Virtumonde issues

**crazysane** · 2009-03-06, 04:06

I have scanned and tried to clean on my own to no avail. Help is being requested please. My HIJackThis log is as follows:

Logfile of HijackThis v1.99.1
Scan saved at 8:50:16 PM, on 3/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\system32\astsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Registry Clean Expert\RCHelper.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Documents and Settings\Crazysane\Start Menu\Programs\Startup\nod32kui.exe
C:\Program Files\Chameleon Clock\ChamClock.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.live.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {04e42df7-752e-4c64-9930-3933095111cf} - C:\WINDOWS\system32\lzspgu.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: {fa579b0c-ae43-4679-df44-587760390f63} - {36f09306-7785-44fd-9764-34eac0b975af} - C:\WINDOWS\system32\xgtrmj.dll
O2 - BHO: (no name) - {6cee844a-5de7-447f-8c8b-21b8684e191a} - C:\WINDOWS\system32\hekazezi.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - (no file)
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Ad Muncher] "C:\Program Files\Ad Muncher\AdMunch.exe" /bt
O4 - HKLM\..\Run: [kawakamawu] Rundll32.exe "C:\WINDOWS\system32\wolijuke.dll",s
O4 - HKLM\..\Run: [CPM15688b5f] Rundll32.exe "c:\windows\system32\tedibavu.dll",a
O4 - HKLM\..\Run: [165bb8c3] rundll32.exe "C:\WINDOWS\system32\vidajadu.dll",b
O4 - HKLM\..\RunOnce: [SpybotDeletingA9924] command.com /c del "C:\WINDOWS\system32\udajadiv.ini"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3350] cmd.exe /c del "C:\WINDOWS\system32\udajadiv.ini"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8938] command.com /c del "c:\windows\system32\tedibavu.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8880] cmd.exe /c del "c:\windows\system32\tedibavu.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1106] command.com /c del "C:\WINDOWS\system32\vidajadu.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9834] cmd.exe /c del "C:\WINDOWS\system32\vidajadu.dll_old"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [RegClean Expert Scheduler] "C:\Program Files\Registry Clean Expert\RCHelper.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [HomeAlarm] C:\Program Files\Chameleon Clock\ChamClock.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB3710] command.com /c del "C:\WINDOWS\system32\udajadiv.ini"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8943] cmd.exe /c del "C:\WINDOWS\system32\udajadiv.ini"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2413] command.com /c del "c:\windows\system32\tedibavu.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5908] cmd.exe /c del "c:\windows\system32\tedibavu.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4592] command.com /c del "C:\WINDOWS\system32\vidajadu.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7828] cmd.exe /c del "C:\WINDOWS\system32\vidajadu.dll_old"
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: nod32kui.exe
O4 - Startup: FlashGet.lnk = C:\Program Files\FlashGet\flashget.exe
O4 - Startup: Chameleon Clock.lnk = C:\Program Files\Chameleon Clock\ChamClock.exe
O4 - Global Startup: Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Novell Messenger - {3C3171BC-1025-43d1-8D1D-61CF4B38A28F} - C:\Novell\MESSEN~1\NMCL32.exe
O9 - Extra 'Tools' menuitem: Novell Messenger - {3C3171BC-1025-43d1-8D1D-61CF4B38A28F} - C:\Novell\MESSEN~1\NMCL32.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1203820380605
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1203860998997
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: nim - {3D206AE2-3039-413B-B748-3ACC562EC22A} - C:\Novell\Messenger\nmcg32.dll
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: wbsys.dll C:\WINDOWS\system32\sokazoya.dll lzspgu.dll c:\windows\system32\zanudeye.dll xgtrmj.dll c:\windows\system32\tedibavu.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\STARDOCK\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\tedibavu.dll (file missing)
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Version Cue CS3 - Unknown owner - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" -win32service (file missing)
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\system32\astsrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SQL Server Browser (SQLBrowser) - Unknown owner - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (file missing)
O23 - Service: SQL Server VSS Writer (SQLWriter) - Unknown owner - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (file missing)
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

**pskelley** · 2009-03-06, 21:10

Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance) http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.

Pinned (sticky) to the top of this forum, and posted above are the directions, make sure you have read and followed them, then post the requested logs, please mention any recent symptoms.

Read and follow the "Before you Post" directions then post a new HJT log with the correct version as instructed in those directions:

HiJackThis log - Trend Micro HijackThis 2.0.2

located also as instructed in those directions:

By default it will install to C:\Program Files\Trend Micro\HijackThis

and I will be glad to take another look.

