[ Done ] Popups,Trojan.Vundo andTrojan.Metajuan

  • 12 Replies
  • 4020 Views
*

Offline needhelpplz

  • Bronze Member
  • 12
[ Done ] Popups,Trojan.Vundo andTrojan.Metajuan
« on: February 25, 2009, 01:37:10 PM »
Hello Staff,

I ran Norton and it shows that I have the Trojan.Vundo and Trojan.Metajuan. I followed the suggestions on Norton's page to turn off the system restore. I also ran ad Aware also both program say the files are Quarantined. I was unable to find the the files in the regedit that Norton suggested to remove. I ran the Vundo removal tool, it was unable to find anything. The files keep coming back. When I shutdown i need to end task on internet explorer. I use firefox not explorer nor have I opened explorer.

Thank you.

Needhelp


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:30:55 AM, on 2/25/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VentSrv\ventrilo_svc.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\VentSrv\ventrilo_srv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15035/CTPID.cab
O20 - AppInit_DLLs: ykflxn.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe

--
End of file - 7395 bytes
« Last Edit: March 05, 2009, 09:05:08 PM by bamajim »

*

Offline bamajim

  • Administrator
  • Platinum Member
  • 3116
Re: Popups,Trojan.Vundo andTrojan.Metajuan
« Reply #1 on: February 26, 2009, 11:07:48 AM »
needhelpplz

1. Go HERE and download File Lister.

Save it to your Desktop
Rt Click ->> Extract all ->> And extract it to your Desktop
Additional help on extracting zip files can be found HERE
Open the File Lister Folder.
Rt Click FileLister.vbe ->>Select Open Then Open to confirm.
As the program runs, it will appear that nothing is happening.
When the program is fnished it will produce a log for you C:\Files.txt

Copy and paste the contents of that log in your reply.

2008-2010
Rights cannot exist without morals

*

Offline needhelpplz

  • Bronze Member
  • 12
Re: [ In Progress ] Popups,Trojan.Vundo andTrojan.Metajuan
« Reply #2 on: February 26, 2009, 07:16:27 PM »

+++++++++++++++++++++++++++++++++
+ File Lister  Version 1.0.5
+
+  By bamajim / bamajim.com
+++++++++++++++++++++++++++++++++

Report ran on --->>>  2/26/2009 5:14:52 PM


====== Running Processes ======

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VentSrv\ventrilo_svc.exe
C:\Program Files\VentSrv\ventrilo_srv.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vpc32.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\WINDOWS\System32\WScript.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

====== BHO's under HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects ======

BHO: (NO NAME) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

BHO: (NO NAME) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

BHO: (NO NAME) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

BHO: (NO NAME) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\awtqrsQi.dll

BHO: (NO NAME) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

BHO: {a832f299-c22c-fcd9-cfd4-0d10c87979e7} - {7e97978c-01d0-4dfc-9dcf-c22c992f238a} - C:\WINDOWS\system32\imcoxi.dll

BHO: (NO NAME) - {BBFCC091-7CA5-4D8C-A32E-0D17C5FBBF3B} - C:\WINDOWS\system32\opnkllKa.dll

====== Values under HKLM\~\Run ======

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDrvEmulator"="\"C:\\Program Files\\Creative\\Shared Files\\Module Loader\\DLLML.exe\" -1 AudioDrvEmulator \"C:\\Program Files\\Creative\\Shared Files\\Module Loader\\Audio Emulator\\AudDrvEm.dll\""
"zBrowser Launcher"="C:\\Program Files\\Logitech\\iTouch\\iTouch.exe"
@=""
"NVIDIA nTune"="\"C:\\Program Files\\NVIDIA Corporation\\nTune\\\\nTune.exe\" clear"
"Logitech Utility"="Logi_MwX.Exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"


====== Values under HKCU\~\Run ======

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]


