View Full Version : avg scanned and found sheur2 and im not sure how to get rid of it
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:48:52 PM, on 11/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O1 - Hosts: 209.44.111.62 antispy.microsoft.com
O1 - Hosts: 209.44.111.62 antiaware-pro.com
O1 - Hosts: 209.44.111.62 www.antiaware-pro.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {cfaefe46-91f9-42a5-89c3-cfd88dc4c976} - C:\Documents and Settings\All Users\Application Data\jusirodo\jusirodo.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [monudibud] Rundll32.exe "c:\docume~1\alluse~1\applic~1\wonupago\wonupago.dll",a
O4 - HKLM\..\Run: [yazetititu] Rundll32.exe "C:\Documents and Settings\All Users\Application Data\bupuyafo\bupuyafo.dll",s
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5665/mcfscan.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\DOCUME~1\ALLUSE~1\APPLIC~1\wonupago\wonupago.dll,C:\Documents and Settings\All Users\Application Data\bujusufe\bujusufe.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O21 - SSODL: vujofotes - {e3a161c2-97a4-4ae2-bfe4-1361dad0bad2} - (no file)
O21 - SSODL: zowabopuw - {29e2f221-6968-42eb-9486-49012e8da8bb} - c:\docume~1\alluse~1\applic~1\wonupago\wonupago.dll
O22 - SharedTaskScheduler: kupuhivus - {e3a161c2-97a4-4ae2-bfe4-1361dad0bad2} - (no file)
O22 - SharedTaskScheduler: jugezatag - {29e2f221-6968-42eb-9486-49012e8da8bb} - c:\docume~1\alluse~1\applic~1\wonupago\wonupago.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PFOYF - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\PFOYF.exe (file missing)
O24 - Desktop Component 0: (no name) - C:\Documents and Settings\Maggie\My Documents\Publication2.jpg
--
End of file - 8739 bytes
Hi mwolfLH
We will begin with ComboFix. Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please include the following reports for further review, and so we may continue cleansing the system:
C:\ComboFix.txt
New HijackThis log.
A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix 09-11-17.01 - Maggie 11/16/2009 17:58.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.462 [GMT -5:00]
Running from: c:\documents and settings\Maggie\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Maggie\nah_log.dat
c:\windows\934fdfg34fgjf23
c:\windows\system32\gedekuye.dll
c:\windows\Tasks\pzimoopl.job
c:\windows\Tasks\yesfyqyb.job
----- BITS: Possible infected sites -----
hxxp://77.74.48.111
c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe
.
((((((((((((((((((((((((( Files Created from 2009-10-16 to 2009-11-16 )))))))))))))))))))))))))))))))
.
2009-11-16 23:06 . 2008-04-14 00:12 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2009-11-16 23:06 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-11-16 22:26 . 2009-05-07 07:04 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-11-15 16:15 . 2009-11-16 12:02 -------- d-----w- c:\documents and settings\All Users\Application Data\dujujewo
2009-11-15 16:15 . 2009-11-15 16:15 -------- d-----w- c:\documents and settings\All Users\Application Data\sihosido
2009-11-15 00:31 . 2009-11-16 22:13 -------- d-----w- c:\documents and settings\All Users\Application Data\valavuja
2009-11-15 00:31 . 2009-11-15 00:31 -------- d-----w- c:\documents and settings\All Users\Application Data\fapalogo
2009-11-13 21:58 . 2009-11-13 21:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-11-11 19:48 . 2009-11-11 19:48 -------- d-----w- c:\program files\Trend Micro
2009-11-11 19:46 . 2009-11-11 19:47 -------- d-----w- c:\program files\ERUNT
2009-11-11 17:51 . 2009-11-11 17:51 -------- d-----w- c:\documents and settings\Wolf\Application Data\Malwarebytes
2009-11-11 14:47 . 2009-11-13 21:28 -------- d-----w- c:\documents and settings\All Users\Application Data\jusirodo
2009-11-11 14:47 . 2009-11-13 21:28 -------- d-----w- c:\documents and settings\All Users\Application Data\bupuyafo
2009-11-11 14:47 . 2009-11-13 21:28 -------- d-----w- c:\documents and settings\All Users\Application Data\bujusufe
2009-11-11 14:47 . 2009-11-15 23:24 -------- d-----w- c:\documents and settings\All Users\Application Data\biwifasi
2009-11-11 14:47 . 2009-11-13 21:58 -------- d-----w- c:\documents and settings\All Users\Application Data\fapawozi
