12-20 01:16 411768 c:\program files\Toshiba\Power Saver\TPwrMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 15:45 313472 c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2008-01-19 01:38 1008184 c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiSpywareOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-522854213-1344089828-1915909241-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{24433AC1-4A33-4813-95CD-5E93ACE2457C}"= UDP:c:\program files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{4C376BCA-BDCF-46A9-AA0E-D5FEAFFC6A3B}"= UDP:c:\program files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox
"{06B53753-3FEE-44AD-A1DF-9A77DCDC9FBE}"= TCP:c:\program files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox
"{834D088C-B39E-4191-8CEB-5B9AEEDD716A}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{9B3BAC9F-1CEA-43C4-97A8-9EE86F9F5D7F}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{215A4379-103F-4718-A62C-CC24EC976F94}c:\\program files\\warcraft iii\\war3.exe"= UDP:c:\program files\warcraft iii\war3.exe:Warcraft III
"UDP Query User{1094E7CB-7547-44F0-8321-2AB93BBAF4E0}c:\\program files\\warcraft iii\\war3.exe"= TCP:c:\program files\warcraft iii\war3.exe:Warcraft III
"{EDDE538C-CB7E-46BD-B2A2-3F104892FDD0}"= UDP:c:\program files\Warcraft III\Warcraft III.exe:Warcraft III
"{BBB64935-7997-4206-941A-3FB63D6C2F0D}"= TCP:c:\program files\Warcraft III\Warcraft III.exe:Warcraft III
"{51497833-D061-4DE5-8F5D-CFE72B7481B8}"= UDP:c:\program files\Warcraft III\Frozen Throne.exe:Warcraft III - The Frozen Throne
"{41E3449C-5415-4CDB-8CF8-46E72AF4CD73}"= TCP:c:\program files\Warcraft III\Frozen Throne.exe:Warcraft III - The Frozen Throne
"{385D3138-883D-46A1-870D-062310DE70E4}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{BD5FD5A2-CE32-4F5B-A820-0CA9A2428E74}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"TCP Query User{D45DCB1E-954A-4E05-91E1-54466C89027D}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{CB203017-6857-4924-A4CF-1936BBEDA04F}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{1044FF6C-0566-4364-9EAD-B4FE5AD1C0B1}"= UDP:c:\users\Public\World of Warcraft\WoW-2.2.0.7272-to-2.2.2.7318-enUS-downloader.exe:Blizzard Downloader
"{8AFDEBFF-72F0-449E-AC43-9F71357B5CA4}"= TCP:c:\users\Public\World of Warcraft\WoW-2.2.0.7272-to-2.2.2.7318-enUS-downloader.exe:Blizzard Downloader
"TCP Query User{09A750E8-0CD5-4BCD-B46F-AB70D3243FF9}c:\\program files\\microsoft games\\dungeon siege\\dungeonsiege.exe"= UDP:c:\program files\microsoft games\dungeon siege\dungeonsiege.exe:Dungeon Siege Game Executable
"UDP Query User{22C50DBA-6BCD-4B2F-9BD3-A1D138C25B84}c:\\program files\\microsoft games\\dungeon siege\\dungeonsiege.exe"= TCP:c:\program files\microsoft games\dungeon siege\dungeonsiege.exe:Dungeon Siege Game Executable
"{D66E58B8-D0AB-4A81-836F-371959BA4E36}"= UDP:c:\users\Public\World of Warcraft\BackgroundDownloader.exe:Blizzard Downloader
"{2F0D43A7-2BCE-4BB0-9548-A9A89D75628B}"= TCP:c:\users\Public\World of Warcraft\BackgroundDownloader.exe:Blizzard Downloader