====== Folders and Files from "%\" and "%\Windows" Created Last 60 Days ======

2/25/2009 11:59:50 AM    3906    32    C:\Files.txt
1/13/2009 7:22:28 PM    956894    C:\WINDOWS\$NtUninstallKB958687$
1/13/2009 7:22:28 PM    623070    C:\WINDOWS\$NtUninstallKB958687$\spuninst
2/9/2009 10:12:38 AM    616    32    C:\WINDOWS\eReg.dat
1/13/2009 7:22:20 PM    9755    32    C:\WINDOWS\KB958687.log
2/10/2009 9:44:46 AM    328808    32    C:\WINDOWS\ntbtlog.txt
2/1/2009 8:59:11 PM    0    32    C:\WINDOWS\system32\9b10ce72-.txt
2/17/2009 4:46:19 AM    1620202    6    C:\WINDOWS\system32\aanrdudi.ini
2/11/2009 12:59:17 AM    4850    38    C:\WINDOWS\system32\aKllknpo.ini
2/11/2009 12:59:17 AM    4573    38    C:\WINDOWS\system32\aKllknpo.ini2
2/1/2009 8:58:48 PM    31813    38    C:\WINDOWS\system32\AKUDeMoq.ini
2/1/2009 8:58:49 PM    36042    38    C:\WINDOWS\system32\AKUDeMoq.ini2
2/10/2009 7:57:23 PM    302592    32    C:\WINDOWS\system32\awtqrqRk.dll
2/10/2009 3:50:46 PM    36352    32    C:\WINDOWS\system32\awtqrsQi.dll
2/10/2009 11:59:01 PM    368    38    C:\WINDOWS\system32\baaKkUvw.ini
2/10/2009 11:59:01 PM    368    38    C:\WINDOWS\system32\baaKkUvw.ini2
2/10/2009 3:55:51 PM    368    38    C:\WINDOWS\system32\baddNXyb.ini
2/10/2009 3:55:51 PM    368    38    C:\WINDOWS\system32\baddNXyb.ini2
2/10/2009 3:55:47 PM    302592    32    C:\WINDOWS\system32\byXNddab.dll
2/10/2009 10:58:12 PM    302592    32    C:\WINDOWS\system32\byXOifEu.dll
2/16/2009 7:25:36 AM    1599490    6    C:\WINDOWS\system32\clwbreib.ini
2/19/2009 11:16:49 AM    1627630    6    C:\WINDOWS\system32\cpssagvl.ini
2/3/2009 8:22:41 AM    75645    32    C:\WINDOWS\system32\cwdqespi.dll
2/10/2009 9:57:55 PM    302592    32    C:\WINDOWS\system32\ddcDuVlj.dll
2/6/2009 7:44:11 PM    1580262    38    C:\WINDOWS\system32\donbjeph.ini
2/10/2009 4:56:04 PM    302592    32    C:\WINDOWS\system32\efcaXpPj.dll
2/5/2009 7:24:36 PM    52285    32    C:\WINDOWS\system32\evolilnl.dll
2/18/2009 7:56:45 AM    129024    32    C:\WINDOWS\system32\fgjkyvrk.dll
2/1/2009 9:04:52 PM    1523788    38    C:\WINDOWS\system32\fluupgeu.ini
2/26/2009 2:44:47 PM    1599703    6    C:\WINDOWS\system32\fuqwkwuk.ini
2/4/2009 9:43:42 AM    1566028    38    C:\WINDOWS\system32\gmtlrlpd.ini
2/18/2009 7:56:46 AM    129024    32    C:\WINDOWS\system32\gzjsym.dll
2/3/2009 8:19:41 AM    1544349    38    C:\WINDOWS\system32\higbuwud.ini
2/19/2009 11:19:25 AM    129024    32    C:\WINDOWS\system32\hohufxot.dll
2/10/2009 8:57:42 PM    368    38    C:\WINDOWS\system32\hRAIkUvw.ini
2/10/2009 8:57:42 PM    368    38    C:\WINDOWS\system32\hRAIkUvw.ini2
2/18/2009 7:54:02 AM    1620202    6    C:\WINDOWS\system32\idquccxw.ini
2/8/2009 11:09:45 PM    52285    32    C:\WINDOWS\system32\ievunnfh.dll
2/26/2009 2:46:36 PM    129024    32    C:\WINDOWS\system32\imcoxi.dll