2009-11-11 14:47 . 2009-11-13 00:15 -------- d-----w- c:\documents and settings\All Users\Application Data\pulovuwi
2009-11-11 14:47 . 2009-11-12 23:54 -------- d-----w- c:\documents and settings\All Users\Application Data\wonupago
2009-11-07 23:22 . 2009-11-07 23:22 1408800 ----a-w- c:\documents and settings\Maggie\Application Data\Move Networks\MoveMediaPlayerWin_071505000011.exe
2009-11-06 13:35 . 2009-10-20 22:26 2064152 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-10-24 18:16 . 2009-10-24 18:16 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-24 18:15 . 2009-10-24 18:15 152576 ----a-w- c:\documents and settings\Maggie\Application Data\Sun\Java\jre1.6.0_16\lzma.dll
2009-10-20 16:54 . 2009-10-20 16:54 59992 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2010 9.0.0.736\English\setup.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-16 22:51 . 2007-04-06 15:00 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-11-16 22:50 . 2008-12-14 14:43 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-11-16 22:26 . 2009-07-04 16:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-10 21:05 . 2008-03-07 15:44 -------- d-----w- c:\documents and settings\All Users\Application Data\pdf995
2009-11-07 23:23 . 2009-08-22 17:13 127325 ----a-w- c:\documents and settings\Maggie\Application Data\Move Networks\uninstall.exe
2009-11-07 23:23 . 2007-04-13 00:04 -------- d--h--w- c:\documents and settings\Maggie\Application Data\Move Networks
2009-11-07 23:23 . 2009-08-13 19:21 4187512 ----a-w- c:\documents and settings\Maggie\Application Data\Move Networks\plugins\npqmp071505000011.dll
2009-10-24 18:16 . 2007-04-15 21:30 -------- d-----w- c:\program files\Java
2009-10-24 01:35 . 2008-08-20 20:31 38 ----a-w- c:\documents and settings\Maggie\jagex_runescape_preferences.dat
2009-10-18 22:46 . 2009-09-30 00:23 45 ----a-w- c:\documents and settings\Maggie\jagex_runescape_preferences2.dat
2009-10-15 22:21 . 2007-08-11 15:50 91968 ----a-w- c:\documents and settings\Claire\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-15 22:07 . 2009-01-23 21:19 -------- d-----w- c:\documents and settings\Claire\Application Data\ZoomBrowser EX
2009-10-12 20:58 . 2007-04-11 00:38 91968 ----a-w- c:\documents and settings\Maggie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-19 03:27 . 2009-08-03 21:48 4187512 ----a-w- c:\documents and settings\Maggie\Application Data\Move Networks\plugins\npqmp071505000010.dll
2009-09-19 03:27 . 2009-09-19 03:27 1407680 ----a-w- c:\documents and settings\Maggie\Application Data\Move Networks\MoveMediaPlayerWin_071505000010.exe
2009-09-11 14:18 . 2004-08-12 14:01 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 19:54 . 2009-07-04 16:05 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 19:53 . 2009-07-04 16:05 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 21:03 . 2004-08-12 14:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36 . 2004-08-12 14:09 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2004-08-12 13:58 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36 . 2004-08-12 13:56 17408 ----a-w- c:\windows\system32\corpol.dll
2009-08-26 08:00 . 2004-08-12 14:06 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-22 17:13 . 2009-08-22 17:12 1686744 ----a-w- c:\documents and settings\Maggie\Application Data\Move Networks\MoveMediaPlayerWin_071504000001.exe
2009-08-22 13:21 . 2009-03-18 16:47 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-22 13:21 . 2009-03-18 16:47 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-22 13:21 . 2009-03-18 16:47 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-03-18 15:43 . 2009-03-18 15:43 2 --shatr- c:\windows\winstart.bat
2009-08-13 11:56 . 2009-08-13 11:56 51200 --sha-w- c:\windows\system32\dajifuji.dll.tmp
2009-08-13 11:56 . 2009-08-13 11:56 51200 --sha-w- c:\windows\system32\notabage.dll.tmp
2009-08-13 11:56 . 2009-08-13 11:56 51200 --sha-w- c:\windows\system32\viveveno.dll.tmp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-04-21 24264488]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-04-29 3338240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-06-29 135168]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-07-14 339968]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-11-03 2028312]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-13 342312]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-24 149280]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= c:\documents and settings\Maggie\My Documents\Publication2.jpg