"{BA80ABFE-C0C5-4998-AE8D-5B37198C6616}"= UDP:3724:Blizzard Downloader: 3724
"{5C847171-3D8E-498C-8C30-6F9466B35312}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{915DA043-1705-4430-8206-DAF14654519A}"= UDP:c:\program files\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3
"{023115A5-35E0-4717-BF80-8295669B4BB6}"= TCP:c:\program files\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3
"{CEDB1986-6431-4F1E-BCDE-6B4B689E75C2}"= UDP:c:\program files\Diablo II\Diablo II.exe:Diablo II - Lord of Destruction
"{EC48C02A-0DFA-4340-9EDA-992B5F1415F7}"= TCP:c:\program files\Diablo II\Diablo II.exe:Diablo II - Lord of Destruction
"{FEEA2694-E6A8-4982-ACF8-FF5DB3919AB9}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{2A8E0A2D-3112-4090-95E6-3AF552173AE8}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{DB2C6395-07E1-414E-BA32-B05996098362}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"{BC051E9C-7A05-435E-ACE4-3E0E771A3235}"= UDP:c:\program files\Diablo II\Diablo II.exe:Diablo II - Lord of Destruction
"{909E6A5E-2403-4963-9E2D-DB1E2FBD87ED}"= TCP:c:\program files\Diablo II\Diablo II.exe:Diablo II - Lord of Destruction
"{10DF9718-7B7B-4AB0-9D18-18C34F5C73B0}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{0C6A328F-13CF-42FF-81A5-04F20F00EF64}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"TCP Query User{C70EB7AE-2E3F-4B54-A95F-BB9B4CA23C84}c:\\users\\mysweetbunny\\appdata\\roaming\\macromedia\\flash player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"= UDP:c:\users\mysweetbunny\appdata\roaming\macromedia\flash player\http://www.macromedia.com\bin\octosh...:octoshape.exe
"UDP Query User{C3CFD078-12AC-4403-95BC-256F04F294C4}c:\\users\\mysweetbunny\\appdata\\roaming\\macromedia\\flash player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"= TCP:c:\users\mysweetbunny\appdata\roaming\macromedia\flash player\http://www.macromedia.com\bin\octosh...:octoshape.exe
"{DB332564-5F30-4D05-BA24-D8BA2B8FCA9A}"= UDP:c:\windows\explorer.exe:Explorer
"{1D025813-91A0-4D30-AE13-617F26972088}"= TCP:c:\windows\explorer.exe:Explorer
"{79750498-5B32-4498-AA3A-4C682458E5AA}"= UDP:c:\windows\explorer.exe:Explorer
"{964FD7A6-D8D8-41D1-AF89-9906319B235A}"= TCP:c:\windows\explorer.exe:Explorer
"{87E3F3FF-BA4E-496C-9259-84E20CCAE35F}"= UDP:c:\windows\System32\dwm.exe:Dwm
"{FE32EF8A-6BAF-427D-927A-590B4EB5EDA1}"= TCP:c:\windows\System32\dwm.exe:Dwm
"{9BF926F0-91FE-453A-A4DF-C112D31A8291}"= UDP:c:\windows\System32\LogonUI.exe:LogonUI
"{8E58035B-4F38-4156-8755-2FECBA39C564}"= TCP:c:\windows\System32\LogonUI.exe:LogonUI
"{41CFC8FF-9348-4673-8A33-BE8F453C2AF3}"= UDP:c:\windows\System32\wininit.exe:wininit
"{2ED6E9CE-7FED-4E19-81EA-1C78EF86A230}"= TCP:c:\windows\System32\wininit.exe:wininit
"{9A009F5E-75D5-46C8-BCCA-B9DB5B757401}"= UDP:c:\windows\System32\wininit.exe:wininit
"{C98C61CE-1B81-4DFA-8D97-94FA9A99B58E}"= TCP:c:\windows\System32\wininit.exe:wininit
"{50386947-031D-4406-9DEB-E056E944A695}"= UDP:c:\program files\AVG\AVG8\avgrsx.exe:avgrsx
"{E07582D9-9E52-4F58-B48B-778E684E7281}"= TCP:c:\program files\AVG\AVG8\avgrsx.exe:avgrsx