2/10/2009 6:57:09 PM    368    38    C:\WINDOWS\system32\jjjlmnpo.ini
2/10/2009 6:57:09 PM    368    38    C:\WINDOWS\system32\jjjlmnpo.ini2
2/10/2009 9:57:58 PM    368    38    C:\WINDOWS\system32\jlVuDcdd.ini
2/10/2009 9:57:58 PM    368    38    C:\WINDOWS\system32\jlVuDcdd.ini2
2/10/2009 4:56:07 PM    368    38    C:\WINDOWS\system32\jPpXacfe.ini
2/10/2009 4:56:07 PM    368    38    C:\WINDOWS\system32\jPpXacfe.ini2
2/14/2009 8:07:25 AM    1593556    6    C:\WINDOWS\system32\jrlwqamh.ini
2/10/2009 7:57:26 PM    368    38    C:\WINDOWS\system32\kRqrqtwa.ini
2/10/2009 7:57:26 PM    368    38    C:\WINDOWS\system32\kRqrqtwa.ini2
2/10/2009 5:56:23 PM    368    38    C:\WINDOWS\system32\KSuxayxx.ini
2/10/2009 5:56:23 PM    368    38    C:\WINDOWS\system32\KSuxayxx.ini2
2/26/2009 2:44:46 PM    72704    32    C:\WINDOWS\system32\kuwkwquf.dll
2/25/2009 10:34:32 PM    1599703    6    C:\WINDOWS\system32\ldeafgvk.ini
2/10/2009 1:47:07 PM    0    32    C:\WINDOWS\system32\mcrh.tmp
2/11/2009 2:44:54 PM    1576264    6    C:\WINDOWS\system32\mphebnqa.ini
2/7/2009 11:08:15 PM    75645    32    C:\WINDOWS\system32\mqchlcsk.dll
2/9/2009 10:09:42 AM    75645    32    C:\WINDOWS\system32\mwmdkvbb.dll
2/25/2009 10:31:30 PM    129024    32    C:\WINDOWS\system32\nlymut.dll
2/26/2009 2:46:35 PM    129024    32    C:\WINDOWS\system32\nsfnqjds.dll
2/25/2009 10:31:29 PM    129024    32    C:\WINDOWS\system32\nsnyvxrg.dll
2/9/2009 10:06:43 AM    1586322    6    C:\WINDOWS\system32\ojxkxuky.ini
2/11/2009 12:59:15 AM    302592    32    C:\WINDOWS\system32\opnkllKa.dll
2/10/2009 6:57:07 PM    302592    32    C:\WINDOWS\system32\opnmljjj.dll
2/5/2009 7:19:15 PM    1580262    6    C:\WINDOWS\system32\oyrowwdk.ini
2/8/2009 6:31:01 PM    1580261    6    C:\WINDOWS\system32\qmdhubae.ini
2/19/2009 11:19:26 AM    129024    32    C:\WINDOWS\system32\quymdf.dll
2/25/2009 9:03:00 AM    1641475    6    C:\WINDOWS\system32\rrentoyw.ini
2/15/2009 5:04:31 PM    1593556    6    C:\WINDOWS\system32\saspabvv.ini
2/12/2009 9:13:55 PM    1593556    6    C:\WINDOWS\system32\tvjhdsjh.ini
2/10/2009 10:58:15 PM    368    38    C:\WINDOWS\system32\uEfiOXyb.ini
2/10/2009 10:58:15 PM    368    38    C:\WINDOWS\system32\uEfiOXyb.ini2
2/6/2009 7:49:53 PM    75645    32    C:\WINDOWS\system32\wdtruqng.dll
2/10/2009 8:57:39 PM    302592    32    C:\WINDOWS\system32\wvUkIARh.dll
2/10/2009 11:58:59 PM    302592    32    C:\WINDOWS\system32\wvUkKaab.dll
2/25/2009 9:04:46 AM    129024    32    C:\WINDOWS\system32\wxtrslyl.dll
2/25/2009 9:03:00 AM    72704    32    C:\WINDOWS\system32\wyotnerr.dll
2/7/2009 8:29:43 PM    1580261    6    C:\WINDOWS\system32\xlscftnu.ini
2/10/2009 5:56:21 PM    302592    32    C:\WINDOWS\system32\xxyaxuSK.dll
2/25/2009 9:04:48 AM    129024    32    C:\WINDOWS\system32\ykflxn.dll