FriendlyName=
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-22 13:21 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Vongo Tray.lnk]
backup=c:\windows\pss\Vongo Tray.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"Vongo Service"=2 (0x2)
"usnjsvc"=3 (0x3)
"Symantec Core LC"=3 (0x3)
"spkrmon"=2 (0x2)
"idsvc"=3 (0x3)
"GoogleDesktopManager"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"dlcc_device"=3 (0x3)
"Bonjour Service"=2 (0x2)
"WLSetupSvc"=3 (0x3)
"Viewpoint Manager Service"=2 (0x2)
"ose"=3 (0x3)
"IAANTMon"=2 (0x2)
"ADVService"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2010 9.0.0.736\\English\\setup.exe"=
"c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/18/2009 11:47 AM 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/18/2009 11:47 AM 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [3/18/2009 11:47 AM 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [3/18/2009 11:14 AM 297752]
S3 PFOYF;PFOYF;c:\docume~1\ADMINI~1\LOCALS~1\Temp\PFOYF.exe --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\PFOYF.exe [?]
S4 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" --> c:\program files\Viewpoint\Common\ViewpointService.exe [?]
--- Other Services/Drivers In Memory ---
*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder
2009-11-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-07-25 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: &Search
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
FF - ProfilePath - c:\documents and settings\Maggie\Application Data\Mozilla\Firefox\Profiles\dehe7zjw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\Maggie\Application Data\Move Networks\plugins\npqmp071505000010.dll
FF - plugin: c:\documents and settings\Maggie\Application Data\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-monudibud - c:\windows\system32\gedekuye.dll
SharedTaskScheduler-{e3a161c2-97a4-4ae2-bfe4-1361dad0bad2} - (no file)
SharedTaskScheduler-{51d8be00-b053-42e5-9e4d-8e6bcce50dc3} - c:\windows\system32\hamehalu.dll
SharedTaskScheduler-{7f85906b-4d72-48f8-94f4-b445bc071d54} - (no file)
SharedTaskScheduler-{9d50c521-b365-4858-9ab9-cb6c73466d5a} - c:\docume~1\alluse~1\applic~1\dujujewo\dujujewo.dll
SharedTaskScheduler-{8b85fcbc-d0ac-4097-948f-7f3785cb0a39} - c:\windows\system32\gedekuye.dll
SSODL-vujofotes-{e3a161c2-97a4-4ae2-bfe4-1361dad0bad2} - (no file)
SSODL-nuyarovev-{51d8be00-b053-42e5-9e4d-8e6bcce50dc3} - c:\windows\system32\hamehalu.dll
SSODL-vuledaney-{7f85906b-4d72-48f8-94f4-b445bc071d54} - (no file)
SSODL-yakegimuk-{9d50c521-b365-4858-9ab9-cb6c73466d5a} - c:\docume~1\alluse~1\applic~1\dujujewo\dujujewo.dll
SSODL-jufotuduj-{8b85fcbc-d0ac-4097-948f-7f3785cb0a39} - c:\windows\system32\gedekuye.dll
AddRemove-ppmate - c:\program files\PPMate\uninst.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-16 18:17
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2664)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
c:\program files\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2009-11-16 18:18 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-16 23:17
ComboFix2.txt 2009-03-18 15:56
Pre-Run: 145,438,289,920 bytes free
Post-Run: 147,310,469,120 bytes free
- - End Of File - - AB9817FE032428ABB3E5B3B8E4C94CC5
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:29:53 PM, on 11/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5665/mcfscan.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PFOYF - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\PFOYF.exe (file missing)
O24 - Desktop Component 0: (no name) - C:\Documents and Settings\Maggie\My Documents\Publication2.jpg
--
End of file - 7678 bytes
To access the Uninstall Manager you would do the following:
1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
You will now be presented with a screen similar to the one below:
http://img.bleepingcomputer.com/tutorials/hijackthis/uninstall-man.jpg
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.