Thanks

**crazysane** · 2009-03-06, 23:02

I have reAD all the rules about which I was to do before beginning any cleaning. I do however still have the issue and need for assistance to the removal of this wickedness. It is driving me crazy having IE windows popup with nearly 1000 tabs to it going to about blank. Please help me!

**pskelley** · 2009-03-06, 23:15

Unless you read the directions I post, and follow them, there is no way I can help you.

Thanks

**crazysane** · 2009-03-06, 23:18

I will follow any and all instructions you want me to do. I have used ERUNT already and do not know what else you want me to do. Please if you are asking me to do something different than I have already done please share with me what that is. I am trying to find assistance to this issue.

Thanks.

**crazysane** · 2009-03-06, 23:20

The most recent symptoms are that I am having IE browser windows open all going to about blank with about 1000 tabs in each of three windows. It is very annoying since I use moziall firefox and not IE.

**pskelley** · 2009-03-06, 23:25

Read and follow the "Before you Post" directions then post a new HJT log with the correct version as instructed in those directions:

You have posted an out of date log, if you read the directions, you would know that:
Logfile of HijackThis v1.99.1 <<< obsolete version

HiJackThis log - Trend Micro HijackThis 2.0.2

located also as instructed in those directions:

C:\HijackThis\HijackThis.exe <<< not located as instructed.

By default it will install to C:\Program Files\Trend Micro\HijackThis

**crazysane** · 2009-03-06, 23:37

OK hopefully this is now up to date and ready for inspection. I do appreciate your help more than you know. and again every refresh of the page here gets me another IE browser window to popup and begin opening tabs to about blank and I keep task manager open to end process which closes it.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:35:15 PM, on 3/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\system32\astsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Ad Muncher\AdMunch.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Registry Clean Expert\RCHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Documents and Settings\Crazysane\Start Menu\Programs\Startup\nod32kui.exe
C:\Program Files\Chameleon Clock\ChamClock.exe
C:\Program Files\Internet Explorer\Connection Wizard\ICWCONN1.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.live.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {04e42df7-752e-4c64-9930-3933095111cf} - C:\WINDOWS\system32\lzspgu.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {6cee844a-5de7-447f-8c8b-21b8684e191a} - C:\WINDOWS\system32\hekazezi.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O2 - BHO: {3ace0721-b701-e3bb-e464-b7180300c38f} - {f83c0030-817b-464e-bb3e-107b1270eca3} - C:\WINDOWS\system32\xqxwnh.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - (no file)
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Ad Muncher] "C:\Program Files\Ad Muncher\AdMunch.exe" /bt
O4 - HKLM\..\Run: [kawakamawu] Rundll32.exe "C:\WINDOWS\system32\wolijuke.dll",s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [CPM15688b5f] Rundll32.exe "c:\windows\system32\nuzizuka.dll",a
O4 - HKLM\..\Run: [165bb8c3] rundll32.exe "C:\WINDOWS\system32\figorana.dll",b
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [RegClean Expert Scheduler] "C:\Program Files\Registry Clean Expert\RCHelper.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [HomeAlarm] C:\Program Files\Chameleon Clock\ChamClock.exe
O4 - HKUS\S-1-5-19\..\Run: [kawakamawu] Rundll32.exe "C:\WINDOWS\system32\wolijuke.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [kawakamawu] Rundll32.exe "C:\WINDOWS\system32\wolijuke.dll",s (User 'NETWORK SERVICE')
O4 - S-1-5-18 Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: nod32kui.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: FlashGet.lnk = C:\Program Files\FlashGet\flashget.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Chameleon Clock.lnk = C:\Program Files\Chameleon Clock\ChamClock.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'Default user')
O4 - .DEFAULT Startup: nod32kui.exe (User 'Default user')
O4 - .DEFAULT Startup: FlashGet.lnk = C:\Program Files\FlashGet\flashget.exe (User 'Default user')
O4 - .DEFAULT Startup: Chameleon Clock.lnk = C:\Program Files\Chameleon Clock\ChamClock.exe (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: nod32kui.exe
O4 - Startup: FlashGet.lnk = C:\Program Files\FlashGet\flashget.exe
O4 - Startup: Chameleon Clock.lnk = C:\Program Files\Chameleon Clock\ChamClock.exe
O4 - Global Startup: Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Block frame with Ad Muncher - http://www.admuncher.com/request_wil...=menu_ie_frame
O8 - Extra context menu item: Block image with Ad Muncher - http://www.admuncher.com/request_wil...=menu_ie_image
O8 - Extra context menu item: Block link with Ad Muncher - http://www.admuncher.com/request_wil...d=menu_ie_link
O8 - Extra context menu item: Don't filter page with Ad Muncher - http://www.admuncher.com/request_wil...enu_ie_exclude
O8 - Extra context menu item: Report page to the Ad Muncher developers - http://www.admuncher.com/request_wil...menu_ie_report
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Novell Messenger - {3C3171BC-1025-43d1-8D1D-61CF4B38A28F} - C:\Novell\MESSEN~1\NMCL32.exe
O9 - Extra 'Tools' menuitem: Novell Messenger - {3C3171BC-1025-43d1-8D1D-61CF4B38A28F} - C:\Novell\MESSEN~1\NMCL32.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1203820380605
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1203860998997
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: wbsys.dll C:\WINDOWS\system32\sokazoya.dll lzspgu.dll c:\windows\system32\zanudeye.dll c:\windows\system32\zomibole.dll xqxwnh.dll c:\windows\system32\nuzizuka.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\nuzizuka.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\nuzizuka.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\system32\astsrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SQL Server Browser (SQLBrowser) - Unknown owner - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (file missing)
O23 - Service: SQL Server VSS Writer (SQLWriter) - Unknown owner - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (file missing)
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