====== Files under "\Administrator\Startup" Last 60 Days======



====== Files under "\All Users\Startup" Last 60 Days======


====== Folders under "\Program Files" Last 60 Days======


====== Files under "\System32\Drivers" Last 60 Days======


====== Files Deleted under "%Temp%" ======

C:\DOCUME~1\owner\LOCALS~1\Temp\002-1.mpg
C:\DOCUME~1\owner\LOCALS~1\Temp\002.mpg
C:\DOCUME~1\owner\LOCALS~1\Temp\02-1.mpg
C:\DOCUME~1\owner\LOCALS~1\Temp\02.mpg
C:\DOCUME~1\owner\LOCALS~1\Temp\03-1.mpg
C:\DOCUME~1\owner\LOCALS~1\Temp\03-2.mpg
C:\DOCUME~1\owner\LOCALS~1\Temp\03.mpg
C:\DOCUME~1\owner\LOCALS~1\Temp\04.mpg
C:\DOCUME~1\owner\LOCALS~1\Temp\0926081222a.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\ahlocini.tmp
C:\DOCUME~1\owner\LOCALS~1\Temp\AT11041-MD500.wmv
C:\DOCUME~1\owner\LOCALS~1\Temp\Cali 118.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\etilqs_lveTImTdhdVYNfEFzCtk
C:\DOCUME~1\owner\LOCALS~1\Temp\FileLister.vbe
C:\DOCUME~1\owner\LOCALS~1\Temp\FileLister.zip
C:\DOCUME~1\owner\LOCALS~1\Temp\folonmco.dat
C:\DOCUME~1\owner\LOCALS~1\Temp\Image000.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\Image001.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\Image002.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\Image003.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\Image004.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\Image005.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\Image006.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\Image007.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\Image008.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\Image009.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\Image010.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\Image011.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\Image012.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\Image013j.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\Image014.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\Image015.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\Image016.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\Image017.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\Image018.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\Image019.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\Image020.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\Image021.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\Image022t.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\Image023.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\Image024.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\Image025.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\Image026.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\Image027..jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\Image028.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\Image029a.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\Image031a.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\Image032.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\Image033.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\Image034a.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\Image035a.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\Image036.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\Image037g.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\Image038..jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\Image039.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\Image040.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\Image041.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\Image042.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\Image043.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\InsiderSecretsreport1.zip
C:\DOCUME~1\owner\LOCALS~1\Temp\julia-bond1.wmv
C:\DOCUME~1\owner\LOCALS~1\Temp\julia-bond2.wmv
C:\DOCUME~1\owner\LOCALS~1\Temp\julia-bond3-1.wmv
C:\DOCUME~1\owner\LOCALS~1\Temp\julia-bond3.wmv
C:\DOCUME~1\owner\LOCALS~1\Temp\m04.mpg
C:\DOCUME~1\owner\LOCALS~1\Temp\P.txt
C:\DOCUME~1\owner\LOCALS~1\Temp\Photo_111107_001.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\R.txt
C:\DOCUME~1\owner\LOCALS~1\Temp\sc.txt
C:\DOCUME~1\owner\LOCALS~1\Temp\set33.tmp
C:\DOCUME~1\owner\LOCALS~1\Temp\setB.tmp
C:\DOCUME~1\owner\LOCALS~1\Temp\spider 001.JPG
C:\DOCUME~1\owner\LOCALS~1\Temp\ST418-Rafale.wmv
C:\DOCUME~1\owner\LOCALS~1\Temp\summer fun 08 027.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\summer fun 08 036.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\summer fun 08 038-1.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\summer fun 08 038.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\summer fun 08 047.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\TMP3D.tmp
C:\DOCUME~1\owner\LOCALS~1\Temp\TMP42.tmp
C:\DOCUME~1\owner\LOCALS~1\Temp\TMP43.tmp
C:\DOCUME~1\owner\LOCALS~1\Temp\wewdoasucra.tmp
C:\DOCUME~1\owner\LOCALS~1\Temp\ztod-2-young-to-fall-in-love-62.mpg
C:\DOCUME~1\owner\LOCALS~1\Temp\ztod-2-young-to-fall-in-love-63.mpg
C:\DOCUME~1\owner\LOCALS~1\Temp\ztod-whos-your-daddy-8-41.mpg
C:\DOCUME~1\owner\LOCALS~1\Temp\_is7.tmp
C:\DOCUME~1\owner\LOCALS~1\Temp\_isB.tmp

87 Files deleted

====== Files and Folders under "All Users\Application Data" Last 60 Days======


 ====== Possible Rootkit Scan (Note: Items listed here are not necessarily bad)======


====== Values under HKLM\Software\microsoft\shared tools\msconfig\startupreg ======