ABBYY FineReader 6.0 Sprint
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe Dreamweaver CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop CS3
Adobe Reader 8.1.2
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Shockwave Player
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Amazon Unbox Video
Any Video Converter Professional 2.5.7
Apple Mobile Device Support
Apple Software Update
ArcSoft Panorama Maker 4
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Audacity 1.2.6
AVG Free 8.5
Avi2Dvd 0.4.5 beta
AviSynth 2.5
Bonjour
Broadcom Gigabit Integrated Controller
Canon Camera Access Library
Canon Camera Support Core Library
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Chinese Practice
CleanUp!
Compatibility Pack for the 2007 Office system
Costco Photo Organizer
Critical Update for Windows Media Player 11 (KB959772)
Dell Photo AIO Printer 924
Dell ResourceCD
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
DVD to iPod Converter 4
EA Download Manager
Editor
EPSON Printer Software
EPSON Scan
ERUNT 1.1j
FPS Creator Demo
Harry Potter and the Half-Blood Prince™
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Icon Constructor 3
Intel Application Accelerator
Intel(R) 537EP V9x DF PCI Modem
InterActual Player
iTunes
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Java(TM) 6 Update 16
Java(TM) 6 Update 2
Java(TM) SE Runtime Environment 6 Update 1
LimeWire 4.12.11
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Small Business Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 6.0 Docs
Microsoft Visual C++ 6.0 Introductory Edition
Microsoft WSE 3.0 Runtime
Mozilla Firefox (3.0.15)
Mozilla Sunbird (0.3.1)
Mozilla Thunderbird (2.0.0.23)
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
Multimedia Fusion 2 Demo
Multimedia Fusion Developer 2 Demo
Nikon Message Center
Nikon Transfer
OverDrive Media Console
PDF Settings
Pdf995 (installed by TaxCut)
PdfEdit995 (installed by TaxCut)
Penless Chinese Language Learning Software v2.0
Photo Story 3 for Windows
PowerDVD 5.3
Project64 1.6
QuickTime
Remove on Reboot Shell Extension
Safari
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Skype™ 4.0
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
SopCast 3.0.3
SoundMAX
Spybot - Search & Destroy 1.4
TaxCut Connecticut 2007
TaxCut Connecticut 2008
TaxCut Premium + State + Efile 2007
TaxCut Premium + State + Efile 2008
TBS WMP Plug-in
The Sims™ 3
TVAnts 1.0
Unlocker 1.8.7
UP_screensaver_02
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Windows Imaging Component
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
Yahoo! Browser Services
Yahoo! Internet Mail
Yahoo! Messenger
As per forum rules, all p2p programs have to be uninstalled, link (http://forums.spybot.info/showthread.php?t=282).
So please uninstall LimeWire 4.12.11 and post back a fresh uninstall list afterwards :)
ABBYY FineReader 6.0 Sprint
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe Dreamweaver CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop CS3
Adobe Reader 8.1.2
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Shockwave Player
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Amazon Unbox Video
Any Video Converter Professional 2.5.7
Apple Mobile Device Support
Apple Software Update
ArcSoft Panorama Maker 4
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Audacity 1.2.6
AVG Free 8.5
Avi2Dvd 0.4.5 beta
AviSynth 2.5
Bonjour
Broadcom Gigabit Integrated Controller
Canon Camera Access Library
Canon Camera Support Core Library
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Chinese Practice
CleanUp!