--
End of file - 15403 bytes

**pskelley** · 2009-03-06, 23:43

Make sure you read and follow the directions, anything else will slow the process and waste both of our time. I suggest you keep this computer offline except when troubleshooting, the junk may download more. If you have any tool I use, delete it and download it new from the link I provide. Read and follow the directions carefully, the tools will not work unless you do.
The junk can be tough to remove, so do not expect fast or easy.

1) Please DO NOT ENABLE Spybot S&D TeaTimer while we work together.

2) A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use

Download ComboFix from here:

Link 1

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a New Hijackthis log.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

Tutorial if needed
http://www.bleepingcomputer.com/comb...o-use-combofix

3) Post also an uninstall list: Open Hijackthis.
Click the "Open the Misc Tools" section Button.
Click the "Open Uninstall Manager" Button.
Click the "Save list..." Button.
Save it to your desktop. Copy and paste the contents into your reply.
Image: http://img.bleepingcomputer.com/tuto...nstall-man.jpg

Thanks

**crazysane** · 2009-03-07, 00:21

Let see if I have done this correctly.

Combofix log:

ComboFix 09-03-04.01 - Crazysane 2009-03-06 16:58:02.2 - FAT32x86
Running from: c:\documents and settings\Crazysane\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\INSTALL.LOG
c:\windows\system32\anarogif.ini
c:\windows\system32\awivfj.dll
c:\windows\system32\bakivige.dll
c:\windows\system32\boheyuje.dll
c:\windows\system32\eruaey.dll
c:\windows\system32\fatalofi.dll
c:\windows\system32\feresefa.dll
c:\windows\system32\jawepuwa.dll
c:\windows\system32\jeycgo.dll
c:\windows\system32\kegawapi.dll
c:\windows\system32\lzspgu.dll
c:\windows\system32\nrlnyx.dll
c:\windows\system32\pogipofe.dll
c:\windows\system32\ruzenavo.dll
c:\windows\system32\sokazoya.dll
c:\windows\system32\tesmsc.dll
c:\windows\system32\vobulofo.dll
c:\windows\system32\vovunahe.dll
c:\windows\system32\xgtrmj.dll
c:\windows\system32\xqxwnh.dll
c:\windows\system32\yelpng.dll
c:\windows\system32\zllgts.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_seneka

((((((((((((((((((((((((( Files Created from 2009-02-06 to 2009-03-06 )))))))))))))))))))))))))))))))
.