HKLM\Software\microsoft\shared tools\msconfig\startupreg\AnyDVD


HKLM\Software\microsoft\shared tools\msconfig\startupreg\CTHelper


HKLM\Software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp


HKLM\Software\microsoft\shared tools\msconfig\startupreg\Dell AIO Printer A940


HKLM\Software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray


HKLM\Software\microsoft\shared tools\msconfig\startupreg\iTunesHelper


HKLM\Software\microsoft\shared tools\msconfig\startupreg\Logitech Utility


HKLM\Software\microsoft\shared tools\msconfig\startupreg\MsnMsgr


HKLM\Software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck


HKLM\Software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon


HKLM\Software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter


HKLM\Software\microsoft\shared tools\msconfig\startupreg\nwiz


HKLM\Software\microsoft\shared tools\msconfig\startupreg\OrderReminder


HKLM\Software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication


HKLM\Software\microsoft\shared tools\msconfig\startupreg\QuickTime Task


HKLM\Software\microsoft\shared tools\msconfig\startupreg\RemoteControl


HKLM\Software\microsoft\shared tools\msconfig\startupreg\SoundMan


HKLM\Software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched


HKLM\Software\microsoft\shared tools\msconfig\startupreg\updateMgr


HKLM\Software\microsoft\shared tools\msconfig\startupreg\UpdReg


HKLM\Software\microsoft\shared tools\msconfig\startupreg\VolPanel


HKLM\Software\microsoft\shared tools\msconfig\startupreg\vptray


HKLM\Software\microsoft\shared tools\msconfig\startupreg\WatchDog


HKLM\Software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG


HKLM\Software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager


====== Services ( Services that are Whitelisted are not shown) ======

 Adobe LM Service (Adobe LM Service) "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"  - Manual
 Alerter (Alerter) C:\WINDOWS\system32\svchost.exe -k LocalService  - Disabled
 Application Layer Gateway Service (ALG) C:\WINDOWS\System32\alg.exe  - Manual
 Application Management (AppMgmt) C:\WINDOWS\system32\svchost.exe -k netsvcs  - Manual
 ASP.NET State Service (aspnet_state) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe  - Manual
 Windows Audio (AudioSrv) C:\WINDOWS\System32\svchost.exe -k netsvcs  - Auto
 Background Intelligent Transfer Service (BITS) C:\WINDOWS\system32\svchost.exe -k netsvcs  - Manual
 Computer Browser (Browser) C:\WINDOWS\system32\svchost.exe -k netsvcs  - Auto
 Indexing Service (CiSvc) C:\WINDOWS\system32\cisvc.exe  - Manual
 ClipBook (ClipSrv) C:\WINDOWS\system32\clipsrv.exe  - Disabled
 .NET Runtime Optimization Service v2.0.50727_X86 (clr_optimization_v2.0.50727_32) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe  - Manual
 COM+ System Application (COMSysApp) C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}  - Manual
 Creative Service for CDROM Access (Creative Service for CDROM Access) C:\WINDOWS\system32\CTsvcCDA.exe  - Auto
 Cryptographic Services (CryptSvc) C:\WINDOWS\system32\svchost.exe -k netsvcs  - Auto
 Creative Audio Service (CTAudSvcService) C:\Program Files\Creative\Shared Files\CTAudSvc.exe  - Auto
 DCOM Server Process Launcher (DcomLaunch) C:\WINDOWS\system32\svchost -k DcomLaunch  - Auto
 DefWatch (DefWatch) C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe  - Auto
 DHCP Client (Dhcp) C:\WINDOWS\system32\svchost.exe -k netsvcs  - Auto
 Diskeeper (Diskeeper) "C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe"  - Auto
 Logical Disk Manager Administrative Service (dmadmin) C:\WINDOWS\System32\dmadmin.exe /com  - Manual