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"= c:\toshiba\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\toshiba\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-11-03 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-11-03 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-03 231704]
R3 AvgWfpX;AVG Free8 Firewall Driver x86;c:\windows\system32\Drivers\avgwfpx.sys [2008-11-03 69128]
R3 BoiHwsetup;Access 32bits INT15 routine;c:\windows\system32\drivers\BoiHwSetup.sys [2006-10-12 7680]
R3 qkbfiltr;Keyboard Filter Driver;c:\windows\system32\DRIVERS\qkbfiltr.sys [2006-11-20 33792]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
%SystemRoot%\system32\soundschemes2.exe /AddRegistration
.
Contents of the 'Scheduled Tasks' folder

2008-11-27 c:\windows\Tasks\User_Feed_Synchronization-{CBFF64F7-E5DB-4768-BE6B-B5411FE092C3}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 01:33]
.
- - - - ORPHANS REMOVED - - - -

BHO-{460aa492-2468-4d2d-a0a5-b2624aeba749} - c:\windows\system32\kiporiju.dll
HKLM-Run-pujojimefo - c:\windows\system32\susujewe.dll
MSConfigStartUp-nwiz - nwiz.exe

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-27 07:03:05
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(660)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infra.dll

- - - - - - - > 'Explorer.exe'(3540)
c:\program files\Protector Suite QL\farchns.dll
c:\program files\Protector Suite QL\infra.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\program files\Protector Suite QL\upeksvr.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\AVG\AVG8\avgtray.exe
c:\windows\System32\rundll32.exe
c:\program files\Toshiba\ConfigFree\CFSvcs.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\windows\System32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\windows\System32\drivers\XAudio.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\windows\System32\wbem\WMIADAP.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2008-11-27 7:08:46 - machine was rebooted [MySweetBunny]
ComboFix-quarantined-files.txt 2008-11-27 13:08:15

Pre-Run: 86,980,845,568 bytes free
Post-Run: 86,949,945,344 bytes free

268 --- E O F --- 2008-11-12 09:02:47

**Shaba** · 2008-11-30, 13:43

Thank you for that.

Please continue next with rsit and malwarebytes

**Atmashine** · 2008-11-30, 20:44

rsit info:

info.txt logfile of random's system information tool 1.04 2008-11-30 10:55:03

======Uninstall list======

-->MsiExec /X{AC54E544-3E42-443C-A91D-A00A6974C592}
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
Adobe Shockwave Player 11-->C:\Windows\system32\adobe\SHOCKW~1\UNWISE.EXE C:\Windows\system32\Adobe\SHOCKW~1\Install.log
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
CD/DVD Drive Acoustic Silencer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\setup.exe" -l0x9
Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_AUDIO_HDA\UIU32a.exe -U -IBD1VHDza.INF
Diablo II-->C:\Windows\DIIUnin.exe C:\Windows\DIIUnin.dat
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DOOM 3: Resurrection of Evil-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{04347DFD-87B6-4E30-B14D-5DF2888AD8F5} /l1033
Doom 3-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{584267B8-0BB0-4D18-9FFA-726576619E9A} /l1033 /x
Doomsday Engine 1.9.0-beta5-->"C:\Program Files\Doomsday\unins000.exe"
Dungeon Siege-->"C:\Program Files\Microsoft Games\Dungeon Siege\UNINSTAL.EXE" /runtemp /addremove
EA Download Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{EF7E931D-DC84-471B-8DB6-A83358095474} /l1033
HijackThis 2.0.2-->"C:\Users\MySweetBunny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EPTUHTEP\HijackThis.exe" /uninstall
IncGamers Client-->C:\Program Files\IncGamers Client\uninst.exe
Java(TM) SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
NVIDIA PhysX v8.10.13-->MsiExec.exe /X{AC54E544-3E42-443C-A91D-A00A6974C592}
Oblivion-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x9 -removeonly
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Rhapsody-->C:\PROGRA~1\Rhapsody\Unwise32.exe /A C:\PROGRA~1\Rhapsody\install.log
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
SimCity 4-->C:\Program Files\Maxis\SimCity 4\EAUninstall.exe
Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_5045&SUBSYS_1179FF31\HXFSETUP.EXE -U -IBD1Vmz.inf
SPORE™-->"C:\Program Files\InstallShield Installation Information\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\setup.exe" -runfromtemp -l0x0009 -removeonly
Spybot - Search & Destroy 1.5.2.20-->"C:\Windows\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Star Wars®: Knights of the Old Republic (TM)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}\setup.exe" -l0x9
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Texas Instruments PCIxx21/x515/xx12 drivers.-->C:\Program Files\InstallShield Installation Information\{F7B05784-334C-4F76-8BAB-30ABEB7FD534}\setup.exe -runfromtemp -l0x0409
The Last Starfighter-->C:\Program Files\InstallShield Installation Information\{C892C691-99DC-4B49-BEAA-65B96BB3460D}\setup.exe -runfromtemp -l0x0409
The Sims 2 Family Fun Stuff-->C:\Program Files\EA GAMES\The Sims 2 Family Fun Stuff\EAUninstall.exe
The Sims 2 Nightlife-->C:\Program Files\EA GAMES\The Sims 2 Nightlife\EAUninstall.exe
The Sims 2 Open For Business-->C:\Program Files\EA GAMES\The Sims 2 Open For Business\EAUninstall.exe
The Sims 2 Pets-->C:\Program Files\EA GAMES\The Sims 2 Pets\EAUninstall.exe
The Sims 2 University-->C:\Program Files\EA GAMES\The Sims 2 University\EAUninstall.exe
The Sims 2-->C:\Program Files\EA GAMES\The Sims 2\EAUninstall.exe
The Sims™ Castaway Stories-->C:\Program Files\Electronic Arts\The Sims Castaway Stories\EAUninstall.exe
TOSHIBA Assist-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\setup.exe" -l0x9
TOSHIBA ConfigFree-->C:\Program Files\InstallShield Installation Information\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}\setup.exe -runfromtemp -l0x0009uninstall -removeonly
TOSHIBA Disc Creator-->MsiExec.exe /I{5DA0E02F-970B-424B-BF41-513A5018E4C0}
TOSHIBA Extended Tiles for Windows Mobility Center-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{617C36FD-0CBE-4600-84B2-441CEB12FADF} /l1033
TOSHIBA Game Console-->"C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\Uninstall.exe"
TOSHIBA Media Center Game Console-->"C:\Program Files\TOSHIBA Games\TOSHIBA Media Center Game Console\Uninstall.exe"
Toshiba Registration-->MsiExec.exe /I{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}
TOSHIBA SD Memory Utilities-->MsiExec.exe /X{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}
TOSHIBA Software Upgrades-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{425A2BC2-AA64-4107-9C29-484245BBEA05}\setup.exe" -l0x9 -removeonly
TOSHIBA Supervisor Password-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{BE998F99-4CEB-4E64-B717-493A2E9797F4} /l1033
TOSHIBA Value Added Package-->C:\Program Files\InstallShield Installation Information\{FEDD27A0-B306-45EF-BF58-B527406B42C8}\setup.exe -runfromtemp -l0x0409
TOSHIBA Volume Indicator-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{98708E86-46E1-479D-B897-9802E591E762} /l1033
Ultimate Extras sounds from Microsoft® Tinker™-->RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\UltSound2.inf,Uninstall
Unofficial Oblivion Patch v2.2.0-->"C:\Program Files\Bethesda Softworks\Oblivion\Unofficial Oblivion Patch\unins000.exe"
Unreal-->C:\Windows\IsUninst.exe -fC:\Unreal\System\Uninst.isu
VDMSound-->C:\Program Files\VDMSound\uninst.exe
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Warcraft III-->C:\Windows\War3Unin.exe C:\Windows\War3Unin.dat
Wheel of Time-->C:\WheelOfTime\System\Setup.exe uninstall "Wheel of Time"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows Sound Schemes-->RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\UltSound.inf,Uninstall
WinDVD for TOSHIBA-->C:\Program Files\InstallShield Installation Information\{20471B27-D702-4FE8-8DEC-0702CC8C0A85}\setup.exe -runfromtemp -l0x0409
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======Security center information======

AV: AVG Anti-Virus Free
AS: AVG Anti-Virus Free (disabled)
AS: Windows Defender

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\VDMSound
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"VDMSPath"=C:\Program Files\VDMSound