Compatibility Pack for the 2007 Office system
Costco Photo Organizer
Critical Update for Windows Media Player 11 (KB959772)
Dell Photo AIO Printer 924
Dell ResourceCD
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
DVD to iPod Converter 4
EA Download Manager
Editor
EPSON Printer Software
EPSON Scan
ERUNT 1.1j
FPS Creator Demo
Harry Potter and the Half-Blood Prince™
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Icon Constructor 3
Intel Application Accelerator
Intel(R) 537EP V9x DF PCI Modem
InterActual Player
iTunes
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Java(TM) 6 Update 16
Java(TM) 6 Update 2
Java(TM) SE Runtime Environment 6 Update 1
LG USB Modem driver
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Small Business Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 6.0 Docs
Microsoft Visual C++ 6.0 Introductory Edition
Microsoft WSE 3.0 Runtime
Mozilla Firefox (3.0.15)
Mozilla Sunbird (0.3.1)
Mozilla Thunderbird (2.0.0.23)
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
Multimedia Fusion 2 Demo
Multimedia Fusion Developer 2 Demo
Nikon Message Center
Nikon Transfer
OverDrive Media Console
PDF Settings
Pdf995 (installed by TaxCut)
PdfEdit995 (installed by TaxCut)
Penless Chinese Language Learning Software v2.0
Photo Story 3 for Windows
PowerDVD 5.3
Project64 1.6
QuickTime
Remove on Reboot Shell Extension
Safari
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Skype™ 4.0
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
SopCast 3.0.3
SoundMAX
Spybot - Search & Destroy 1.4
TaxCut Connecticut 2007
TaxCut Connecticut 2008
TaxCut Premium + State + Efile 2007
TaxCut Premium + State + Efile 2008
TBS WMP Plug-in
The Sims™ 3
TVAnts 1.0
Unlocker 1.8.7
UP_screensaver_02
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
V CAST Music with Rhapsody
Windows Imaging Component
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
Yahoo! Browser Services
Yahoo! Internet Mail
Yahoo! Messenger
Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
File::
c:\windows\system32\dajifuji.dll.tmp
c:\windows\system32\notabage.dll.tmp
c:\windows\system32\viveveno.dll.tmp
Folder::
c:\documents and settings\All Users\Application Data\dujujewo
c:\documents and settings\All Users\Application Data\sihosido
c:\documents and settings\All Users\Application Data\valavuja
c:\documents and settings\All Users\Application Data\fapalogo
c:\documents and settings\All Users\Application Data\jusirodo
c:\documents and settings\All Users\Application Data\bupuyafo
c:\documents and settings\All Users\Application Data\bujusufe
c:\documents and settings\All Users\Application Data\biwifasi
c:\documents and settings\All Users\Application Data\fapawozi
c:\documents and settings\All Users\Application Data\pulovuwi
c:\documents and settings\All Users\Application Data\wonupago
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\LimeWire\\LimeWire.exe"=-
Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
ComboFix 09-11-17.01 - Maggie 11/20/2009 13:45.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.247 [GMT -5:00]
Running from: c:\documents and settings\Maggie\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Maggie\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FILE ::
"c:\windows\system32\dajifuji.dll.tmp"
"c:\windows\system32\notabage.dll.tmp"
"c:\windows\system32\viveveno.dll.tmp"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\biwifasi
c:\documents and settings\All Users\Application Data\bujusufe
c:\documents and settings\All Users\Application Data\bupuyafo
c:\documents and settings\All Users\Application Data\dujujewo
c:\documents and settings\All Users\Application Data\fapalogo
c:\documents and settings\All Users\Application Data\fapalogo\fapalogo.dll
c:\documents and settings\All Users\Application Data\fapawozi
c:\documents and settings\All Users\Application Data\jusirodo
c:\documents and settings\All Users\Application Data\pulovuwi
c:\documents and settings\All Users\Application Data\sihosido
c:\documents and settings\All Users\Application Data\sihosido\sihosido.dll
c:\documents and settings\All Users\Application Data\valavuja
c:\documents and settings\All Users\Application Data\wonupago
c:\windows\system32\dajifuji.dll.tmp
c:\windows\system32\notabage.dll.tmp
c:\windows\system32\viveveno.dll.tmp
.
((((((((((((((((((((((((( Files Created from 2009-10-20 to 2009-11-20 )))))))))))))))))))))))))))))))
.