 Logical Disk Manager (dmserver) C:\WINDOWS\System32\svchost.exe -k netsvcs  - Auto
 DNS Client (Dnscache) C:\WINDOWS\system32\svchost.exe -k NetworkService  - Auto
 Wired AutoConfig (Dot3svc) C:\WINDOWS\System32\svchost.exe -k dot3svc  - Manual
 Extensible Authentication Protocol Service (EapHost) C:\WINDOWS\System32\svchost.exe -k eapsvcs  - Manual
 Error Reporting Service (ERSvc) C:\WINDOWS\System32\svchost.exe -k netsvcs  - Auto
 Event Log (Eventlog) C:\WINDOWS\system32\services.exe  - Auto
 COM+ Event System (EventSystem) C:\WINDOWS\system32\svchost.exe -k netsvcs  - Manual
 Fast User Switching Compatibility (FastUserSwitchingCompatibility) C:\WINDOWS\System32\svchost.exe -k netsvcs  - Manual
 Help and Support (helpsvc) C:\WINDOWS\System32\svchost.exe -k netsvcs  - Auto
 HID Input Service (HidServ) C:\WINDOWS\System32\svchost.exe -k netsvcs  - Auto
 Health Key and Certificate Management Service (hkmsvc) C:\WINDOWS\System32\svchost.exe -k netsvcs  - Manual
 HTTP SSL (HTTPFilter) C:\WINDOWS\System32\svchost.exe -k HTTPFilter  - Manual
 InstallDriver Table Manager (IDriverT) "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"  - Manual
 IMAPI CD-Burning COM Service (ImapiService) C:\WINDOWS\system32\imapi.exe  - Manual
 iPod Service (iPod Service) "C:\Program Files\iPod\bin\iPodService.exe"  - Manual
 Server (lanmanserver) C:\WINDOWS\system32\svchost.exe -k netsvcs  - Auto
 Workstation (lanmanworkstation) C:\WINDOWS\system32\svchost.exe -k netsvcs  - Auto
 LexBce Server (LexBceS) C:\WINDOWS\system32\LEXBCES.EXE  - Auto
 TCP/IP NetBIOS Helper (LmHosts) C:\WINDOWS\system32\svchost.exe -k LocalService  - Auto
 Machine Debug Manager (MDM) "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"  - Auto
 Messenger (Messenger) C:\WINDOWS\system32\svchost.exe -k netsvcs  - Disabled
 NetMeeting Remote Desktop Sharing (mnmsrvc) C:\WINDOWS\system32\mnmsrvc.exe  - Manual
 Distributed Transaction Coordinator (MSDTC) C:\WINDOWS\system32\msdtc.exe  - Manual
 Windows Installer (MSIServer) C:\WINDOWS\system32\msiexec.exe /V  - Manual
 Network Access Protection Agent (napagent) C:\WINDOWS\System32\svchost.exe -k netsvcs  - Manual
 Network DDE (NetDDE) C:\WINDOWS\system32\netdde.exe  - Disabled
 Network DDE DSDM (NetDDEdsdm) C:\WINDOWS\system32\netdde.exe  - Disabled
 Net Logon (Netlogon) C:\WINDOWS\system32\lsass.exe  - Manual
 Network Connections (Netman) C:\WINDOWS\System32\svchost.exe -k netsvcs  - Manual
 Network Location Awareness (NLA) (Nla) C:\WINDOWS\system32\svchost.exe -k netsvcs  - Manual
 Symantec AntiVirus Client (Norton AntiVirus Server) C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe  - Auto
 NT LM Security Support Provider (NtLmSsp) C:\WINDOWS\system32\lsass.exe  - Manual
 Removable Storage (NtmsSvc) C:\WINDOWS\system32\svchost.exe -k netsvcs  - Manual
 NVIDIA Display Driver Service (NVSvc) C:\WINDOWS\system32\nvsvc32.exe  - Auto
 Office Source Engine (ose) "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"  - Manual
 Plug and Play (PlugPlay) C:\WINDOWS\system32\services.exe  - Auto
 PnkBstrA (PnkBstrA) C:\WINDOWS\system32\PnkBstrA.exe  - Auto
 PnkBstrB (PnkBstrB) C:\WINDOWS\system32\PnkBstrB.exe  - Auto
 IPSEC Services (PolicyAgent) C:\WINDOWS\system32\lsass.exe  - Auto
 Protected Storage (ProtectedStorage) C:\WINDOWS\system32\lsass.exe  - Auto
 Remote Access Auto Connection Manager (RasAuto) C:\WINDOWS\system32\svchost.exe -k netsvcs  - Manual
 Remote Access Connection Manager (RasMan) C:\WINDOWS\system32\svchost.exe -k netsvcs  - Manual
 Remote Desktop Help Session Manager (RDSessMgr) C:\WINDOWS\system32\sessmgr.exe  - Manual