-----------------EOF-----------------
--------------------------------------------------------------------------

rsit log:

Logfile of random's system information tool 1.04 (written by random/random)
Run by MySweetBunny at 2008-11-30 10:54:47
Microsoft® Windows Vista™ Ultimate Service Pack 1
System drive C: has 77 GB (41%) free of 189 GB
Total RAM: 2045 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:55:01 AM, on 11/30/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\MySweetBunny\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\MySweetBunny.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {460aa492-2468-4d2d-a0a5-b2624aeba749} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll C:\Windows\system32\kitiyija.dll c:\windows\system32\juropawo.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 4886 bytes

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{CBFF64F7-E5DB-4768-BE6B-B5411FE092C3}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-11-03 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{460aa492-2468-4d2d-a0a5-b2624aeba749}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0\bin\ssv.dll [2007-01-04 501384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-11-03 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0BF43445-2F28-4351-9252-17FE6E806AA0}
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-11-03 2055960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-11-27 1261336]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-10-22 13675040]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-10-22 92704]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2008-10-22 399504]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe [2008-07-21 2752512]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [2006-12-15 530552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HSON]
C:\Program Files\TOSHIBA\TBS\HSON.exe [2006-12-07 55416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PINGER]
C:\TOSHIBA\IVP\ISM\pinger.exe [2006-07-20 151552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
C:\Program Files\Toshiba\SmoothView\SmoothView.exe [2006-12-11 448632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPwrMain]
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [2006-12-20 411768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2008-04-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ymetray.lnk]
[]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll C:\Windows\system32\kitiyija.dll c:\windows\system32\juropawo.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus]
C:\Windows\system32\psqlpwd.dll [2006-12-03 90112]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableCAD"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\TOSHIBA\ivp\NetInt\Netint.exe"="C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine"
"C:\TOSHIBA\Ivp\ISM\pinger.exe"="C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2008-11-30 10:54:47 ----D---- C:\rsit
2008-11-29 21:56:56 ----D---- C:\Users\MySweetBunny\AppData\Roaming\Malwarebytes
2008-11-29 21:56:52 ----D---- C:\ProgramData\Malwarebytes
2008-11-29 21:56:52 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-27 07:10:19 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2008-11-27 07:10:16 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2008-11-27 07:10:16 ----A---- C:\Windows\system32\WindowsCodecs.dll
2008-11-27 07:10:16 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2008-11-27 07:10:12 ----A---- C:\Windows\system32\connect.dll