2009-11-19 23:44 . 2009-11-19 23:46 -------- d-----w- c:\program files\V CAST Music with Rhapsody
2009-11-19 23:40 . 2009-11-19 23:40 -------- d-----w- c:\program files\LG Electronics
2009-11-19 23:40 . 2007-04-09 14:56 21248 ----a-w- c:\windows\system32\drivers\lgusbdiag.sys
2009-11-19 23:40 . 2007-04-09 14:55 22912 ----a-w- c:\windows\system32\drivers\lgusbmodem.sys
2009-11-19 23:40 . 2007-04-09 14:53 12672 ----a-w- c:\windows\system32\drivers\lgusbbus.sys
2009-11-16 23:06 . 2008-04-14 00:12 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2009-11-16 23:06 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-11-16 22:26 . 2009-05-07 07:04 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-11-13 21:58 . 2009-11-13 21:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-11-11 19:48 . 2009-11-11 19:48 -------- d-----w- c:\program files\Trend Micro
2009-11-11 19:46 . 2009-11-11 19:47 -------- d-----w- c:\program files\ERUNT
2009-11-11 17:51 . 2009-11-11 17:51 -------- d-----w- c:\documents and settings\Wolf\Application Data\Malwarebytes
2009-11-07 23:22 . 2009-11-07 23:22 1408800 ----a-w- c:\documents and settings\Maggie\Application Data\Move Networks\MoveMediaPlayerWin_071505000011.exe
2009-10-24 18:16 . 2009-10-24 18:16 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-24 18:15 . 2009-10-24 18:15 152576 ----a-w- c:\documents and settings\Maggie\Application Data\Sun\Java\jre1.6.0_16\lzma.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-20 15:52 . 2007-05-16 23:42 -------- d-----w- c:\program files\LimeWire
2009-11-20 15:43 . 2007-04-06 15:00 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-11-19 23:40 . 2007-03-30 00:04 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-16 22:50 . 2008-12-14 14:43 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-11-16 22:26 . 2009-07-04 16:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-10 21:05 . 2008-03-07 15:44 -------- d-----w- c:\documents and settings\All Users\Application Data\pdf995
2009-11-07 23:23 . 2009-08-22 17:13 127325 ----a-w- c:\documents and settings\Maggie\Application Data\Move Networks\uninstall.exe
2009-11-07 23:23 . 2007-04-13 00:04 -------- d--h--w- c:\documents and settings\Maggie\Application Data\Move Networks
2009-11-07 23:23 . 2009-08-13 19:21 4187512 ----a-w- c:\documents and settings\Maggie\Application Data\Move Networks\plugins\npqmp071505000011.dll
2009-10-24 18:16 . 2007-04-15 21:30 -------- d-----w- c:\program files\Java
2009-10-24 01:35 . 2008-08-20 20:31 38 ----a-w- c:\documents and settings\Maggie\jagex_runescape_preferences.dat
2009-10-20 16:54 . 2009-10-20 16:54 59992 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2010 9.0.0.736\English\setup.exe
2009-10-18 22:46 . 2009-09-30 00:23 45 ----a-w- c:\documents and settings\Maggie\jagex_runescape_preferences2.dat
2009-10-15 22:21 . 2007-08-11 15:50 91968 ----a-w- c:\documents and settings\Claire\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-15 22:07 . 2009-01-23 21:19 -------- d-----w- c:\documents and settings\Claire\Application Data\ZoomBrowser EX
2009-10-12 20:58 . 2007-04-11 00:38 91968 ----a-w- c:\documents and settings\Maggie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-19 03:27 . 2009-08-03 21:48 4187512 ----a-w- c:\documents and settings\Maggie\Application Data\Move Networks\plugins\npqmp071505000010.dll
2009-09-19 03:27 . 2009-09-19 03:27 1407680 ----a-w- c:\documents and settings\Maggie\Application Data\Move Networks\MoveMediaPlayerWin_071505000010.exe
2009-09-11 14:18 . 2004-08-12 14:01 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 19:54 . 2009-07-04 16:05 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 19:53 . 2009-07-04 16:05 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 21:03 . 2004-08-12 14:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36 . 2004-08-12 14:09 832512 ------w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2004-08-12 13:58 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36 . 2004-08-12 13:56 17408 ----a-w- c:\windows\system32\corpol.dll
2009-08-26 08:00 . 2004-08-12 14:06 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-03-18 15:43 . 2009-03-18 15:43 2 --shatr- c:\windows\winstart.bat
.