 Routing and Remote Access (RemoteAccess) C:\WINDOWS\system32\svchost.exe -k netsvcs  - Disabled
 Remote Registry (RemoteRegistry) C:\WINDOWS\system32\svchost.exe -k LocalService  - Auto
 Remote Procedure Call (RPC) Locator (RpcLocator) C:\WINDOWS\system32\locator.exe  - Manual
 Remote Procedure Call (RPC) (RpcSs) C:\WINDOWS\system32\svchost -k rpcss  - Auto
 QoS RSVP (RSVP) C:\WINDOWS\system32\rsvp.exe  - Manual
 Security Accounts Manager (SamSs) C:\WINDOWS\system32\lsass.exe  - Auto
 Smart Card (SCardSvr) C:\WINDOWS\System32\SCardSvr.exe  - Manual
 Task Scheduler (Schedule) C:\WINDOWS\System32\svchost.exe -k netsvcs  - Auto
 Secondary Logon (seclogon) C:\WINDOWS\System32\svchost.exe -k netsvcs  - Auto
 System Event Notification (SENS) C:\WINDOWS\system32\svchost.exe -k netsvcs  - Auto
 ServiceLayer (ServiceLayer) "C:\Program Files\PC Connectivity Solution\ServiceLayer.exe"  - Manual
 Windows Firewall/Internet Connection Sharing (ICS) (SharedAccess) C:\WINDOWS\system32\svchost.exe -k netsvcs  - Auto
 Shell Hardware Detection (ShellHWDetection) C:\WINDOWS\System32\svchost.exe -k netsvcs  - Auto
 Print Spooler (Spooler) C:\WINDOWS\system32\spoolsv.exe  - Auto
 System Restore Service (srservice) C:\WINDOWS\system32\svchost.exe -k netsvcs  - Auto
 SSDP Discovery Service (SSDPSRV) C:\WINDOWS\system32\svchost.exe -k LocalService  - Manual
 Windows Image Acquisition (WIA) (stisvc) C:\WINDOWS\system32\svchost.exe -k imgsvc  - Auto
 MS Software Shadow Copy Provider (SwPrv) C:\WINDOWS\system32\dllhost.exe /Processid:{ABF0BE4F-7628-40CB-95B6-11092F910B66}  - Manual
 Performance Logs and Alerts (SysmonLog) C:\WINDOWS\system32\smlogsvc.exe  - Manual
 Telephony (TapiSrv) C:\WINDOWS\System32\svchost.exe -k netsvcs  - Manual
 Terminal Services (TermService) C:\WINDOWS\System32\svchost -k DComLaunch  - Manual
 Themes (Themes) C:\WINDOWS\System32\svchost.exe -k netsvcs  - Auto
 Telnet (TlntSvr) C:\WINDOWS\system32\tlntsvr.exe  - Disabled
 Distributed Link Tracking Client (TrkWks) C:\WINDOWS\system32\svchost.exe -k netsvcs  - Auto
 Universal Plug and Play Device Host (upnphost) C:\WINDOWS\system32\svchost.exe -k LocalService  - Manual
 Uninterruptible Power Supply (UPS) C:\WINDOWS\System32\ups.exe  - Manual
 Messenger Sharing USN Journal Reader service (usnsvc) C:\WINDOWS\system32\svchost.exe -k usnsvc  - Manual
 User Privilege Service (usprserv) C:\WINDOWS\System32\svchost.exe -k netsvcs  - Manual
 Ventrilo (Ventrilo) C:\Program Files\VentSrv\ventrilo_svc.exe  - Auto
 Volume Shadow Copy (VSS) C:\WINDOWS\System32\vssvc.exe  - Manual
 Windows Time (W32Time) C:\WINDOWS\System32\svchost.exe -k netsvcs  - Auto
 WebClient (WebClient) C:\WINDOWS\system32\svchost.exe -k LocalService  - Auto
 Windows Management Instrumentation (winmgmt) C:\WINDOWS\system32\svchost.exe -k netsvcs  - Auto
 Portable Media Serial Number Service (WmdmPmSN) C:\WINDOWS\System32\svchost.exe -k netsvcs  - Manual
 Windows Management Instrumentation Driver Extensions (Wmi) C:\WINDOWS\System32\svchost.exe -k netsvcs  - Manual
 WMI Performance Adapter (WmiApSrv) C:\WINDOWS\system32\wbem\wmiapsrv.exe  - Manual
 Windows Media Player Network Sharing Service (WMPNetworkSvc) "C:\Program Files\Windows Media Player\WMPNetwk.exe"  - Auto
 Security Center (wscsvc) C:\WINDOWS\System32\svchost.exe -k netsvcs  - Auto
 Automatic Updates (wuauserv) C:\WINDOWS\system32\svchost.exe -k netsvcs  - Disabled
 Windows Driver Foundation - User-mode Driver Framework (WudfSvc) C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup  - Auto
 Wireless Zero Configuration (WZCSVC) C:\WINDOWS\System32\svchost.exe -k netsvcs  - Auto
 Network Provisioning Service (xmlprov) C:\WINDOWS\System32\svchost.exe -k netsvcs  - Manual