2008-11-27 07:08:50 ----D---- C:\Windows\temp
2008-11-27 07:08:47 ----A---- C:\ComboFix.txt
2008-11-27 06:20:13 ----A---- C:\Windows\zip.exe
2008-11-27 06:20:13 ----A---- C:\Windows\VFIND.exe
2008-11-27 06:20:13 ----A---- C:\Windows\SWXCACLS.exe
2008-11-27 06:20:13 ----A---- C:\Windows\SWSC.exe
2008-11-27 06:20:13 ----A---- C:\Windows\SWREG.exe
2008-11-27 06:20:13 ----A---- C:\Windows\sed.exe
2008-11-27 06:20:13 ----A---- C:\Windows\NIRCMD.exe
2008-11-27 06:20:13 ----A---- C:\Windows\grep.exe
2008-11-27 06:20:13 ----A---- C:\Windows\fdsv.exe
2008-11-27 06:20:08 ----D---- C:\Windows\ERDNT
2008-11-27 06:20:08 ----D---- C:\Qoobox
2008-11-26 08:26:19 ----D---- C:\Program Files\Trend Micro
2008-11-24 23:57:15 ----HD---- C:\$AVG8.VAULT$
2008-11-17 14:05:58 ----A---- C:\Windows\system32\wups2.dll
2008-11-17 14:05:58 ----A---- C:\Windows\system32\wucltux.dll
2008-11-17 14:05:58 ----A---- C:\Windows\system32\wuaueng.dll
2008-11-17 14:05:58 ----A---- C:\Windows\system32\wuauclt.exe
2008-11-17 14:05:37 ----A---- C:\Windows\system32\wups.dll
2008-11-17 14:05:37 ----A---- C:\Windows\system32\wudriver.dll
2008-11-17 14:05:37 ----A---- C:\Windows\system32\wuapi.dll
2008-11-17 14:05:27 ----A---- C:\Windows\system32\wuwebv.dll
2008-11-17 14:05:27 ----A---- C:\Windows\system32\wuapp.exe
2008-11-13 19:52:57 ----A---- C:\Windows\cdplayer.ini
2008-11-13 07:12:49 ----A---- C:\Windows\system32\nvwssr.dll
2008-11-13 07:12:49 ----A---- C:\Windows\system32\nvwss.dll
2008-11-13 07:12:49 ----A---- C:\Windows\system32\nvwgf2um.dll
2008-11-13 07:12:49 ----A---- C:\Windows\system32\nvvitvsr.dll
2008-11-13 07:12:49 ----A---- C:\Windows\system32\nvvitvs.dll
2008-11-13 07:12:49 ----A---- C:\Windows\system32\nvsvsr.dll
2008-11-13 07:12:49 ----A---- C:\Windows\system32\nvsvs.dll
2008-11-13 07:12:49 ----A---- C:\Windows\system32\nvsvcr.dll
2008-11-13 07:12:49 ----A---- C:\Windows\system32\nvsvc.dll
2008-11-13 07:12:49 ----A---- C:\Windows\system32\nvoglv32.dll
2008-11-13 07:12:49 ----A---- C:\Windows\system32\nvmoblsr.dll
2008-11-13 07:12:49 ----A---- C:\Windows\system32\nvmobls.dll
2008-11-13 07:12:49 ----A---- C:\Windows\system32\nvmctray.dll
2008-11-13 07:12:49 ----A---- C:\Windows\system32\nvmccssr.dll
2008-11-13 07:12:49 ----A---- C:\Windows\system32\nvmccss.dll
2008-11-13 07:12:49 ----A---- C:\Windows\system32\nvmccsrs.dll
2008-11-13 07:12:49 ----A---- C:\Windows\system32\nvmccs.dll
2008-11-13 07:12:49 ----A---- C:\Windows\system32\nvgamesr.dll
2008-11-13 07:12:49 ----A---- C:\Windows\system32\nvgames.dll
2008-11-13 07:12:49 ----A---- C:\Windows\system32\nvdispsr.dll
2008-11-13 07:12:49 ----A---- C:\Windows\system32\nvdisps.dll
2008-11-13 07:12:49 ----A---- C:\Windows\system32\nvd3dum.dll
2008-11-13 07:12:48 ----A---- C:\Windows\system32\nvvsvc.exe
2008-11-13 07:12:48 ----A---- C:\Windows\system32\nvudisp.exe
2008-11-13 07:12:48 ----A---- C:\Windows\system32\nvcuda.dll
2008-11-13 07:12:48 ----A---- C:\Windows\system32\nvcpl.dll
2008-11-13 07:12:48 ----A---- C:\Windows\system32\nvcod135.dll
2008-11-13 07:12:48 ----A---- C:\Windows\system32\nvcod.dll
2008-11-13 07:12:48 ----A---- C:\Windows\system32\nvapi.dll
2008-11-13 07:12:48 ----A---- C:\Windows\system32\dpinst.exe
2008-11-11 15:24:14 ----A---- C:\Windows\system32\msxml3.dll
2008-11-11 15:24:12 ----A---- C:\Windows\system32\msxml6.dll
2008-11-06 19:51:55 ----D---- C:\PFiles
2008-11-03 01:02:18 ----A---- C:\Windows\system32\avgrsstx.dll
2008-11-03 01:01:44 ----D---- C:\Program Files\AVG