((((((((((((((((((((((((((((( SnapShot@2009-11-16_23.12.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-20 15:42 . 2009-11-20 15:42 16384 c:\windows\temp\Perflib_Perfdata_740.dat
+ 2007-05-12 18:53 . 2008-07-08 13:02 17272 c:\windows\system32\spmsg.dll
- 2007-05-12 18:53 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll
- 2007-04-07 18:39 . 2009-10-14 02:45 23040 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2007-04-07 18:39 . 2009-11-17 04:05 23040 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2007-04-07 18:39 . 2009-10-14 02:45 61440 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2007-04-07 18:39 . 2009-11-17 04:05 61440 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2007-04-07 18:39 . 2009-10-14 02:45 27136 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2007-04-07 18:39 . 2009-11-17 04:05 27136 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2007-04-07 18:39 . 2009-11-17 04:05 11264 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2007-04-07 18:39 . 2009-10-14 02:45 11264 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2007-04-07 18:39 . 2009-10-14 02:45 12288 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2007-04-07 18:39 . 2009-11-17 04:05 12288 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2009-10-19 01:42 . 2009-10-19 01:42 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2009-11-17 04:04 . 2009-11-17 04:04 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2007-04-07 18:39 . 2009-10-14 02:45 4096 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2007-04-07 18:39 . 2009-11-17 04:05 4096 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2007-04-07 18:39 . 2009-10-14 02:45 409600 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2007-04-07 18:39 . 2009-11-17 04:05 409600 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2007-04-07 18:39 . 2009-11-17 04:05 286720 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2007-04-07 18:39 . 2009-10-14 02:45 286720 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2007-04-07 18:39 . 2009-10-14 02:45 249856 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2007-04-07 18:39 . 2009-11-17 04:05 249856 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2007-04-07 18:39 . 2009-11-17 04:05 794624 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2007-04-07 18:39 . 2009-10-14 02:45 794624 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2007-04-07 18:39 . 2009-11-17 04:05 135168 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2007-04-07 18:39 . 2009-10-14 02:45 135168 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2009-11-20 15:43 . 2009-11-20 15:43 286720 c:\windows\ERDNT\AutoBackup\11-20-2009\Users\00000002\UsrClass.dat
+ 2009-11-20 15:43 . 2005-10-20 17:02 163328 c:\windows\ERDNT\AutoBackup\11-20-2009\ERDNT.EXE
+ 2009-11-19 23:02 . 2009-11-19 23:02 286720 c:\windows\ERDNT\AutoBackup\11-19-2009\Users\00000002\UsrClass.dat
+ 2009-11-19 23:02 . 2005-10-20 17:02 163328 c:\windows\ERDNT\AutoBackup\11-19-2009\ERDNT.EXE
+ 2009-11-18 22:32 . 2009-11-18 22:33 286720 c:\windows\ERDNT\AutoBackup\11-18-2009\Users\00000002\UsrClass.dat
+ 2009-11-18 22:33 . 2005-10-20 17:02 163328 c:\windows\ERDNT\AutoBackup\11-18-2009\ERDNT.EXE
+ 2009-11-18 02:42 . 2009-11-18 02:42 286720 c:\windows\ERDNT\AutoBackup\11-17-2009\Users\00000002\UsrClass.dat
+ 2009-11-18 02:42 . 2005-10-20 17:02 163328 c:\windows\ERDNT\AutoBackup\11-17-2009\ERDNT.EXE
+ 2004-08-12 14:09 . 2009-08-14 13:21 1850624 c:\windows\system32\win32k.sys
+ 2007-03-29 18:52 . 2009-11-17 23:48 1637664 c:\windows\system32\FNTCACHE.DAT
- 2007-03-29 18:52 . 2009-10-09 10:59 1637664 c:\windows\system32\FNTCACHE.DAT
+ 2008-10-14 18:54 . 2009-08-14 13:21 1850624 c:\windows\system32\dllcache\win32k.sys
+ 2009-10-22 17:46 . 2009-10-22 17:46 6821888 c:\windows\Installer\109c451.msp
+ 2009-08-18 17:58 . 2009-08-18 17:58 8301056 c:\windows\Installer\109c43e.msp
+ 2009-10-06 23:40 . 2009-10-06 23:40 7681024 c:\windows\Installer\109c436.msp
+ 2009-10-22 17:28 . 2009-10-22 17:28 5521408 c:\windows\Installer\109c423.msp
+ 2009-11-20 15:43 . 2009-11-20 15:43 6209536 c:\windows\ERDNT\AutoBackup\11-20-2009\Users\00000001\NTUSER.DAT
+ 2009-11-19 23:02 . 2009-11-19 23:02 5713920 c:\windows\ERDNT\AutoBackup\11-19-2009\Users\00000001\NTUSER.DAT
+ 2009-11-18 22:32 . 2009-11-18 22:32 5697536 c:\windows\ERDNT\AutoBackup\11-18-2009\Users\00000001\NTUSER.DAT
+ 2009-11-18 02:42 . 2009-11-18 02:42 5697536 c:\windows\ERDNT\AutoBackup\11-17-2009\Users\00000001\NTUSER.DAT
+ 2009-11-17 04:02 . 2009-11-05 14:36 26768832 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-04-21 24264488]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-04-29 3338240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-06-29 135168]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-07-14 339968]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-11-03 2028312]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-13 342312]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-24 149280]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= c:\documents and settings\Maggie\My Documents\Publication2.jpg