2009-03-06 16:34 . 2009-03-06 16:34 <DIR> d-------- c:\program files\Trend Micro
2009-03-06 15:34 . 2009-03-06 15:34 84,992 --ahs---- c:\windows\system32\nuzizuka.dll
2009-03-06 15:34 . 2009-03-06 15:34 79,872 --ahs---- c:\windows\system32\figorana.dll
2009-03-05 20:57 . 2009-03-05 20:57 <DIR> d-------- c:\program files\ERUNT
2009-03-04 11:33 . 2009-03-04 11:33 84,992 --ahs---- c:\windows\system32\lewadiye.dll
2009-03-03 23:33 . 2009-03-03 23:33 79,872 --------- c:\windows\system32\henemate.dll
2009-03-03 23:32 . 2009-03-03 23:33 84,992 --ahs---- c:\windows\system32\lodayija.dll
2009-03-03 19:08 . 2009-03-06 07:39 493 --a------ c:\windows\wininit.ini
2009-03-02 21:32 . 2009-03-02 21:32 84,992 --ahs---- c:\windows\system32\wosarako.dll
2009-03-02 21:32 . 2009-03-02 21:32 79,872 --------- c:\windows\system32\weziroze.dll
2009-03-02 06:38 . 2009-03-02 06:38 84,992 --ahs---- c:\windows\system32\fegesadu.dll
2009-03-02 06:38 . 2009-03-02 06:38 79,872 --ahs---- c:\windows\system32\dakabedu.dll
2009-03-01 18:37 . 2009-03-01 18:37 84,992 --ahs---- c:\windows\system32\tayudupi.dll
2009-03-01 18:37 . 2009-03-01 18:37 79,872 --------- c:\windows\system32\kifupiza.dll
2009-03-01 18:32 . 2009-03-01 18:32 47,616 --ahs---- c:\windows\system32\wolijuke.dll
2009-03-01 18:32 . 2009-03-01 18:32 47,616 --ahs---- c:\windows\system32\hekazezi.dll
2009-03-01 18:32 . 2009-03-06 17:00 6,456 --ah----- c:\windows\system32\wanenugu
2009-02-28 21:39 . 2009-02-28 21:39 <DIR> d-------- c:\program files\Trillian
2009-02-28 15:55 . 2009-02-28 15:55 <DIR> d-------- c:\documents and settings\Crazysane\Application Data\Thinstall
2009-02-24 20:16 . 2009-02-24 20:16 <DIR> d-------- c:\program files\Microsoft SQL Server
2009-02-24 18:35 . 2009-01-09 13:19 1,089,593 --------- c:\windows\system32\dllcache\ntprint.cat
2009-02-22 20:11 . 2009-02-22 20:11 <DIR> d-------- c:\documents and settings\Crazysane\Oracle
2009-02-22 19:45 . 2009-02-22 19:45 <DIR> d-------- c:\windows\system32\config\systemprofile\Oracle
2009-02-22 19:12 . 2009-02-22 19:12 <DIR> d-------- c:\program files\Registry Clean Expert
2009-02-22 12:22 . 2009-02-22 12:22 <DIR> d-------- c:\program files\Microsoft ActiveSync
2009-02-21 21:34 . 2009-02-21 21:34 <DIR> d-------- c:\program files\Microsoft Visual Studio .NET 2003
2009-02-21 20:41 . 2009-02-21 20:41 <DIR> d-------- c:\documents and settings\Crazysane\Application Data\PLSQL Developer
2009-02-21 20:40 . 2009-02-21 20:40 <DIR> d-------- c:\program files\PLSQL Developer
2009-02-21 20:40 . 2002-09-12 17:03 69,632 --a------ c:\windows\aaRemove.exe
2009-02-21 17:29 . 2009-02-21 17:29 <DIR> d-------- C:\TEMP
2009-02-18 19:47 . 2009-02-18 19:47 <DIR> d-------- c:\windows\Symbols
2009-02-18 19:47 . 2009-02-18 19:47 <DIR> d-------- c:\program files\HTML Help Workshop
2009-02-18 19:47 . 2009-02-18 19:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\PreEmptive Solutions
2009-02-16 19:54 . 2009-02-16 19:54 <DIR> d-------- c:\documents and settings\Crazysane\Application Data\U3
2009-02-15 12:48 . 2009-02-15 12:48 <DIR> dr------- C:\UDC Output Files
2009-02-06 22:28 . 2009-02-06 22:28 <DIR> d-------- c:\windows\SxsCaPendDel
2009-02-06 22:21 . 2009-02-06 22:21 <DIR> d-------- c:\program files\Microsoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-15 05:28 162,816 ----a-w c:\windows\system32\fmod.dll
2009-02-02 04:38 --------- d-----w c:\program files\Email Sender Deluxe
2009-02-01 15:47 --------- d-----w c:\documents and settings\Crazysane\Application Data\CyberPower Audio Editing Lab
2009-02-01 15:46 --------- d-----w c:\program files\CyberPower Audio Editing Lab
2009-01-21 13:49 118,656 ----a-w c:\windows\system32\drivers\Rtnicxp.sys
2009-01-17 03:35 3,594,752 ------w c:\windows\system32\dllcache\mshtml.dll
2009-01-16 20:45 73,728 ----a-w c:\windows\system32\RtNicProp32.dll
2009-01-11 19:25 --------- d-----w c:\program files\Ad Muncher
2009-01-11 19:25 --------- d-----w c:\documents and settings\All Users\Application Data\Ad Muncher
2009-01-10 22:44 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-01-10 05:26 --------- d-----w c:\program files\Advanced Registry Doctor
2009-01-08 03:35 --------- d-----w c:\program files\7-Zip
2008-12-19 09:10 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 09:10 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-12-19 05:25 634,024 ------w c:\windows\system32\dllcache\iexplore.exe
2008-12-19 05:23 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-12-17 22:22 33,632 ----a-w c:\windows\system32\DfSdkBt.exe
2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys
2008-05-06 22:04 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008050620080507\index.dat
2008-05-12 12:48 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008051220080513\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6cee844a-5de7-447f-8c8b-21b8684e191a}]
2009-03-01 18:32 47616 --ahs---- c:\windows\system32\hekazezi.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"RegClean Expert Scheduler"="c:\program files\Registry Clean Expert\RCHelper.exe" [2009-02-22 602872]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"HomeAlarm"="c:\program files\Chameleon Clock\ChamClock.exe" [2007-07-17 634368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-04-04 421888]
"Ad Muncher"="c:\program files\Ad Muncher\AdMunch.exe" [2009-03-03 811008]
"kawakamawu"="c:\windows\system32\wolijuke.dll" [2009-03-01 47616]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-10 136600]
"CPM15688b5f"="c:\windows\system32\nuzizuka.dll" [2009-03-06 84992]
"165bb8c3"="c:\windows\system32\figorana.dll" [2009-03-06 79872]