======List of files/folders modified in the last 1 months======

2008-11-30 10:55:00 ----D---- C:\Windows\Prefetch
2008-11-30 09:58:40 ----D---- C:\Program Files\Eusing Free Registry Cleaner
2008-11-30 09:04:01 ----D---- C:\Unreal
2008-11-30 06:37:32 ----D---- C:\Windows\inf
2008-11-30 06:37:32 ----AD---- C:\Windows\System32
2008-11-30 06:37:32 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-11-29 21:56:55 ----D---- C:\Windows\system32\drivers
2008-11-29 21:56:52 ----RD---- C:\Program Files
2008-11-29 21:56:52 ----HD---- C:\ProgramData
2008-11-29 21:06:30 ----SHD---- C:\System Volume Information
2008-11-28 03:00:51 ----D---- C:\Windows\winsxs
2008-11-27 08:39:40 ----D---- C:\Windows\Tasks
2008-11-27 08:39:40 ----D---- C:\Windows\system32\spool
2008-11-27 08:39:37 ----D---- C:\Windows\system32\wbem
2008-11-27 08:39:37 ----D---- C:\Windows\registration
2008-11-27 07:10:07 ----D---- C:\Windows\system32\catroot
2008-11-27 07:09:40 ----D---- C:\Windows\system32\catroot2
2008-11-27 07:08:52 ----D---- C:\Windows\system32\en-US
2008-11-27 07:08:50 ----D---- C:\Windows
2008-11-27 07:03:11 ----A---- C:\Windows\system.ini
2008-11-27 07:01:33 ----D---- C:\Windows\system32\config
2008-11-27 06:59:51 ----D---- C:\Windows\AppPatch
2008-11-27 06:59:51 ----D---- C:\Program Files\Common Files
2008-11-27 06:41:06 ----D---- C:\Windows\Minidump
2008-11-25 23:42:45 ----A---- C:\Windows\wininit.ini
2008-11-22 21:05:05 ----D---- C:\Windows\rescache
2008-11-22 20:37:20 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-22 08:03:04 ----D---- C:\CycloDS
2008-11-19 08:16:03 ----D---- C:\Users\MySweetBunny\AppData\Roaming\SPORE
2008-11-16 06:34:08 ----D---- C:\ProgramData\NVIDIA
2008-11-16 04:21:56 ----SD---- C:\Windows\Downloaded Program Files
2008-11-16 04:16:46 ----SHD---- C:\Windows\Installer
2008-11-15 08:43:46 ----D---- C:\Program Files\DivX
2008-11-15 06:30:04 ----D---- C:\Program Files\Rhapsody
2008-11-13 07:30:07 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-11-13 07:30:07 ----D---- C:\Program Files\AGEIA Technologies
2008-11-13 07:12:20 ----D---- C:\NVIDIA
2008-11-11 17:00:48 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-03 01:01:44 ----D---- C:\ProgramData\avg8
2008-11-03 00:59:40 ----D---- C:\Program Files\Common Files\microsoft shared
2008-11-03 00:59:07 ----SD---- C:\Users\MySweetBunny\AppData\Roaming\Microsoft
2008-11-02 21:31:22 ----D---- C:\Program Files\CONEXANT
2008-11-02 21:28:51 ----D---- C:\Program Files\InterVideo
2008-11-02 21:28:48 ----D---- C:\ProgramData\Ulead Systems
2008-11-02 21:28:48 ----D---- C:\Program Files\Common Files\Ulead Systems
2008-11-02 21:19:13 ----D---- C:\Program Files\Toshiba
2008-11-02 21:15:21 ----D---- C:\Program Files\Windows Live
2008-11-02 18:49:07 ----D---- C:\Program Files\Microsoft Works
2008-11-02 18:46:03 ----D---- C:\Windows\system32\appmgmt
2008-11-02 18:42:12 ----D---- C:\Program Files\Common Files\logishrd
2008-11-02 18:41:58 ----D---- C:\ProgramData\Logishrd
2008-11-02 18:34:55 ----D---- C:\ProgramData\Microsoft Help
2008-11-02 18:34:54 ----RSD---- C:\Windows\assembly
2008-11-02 18:34:00 ----RSD---- C:\Windows\Fonts
2008-11-02 18:32:47 ----D---- C:\Windows\ShellNew