FriendlyName=
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-22 13:21 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Vongo Tray.lnk]
backup=c:\windows\pss\Vongo Tray.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"Vongo Service"=2 (0x2)
"usnjsvc"=3 (0x3)
"Symantec Core LC"=3 (0x3)
"spkrmon"=2 (0x2)
"idsvc"=3 (0x3)
"GoogleDesktopManager"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"dlcc_device"=3 (0x3)
"Bonjour Service"=2 (0x2)
"WLSetupSvc"=3 (0x3)
"Viewpoint Manager Service"=2 (0x2)
"ose"=3 (0x3)
"IAANTMon"=2 (0x2)
"ADVService"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2010 9.0.0.736\\English\\setup.exe"=
"c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/18/2009 11:47 AM 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/18/2009 11:47 AM 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [3/18/2009 11:47 AM 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [3/18/2009 11:14 AM 297752]
S3 PFOYF;PFOYF;c:\docume~1\ADMINI~1\LOCALS~1\Temp\PFOYF.exe --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\PFOYF.exe [?]
S4 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" --> c:\program files\Viewpoint\Common\ViewpointService.exe [?]
--- Other Services/Drivers In Memory ---
*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
Contents of the 'Scheduled Tasks' folder
2009-11-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-07-25 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: &Search
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
FF - ProfilePath - c:\documents and settings\Maggie\Application Data\Mozilla\Firefox\Profiles\dehe7zjw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\Maggie\Application Data\Move Networks\plugins\npqmp071505000010.dll
FF - plugin: c:\documents and settings\Maggie\Application Data\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-20 13:54
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-11-20 13:57
ComboFix-quarantined-files.txt 2009-11-20 18:57
ComboFix2.txt 2009-11-16 23:18
ComboFix3.txt 2009-03-18 15:56
Pre-Run: 146,632,335,360 bytes free
Post-Run: 146,614,407,168 bytes free
- - End Of File - - 499D1A7D1133A63E99284DB9D9A770CC
Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply along with a fresh HijackThis log.
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Sunday, November 22, 2009
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, November 22, 2009 02:16:45
Records in database: 3267162
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
A:\
C:\
D:\
F:\
Scan statistics:
Objects scanned: 132149
Threats found: 1
Infected objects found: 1
Suspicious objects found: 0
Scan duration: 03:34:10
File name / Threat / Threats count
C:\System Volume Information\_restore{04694148-9C97-4114-8F25-FFF6C2F7FDD9}\RP1\A0000086.dll Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.au 1
Selected area has been scanned.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:51:38 AM, on 11/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FAMTBIA.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FARNBIA.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1004336348-1957994488-839522115-1007\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (User 'Claire')
O4 - HKUS\S-1-5-21-1004336348-1957994488-839522115-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Claire')
O4 - HKUS\S-1-5-21-1004336348-1957994488-839522115-1007\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (User 'Claire')
O4 - HKUS\S-1-5-21-1004336348-1957994488-839522115-1007\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Claire')
O4 - HKUS\S-1-5-21-1004336348-1957994488-839522115-1007\..\Run: [monudibud] Rundll32.exe "c:\DOCUME~1\ALLUSE~1\APPLIC~1\dujujewo\dujujewo.dll",a (User 'Claire')
O4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5665/mcfscan.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PFOYF - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\PFOYF.exe (file missing)
O24 - Desktop Component 0: (no name) - C:\Documents and Settings\Maggie\My Documents\Publication2.jpg
--
End of file - 8464 bytes
That looks good :)
Still problems?
This thread has been closed due to inactivity.
As it has been four days or more since your last post, it will not be re-opened.
If you still require help, please start a new topic and include a new HijackThis log with a link to your previous thread.
Please do not add any logs that might have been requested previously, you would be starting fresh.
Applies only to the original poster, anyone else with similar problems please start your own topic.
Thank you Shaba.