c:\documents and settings\Crazysane\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-02-24 3581680]
nod32kui.exe [2008-02-23 949376]
FlashGet.lnk - c:\program files\FlashGet\flashget.exe [2007-09-11 1998896]
Chameleon Clock.lnk - c:\program files\Chameleon Clock\ChamClock.exe [2008-03-05 634368]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acer Empowering Technology.lnk - c:\acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2006-03-27 45056]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"Email Killer"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}"= "c:\windows\system32\nuzizuka.dll" [2009-03-06 84992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"SSODL"= {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\nuzizuka.dll [2009-03-06 84992]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonuiX.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2005-12-06 21:16 176128 c:\progra~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= c:\progra~1\Acer\ACERAR~1\Kernel\Burner\MKDMP3Enc.ACM
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\windows\system32\sokazoya.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\flashfxp\\FlashFXP.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\NorthScript4.0\\mirc.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\WINDOWS\\System32\\mmc.exe"=
"c:\\Novell\\GroupWise\\grpwise.exe"=
"c:\\Novell\\GroupWise\\notify.exe"=
"c:\\Program Files\\Common Files\\NewTech Infosystems\\LiveUpdate\\LiveUpdate.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Documents and Settings\\Crazysane\\Desktop\\hfs.exe"=
"c:\\WINDOWS\\System32\\logonuiX.exe"=
"c:\\Program Files\\Registry Clean Expert\\RCHelper.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R0 BootScreen;BootScreen;\SystemRoot\\SystemRoot\System32\drivers\vidstub.sys --> \SystemRoot\\SystemRoot\System32\drivers\vidstub.sys [?]
R0 pnpshark;pnpshark;c:\windows\system32\drivers\pnpshark.sys [2003-10-02 119552]
R0 st3shark;st3shark;c:\windows\system32\drivers\st3shark.sys [2003-09-27 5504]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-02-23 15424]
R2 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe [2008-12-26 410976]
R2 EpmPsd;Acer EPM Power Scheme Driver;c:\windows\system32\drivers\epm-psd.sys [2008-02-23 4096]
R2 EpmShd;Acer EPM System Hardware Driver;c:\windows\system32\drivers\epm-shd.sys [2008-02-23 78208]
S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;\??\c:\windows\system32\eLock2BurnerLockDriver.sys --> c:\windows\system32\eLock2BurnerLockDriver.sys [?]
S2 eLock2FSCTLDriver;eLock2FSCTLDriver;\??\c:\windows\system32\eLock2FSCTLDriver.sys --> c:\windows\system32\eLock2FSCTLDriver.sys [?]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-11-06 33752]
S3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [2005-11-30 1088896]
S3 qcmdmxp;HTC Proprietary USB Driver (PID 0B03);c:\windows\system32\drivers\qcmdmxp.sys [2008-11-18 92800]
S3 qcserxp;HTC Diagnostic Port (PID 0B03);c:\windows\system32\drivers\qcserxp.sys [2008-11-18 92800]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2006-12-02 2805000]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##Naduah#Maxtor500]
\Shell\AutoRun\command - U:\Launch.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{11e45e48-4c95-11dd-a990-001302853993}]
\Shell\AutoRun\command - J:\Launch.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{25df1986-7de5-11dd-a9c4-001302853993}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3464e882-fc66-11dd-aa83-001302853993}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2009-03-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
.
- - - - ORPHANS REMOVED - - - -