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2008-11-03 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2008-11-03 26824]
R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2008-01-18 350720]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 8192]
R3 AvgWfpX;AVG Free8 Firewall Driver x86; C:\Windows\System32\Drivers\avgwfpx.sys [2008-11-03 69128]
R3 BoiHwsetup;Access 32bits INT15 routine; C:\Windows\system32\drivers\BoiHwSetup.sys [2006-10-12 7680]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-18 14208]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2008-01-18 220672]
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-10-09 987648]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2006-10-09 206336]
R3 NETw4v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-09-26 2251776]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-10-22 7610144]
R3 qkbfiltr;Keyboard Filter Driver; C:\Windows\system32\DRIVERS\qkbfiltr.sys [2006-11-20 33792]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-18 88576]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2006-10-27 179896]
R3 TcUsb;TC USB Kernel Driver; C:\Windows\System32\Drivers\tcusb.sys [2006-12-03 39056]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 16128]
R3 tifm21;tifm21; C:\Windows\system32\drivers\tifm21.sys [2006-07-06 168448]
R3 tosrfec;Bluetooth ACPI; C:\Windows\system32\DRIVERS\tosrfec.sys [2006-10-23 9216]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-10-09 657920]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-18 11264]
S1 Tosrfcom;Tosrfcom; C:\Windows\system32\drivers\Tosrfcom.sys []
S2 MCSTRM;MCSTRM; C:\Windows\system32\drivers\MCSTRM.sys []
S3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2008-03-04 188416]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 jfdcd;jfdcd; \??\C:\Users\MYSWEE~1\AppData\Local\Temp\jfdcd.sys []
S3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\DRIVERS\LVUSBSta.sys [2007-10-12 41752]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760]
S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\Windows\system32\DRIVERS\LV302V32.SYS [2007-10-12 1279000]
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-18 73088]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
S4 KR10I;KR10I; C:\Windows\system32\drivers\kr10i.sys [2006-02-14 216320]
S4 KR10N;KR10N; C:\Windows\system32\drivers\kr10n.sys [2005-09-27 207104]
S4 KR3NPXP;KR3NPXP; C:\Windows\system32\drivers\kr3npxp.sys [2006-09-27 479488]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-07-16 611664]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-11-03 875288]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-11-03 231704]
R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2006-11-14 40960]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-10-22 207392]
R2 Swupdtmr;Swupdtmr; c:\Toshiba\IVP\swupdate\swupdtmr.exe [2006-07-20 40960]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2006-05-25 114688]
R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe [2006-12-20 428152]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-08-04 386560]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-19 21504]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2008-01-19 917504]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------
--------------------------------------------------------------------------

Malwarebytes' log:

Malwarebytes' Anti-Malware 1.30
Database version: 1437
Windows 6.0.6001 Service Pack 1

11/30/2008 1:38:25 PM
mbam-log-2008-11-30 (13-38-25).txt

Scan type: Full Scan (C:\|)
Objects scanned: 160475
Time elapsed: 2 hour(s), 35 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{460aa492-2468-4d2d-a0a5-b2624aeba749} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{460aa492-2468-4d2d-a0a5-b2624aeba749} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

**Shaba** · 2008-12-01, 10:19

Please go to Kaspersky website and perform an online antivirus scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
- Spyware, Adware, Dialers, and other potentially dangerous programs
  Archives
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply along with a fresh HijackThis log.

If you need a tutorial, see here

**Atmashine** · 2008-12-02, 00:04

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, December 1, 2008
Operating System: Microsoft Windows Vista Ultimate Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, December 01, 2008 16:09:05
Records in database: 1429402
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 142094
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 02:43:53

No malware has been detected. The scan area is clean.

The selected area was scanned.
--------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:02:31 PM, on 12/1/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Rhapsody\rhaphlpr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll C:\Windows\system32\kitiyija.dll c:\windows\system32\juropawo.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 4769 bytes

**Shaba** · 2008-12-02, 14:44

That looks good.

Does spybot still find something?

Thread: Virtumonde

Thread Tools

Display

Virtumonde

Posting Permissions