BHO-{04e42df7-752e-4c64-9930-3933095111cf} - c:\windows\system32\lzspgu.dll
BHO-{f83c0030-817b-464e-bb3e-107b1270eca3} - c:\windows\system32\xqxwnh.dll
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)

.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.live.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
LSP: c:\windows\system32\imon.dll
FF - ProfilePath - c:\documents and settings\Crazysane\Application Data\Mozilla\Firefox\Profiles\2vpd763l.default\
FF - prefs.js: browser.startup.homepage - hxxp://bl146w.blu146.mail.live.com/mail/InboxLight.aspx?n=1294603515
FF - component: c:\documents and settings\Crazysane\Application Data\Mozilla\Firefox\Profiles\2vpd763l.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\documents and settings\Crazysane\Application Data\Mozilla\Firefox\Profiles\2vpd763l.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071102000005.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-06 17:04:59
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\vsdatant]
"ImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="1EA9C7E81F430CB7745141E06E82398F74356586B7A363CD3DA4C7A321263B68D545481D4BA85B21B47CD7C7E0BDD0FD572DB905B216268F66C7E3B2686D8D8AED9FE5F03BD50CB1252065A9CCC6420E41BFA87A7A85FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E667A2D97226D213B555BA7FD869164D67942E23E930A3706E031D0F6A279B3B28F6A8610B13BC3B3D2816187BDD5C3D633E23C680CB10631711D3CE42F7B385800EBD663AA38565DE66EA7326505130089ECEAF8DAC2BC5F5D7C8A75ED13A65E6FDB37E0A4E10950BB30C07440695E6BF9B21AC45590608656F53AD22267A9F375CEE22AF1300823BBE08D07F2B4431C624EDE15FC9D42A80203249F55BE1880C70349D64641C76B0EE4AA4005F9F6C1ADA6EC3966C70C0A6EC85B546CB020B47372F11E528CED1EA5CA8A575360A8D7D96BE9EAAA05675FC08D38106C48FA50E606DF2F53A2708AF55D8CE92B88B1E7AE05F91DFBDA7866CD78613A608E6694A52E08A5A6AD8200BDBF76C0FE25038D878358DFD0AA7C41FF96A9F244C05FE28A5E1F55DFAB9B5C9A405A22324288D2A50875BCF444094073C303378BB8C9E982429A44BA24676FE9A62658E610763C08E0494261D7FF0D623EEAFA4F341175150D5DBF58D9BA88058D87F16728410B20E39A85439946508661FC7AE088E4B4C5EE935B3D9FCA06832928E7C22DC00DCDC9D5AB1325414D6709E029E7B02B046B74C9C5E9AD24B942D208410317035DDBE08BF98153932C1E02FBB80CA4DD1BE76C6D2D257A6262701F2A59D54C14398A836C3EAE1DF098D8C7424E4E347CD7D6E09ECF38AA6C7879D650EF6B27AD034C5C7A58B8F077543F9F83F6227E855892123D3A6A3A754DD23B0A97468E41C1CF3C0F7E10596E8AEE52AE38FEBD0AF31C80D43D3851F0999E7F43BF086F174FE478AA1D9A095695F3D5ABF897C3FB78451224E698729346DF4B5574910B4BD5186F0DD6232B18FAAA53DD071949C59595B9E57D9738238CD07D9E9E1FC6672C8A9A43BEF803B0928776D6BEAE8719AC93CA6181B89908E7690ACAE9F3AE11CDFE0B91BF9C32716B33B67B7211FEA0E32FABE9C257CD8C064B75EB9EE27265CD78EA835FB290F0E6C338D303DCF5C60B255D3C77773086FDAD4816E3D9759E733494F157651AED7B851A427F10A3BCEB1BBB2CB120AE9CC5EF68E86FD53420638DBEA19EBD0E772BF3ED53E744F212B57D08C34FB4E73A0BADC5F122897CC1473C322F3E431BF6EECD42FEDFB964C5D13F0FA5BBE433B45FC00B571359309803235FC2BEB705F70F124220246481E5E13A4F5F1E6DFFC2C7906B2D9A4EB2A518994681B917E12B34171831A93C41D3D4EAE5DFE861095D5C2CE5F56"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(976)
c:\windows\system32\Ati2evxx.dll
c:\progra~1\STARDOCK\OBJECT~1\WINDOW~1\wbsrv.dll

- - - - - - - > 'lsass.exe'(1032)
c:\windows\system32\relog_ap.dll
c:\windows\system32\imon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\acer\Empowering Technology\ePerformance\MemCheck.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\windows\system32\astsrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
c:\program files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
c:\program files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Eset\nod32krn.exe
c:\windows\system32\oodag.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
c:\program files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
c:\windows\system32\rundll32.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2009-03-06 17:11:30 - machine was rebooted
ComboFix2.txt 2008-07-04 04:55:06
ComboFix-quarantined-files.txt 2009-03-06 23:11:28

Pre-Run: 10,326,376,448 bytes free
Post-Run: 10,411,114,496 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

285 --- E O F --- 2009-02-25 00:36:43

Hijackthis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:14:06 PM, on 3/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\system32\astsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Registry Clean Expert\RCHelper.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Chameleon Clock\ChamClock.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.live.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {6cee844a-5de7-447f-8c8b-21b8684e191a} - C:\WINDOWS\system32\hekazezi.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - (no file)
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Ad Muncher] "C:\Program Files\Ad Muncher\AdMunch.exe" /bt
O4 - HKLM\..\Run: [kawakamawu] Rundll32.exe "C:\WINDOWS\system32\wolijuke.dll",s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [CPM15688b5f] Rundll32.exe "c:\windows\system32\nuzizuka.dll",a
O4 - HKLM\..\Run: [165bb8c3] rundll32.exe "C:\WINDOWS\system32\figorana.dll",b
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [RegClean Expert Scheduler] "C:\Program Files\Registry Clean Expert\RCHelper.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [HomeAlarm] C:\Program Files\Chameleon Clock\ChamClock.exe
O4 - S-1-5-18 Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: nod32kui.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: FlashGet.lnk = C:\Program Files\FlashGet\flashget.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Chameleon Clock.lnk = C:\Program Files\Chameleon Clock\ChamClock.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'Default user')
O4 - .DEFAULT Startup: nod32kui.exe (User 'Default user')
O4 - .DEFAULT Startup: FlashGet.lnk = C:\Program Files\FlashGet\flashget.exe (User 'Default user')
O4 - .DEFAULT Startup: Chameleon Clock.lnk = C:\Program Files\Chameleon Clock\ChamClock.exe (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: nod32kui.exe
O4 - Startup: FlashGet.lnk = C:\Program Files\FlashGet\flashget.exe
O4 - Startup: Chameleon Clock.lnk = C:\Program Files\Chameleon Clock\ChamClock.exe
O4 - Global Startup: Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Novell Messenger - {3C3171BC-1025-43d1-8D1D-61CF4B38A28F} - C:\Novell\MESSEN~1\NMCL32.exe
O9 - Extra 'Tools' menuitem: Novell Messenger - {3C3171BC-1025-43d1-8D1D-61CF4B38A28F} - C:\Novell\MESSEN~1\NMCL32.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1203820380605
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1203860998997
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: c:\windows\system32\nuzizuka.dll,C:\WINDOWS\system32\sokazoya.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\nuzizuka.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\nuzizuka.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\system32\astsrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SQL Server Browser (SQLBrowser) - Unknown owner - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (file missing)
O23 - Service: SQL Server VSS Writer (SQLWriter) - Unknown owner - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (file missing)
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

--
End of file - 13292 bytes

Uninstall list:

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
7-Zip 4.64
Abrosoft FantaMorph 3.6
abrViewer.NET 1.0.1
Acer Arcade
Acer eDataSecurity Management
Acer eDataSecurity Management 2.0.3076
Acer Empowering Technology
Acer eNet Management
Acer ePerformance Management
Acer ePower Management
Acer ePresentation Management
Acer eSettings Management
Acer GridVista
Acer OrbiCam Driver
Acer OrbiCam Software
Acer Screensaver
Acronis*True*Image*Home
Ad Muncher v4.73 Beta Build 30552
Add or Remove Adobe Creative Suite 3 Master Collection
Adobe Acrobat 8 Professional - English, Français, Deutsch
Adobe After Effects CS3
Adobe After Effects CS3 Presets
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Contribute CS3
Adobe Creative Suite 3 Master Collection
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe Encore CS3
Adobe Encore CS3 Codecs
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Fireworks CS3
Adobe Flash CS3
Adobe Flash Player 10 Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Center 1.0
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe Media Player
Adobe Media Player
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3 Functional Content
Adobe Premiere Pro CS3 Third Party Content
Adobe Setup
Adobe Shockwave Player 11
Adobe SING CS3
Adobe Soundbooth CS3
Adobe Soundbooth CS3 Codecs
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Version Cue CS3 Server
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
Advanced Registry Doctor
Agere Systems HDA Modem
AHV content for Acrobat and Flash
Alien Skin Exposure
Alien Skin Eye Candy 5 Impact
Alien Skin Eye Candy 5 Nature
Alien Skin Image Doctor 1.0
Alien Skin Xenofex 2
Apple Software Update
BootSkin
CDex extraction audio
Chameleon Clock 4.0
Classic Menu 3.x for Office 2007
Combined Community Codec Pack 2008-09-21 16:18
Critical Update for Windows Media Player 11 (KB959772)
CyberPower Audio Editing Lab 14.0.1
DAEMON Tools
ERUNT 1.1j
FlashGet 1.9.4.1063
FolderHighlight 1.5
GroupWise
GroupWise Internet Browser Mail Integration
GroupWise Messenger
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Intel(R) Graphics Media Accelerator Driver
Intellihance Pro 4.2
Jasc Animation Shop 3
Jasc Animation Shop 3 20041030_07 Help file Patch
Java(TM) 6 Update 11
Kodak DIGITAL GEM Plug-In 1.1.2
Launch Manager
lcs plugin 4 trillian
LogonStudio
Mask Pro 4.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Document Explorer 2005
Microsoft Document Explorer 2005
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio 2007 Service Pack 1 (SP1)
Microsoft Office Visio 2007 Service Pack 1 (SP1)
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Office Visio Professional 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Visual Studio 2005 Professional Edition - ENU
Microsoft Visual Studio 2005 Professional Edition - ENU Service Pack 1 (KB926601)
mIRC
Mozilla Firefox (3.0.7)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
Nero 8 Ultra Edition HD
neroxml
NICI (Shared) U.S./Worldwide (128 bit) (2.7.3-1)
NOD32 antivirus system
NOD32 FiX
NTI Backup NOW! 4
NTI CD & DVD-Maker
O&O Defrag Professional Edition
ObjectDock Plus
PDF Settings
PhotoFrame Pro 3.1 Demo
PL/SQL Developer
PowerPlugs: FlashReady
PowerPlugs: Music for PowerPoint
PowerPlugs: PhotoActive FX
PowerPlugs: Pictures
PowerPlugs: Transitions and/or 3D Titles
PowerProducer
QPST
QuickSFV (Remove only)
QuickTime
Quite Imposing Plus (English)
Realtek High Definition Audio Driver
Registry Clean Expert
Right Click Image Converter
Screensaver Factory 4 Enterprise
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Visio 2007 (KB957831)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB947738)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960715)
Shockwave
Smarty Uninstaller 2007 Pro 1.8.0
SnagIt 7
Spybot - Search & Destroy
Synaptics Pointing Device Driver
Tiffen Dfx v1.0 for Photoshop
Trillian
Unlocker 1.8.7
Update for Microsoft Office 2007 Help for Common Features (KB957244)
Update for Microsoft Office 2007 Help for Common Features (KB957244)
Update for Microsoft Office Access 2007 Help (KB957241)
Update for Microsoft Office Excel 2007 Help (KB957242)
Update for Microsoft Office InfoPath 2007 Help (KB957243)
Update for Microsoft Office OneNote 2007 Help (KB957245)
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Microsoft Office Outlook 2007 Help (KB957246)
Update for Microsoft Office PowerPoint 2007 Help (KB957247)
Update for Microsoft Office Publisher 2007 Help (KB957249)
Update for Microsoft Office Visio 2007 Help (KB957251)
Update for Microsoft Office Word 2007 Help (KB957252)
Update for Microsoft Script Editor Help (KB957253)
Update for Microsoft Script Editor Help (KB957253)
Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB954961)
Update for Office 2007 (KB946691)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb959634)
Update for Windows XP (KB943729)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VCRedistSetup
Vertus Fluid Mask 3 2.100.2-RC2
Winamp
Winamp Advanced Controls (remove only)
WindowBlinds
Windows Imaging Component
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows NT Messaging
Windows Presentation Foundation
Windows XP Service Pack 3
WinRAR archiver
WModem_Installer
Wootalyzer!
XV6800 User Manual

Thread: Virtumonde issues

Thread Tools

Display

Virtumonde issues

Posting Permissions