====== Uninstall List From Registry ======

Windows Driver Package - Nokia Modem  (02/15/2007 3.1)
Windows Driver Package - Nokia (WUDFRd) WPD  (06/01/2007 6.84.33.0)
Windows Driver Package - MSN (usbccgp) USB  (04/19/2006 1.1.0.2)
Ad-Aware SE Professional
Adobe Acrobat 5.0
Adobe Flash Player 10 Plugin
Adobe Photoshop CS2
AnyDVD
Advanced Uninstaller PRO 2006 - version 7
Creative Audio Console
Windows Driver Package - Nokia Modem  (02/15/2007 3.1)
Call of Duty Game of the Year Edition
Windows Driver Package - Nokia Modem  (05/24/2007 6.84.0.1)
CloneDVD2
Comanche 4
Creative Software AutoUpdate
Dell AIO Printer A940
FMS
HijackThis 2.0.2
HP OrderReminder
LaserJet 1018
Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
Command & Conquer Generals
Age of Empires III - The WarChiefs
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
Age of Empires III
NVIDIA nTune
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
Call of Duty - United Offensive
Call of Duty(R) - World at War(TM) 1.1 Patch
Call of Duty(R) - World at War(TM)
iPod for Windows 2005-10-12
Call of Duty(R) 4 - Modern Warfare(TM)
Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch
Windows Media Format SDK Hotfix - KB891122
Windows Genuine Advantage Validation Tool (KB892130)
Hotfix for Windows Media Format SDK (KB902344)
Microsoft Base Smart Card Cryptographic Service Provider Package
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows XP (KB913433)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB923689)
Security Update for Windows Media Player 6.4 (KB925398)
Hotfix for Windows Media Format 11 SDK (KB929399)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows XP (KB938464)
Hotfix for Windows Media Player 11 (KB939683)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Update for Windows XP (KB951072-v2)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Update for Windows XP (KB951978)
Security Update for Windows Media Player (KB952069)
Hotfix for Windows XP (KB952287)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Update for Windows XP (KB955839)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960714)
LiveUpdate 1.80 (Symantec Corporation)
Lords of the Realm II
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Mavis Beacon Teaches Typing
Microsoft .NET Framework 1.1
Microsoft MSDN 2005 Express Edition - ENU
Microsoft Visual Basic 2005 Express Edition - ENU
Mozilla Firefox (3.0.6)
Microsoft Compression Client Pack 1.0 for Windows XP
MSN
Nokia PC Suite
NVIDIA Drivers
PunkBuster Services
SharpDevelop2 2.0.1
Macromedia Flash Player 8
Sierra Utilities
Silkroad
Starcraft
Creative System Information
TeamSpeak 2 RC2
TeamSpeak 2 Server RC2
Viewpoint Media Player
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Notifications (KB905474)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Player 11
Microsoft User-Mode Driver Framework Feature Pack 1.5
Jane's Combat Simulations WWII Fighters
Xfire (remove only)
Yahoo! Toolbar
Yahoo! Browser Services
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar
Yahoo! Install Manager
Logitech iTouch Software
Battlefield 2(TM)
Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
Command & Conquer Generals
QuickTime
Civilization III
Symantec AntiVirus Client
Nokia Connectivity Cable Driver
AutoUpdate
Sound Blaster X-Fi
Cool & Quiet
Age of Empires III - The WarChiefs
Picture Package
Star Wars Jedi Knight Jedi Academy
Adobe Photoshop CS2
Microsoft MSDN 2005 Express Edition - ENU
FEAR
J2SE Runtime Environment 5.0 Update 6
WebFldrs XP
MSXML 4.0 SP2 (KB927978)
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
Microsoft Visual Basic 2005 Express Edition - ENU
Logitech MouseWare 9.79.1
Sony USB Driver
America's Army
PowerDVD
iTunes
Age of Empires III
LiveUpdate BVRP Software
Adobe Stock Photos 1.0
Ventrilo Client
Windows Live Messenger
DivX
NVIDIA nTune
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Patch
Ventrilo Server
MSXML 4.0 SP2 (KB954430)
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
DivX Player
Adobe Common File Installer
Logitech Desktop Messenger
Microsoft Office Professional Edition 2003
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
Logitech Gaming Software
PC Connectivity Solution
Apple Software Update
Call of Duty - United Offensive
Nokia PC Suite
Adobe Reader 7.1.0
Tom Clancy's Rainbow Six 3: Raven Shield 1.60.412
Call of Duty(R) - World at War(TM) 1.1 Patch
Microsoft .NET Framework 2.0 Service Pack 1
DivX Web Player
Adobe Bridge 1.0
Company of Heroes
Creative MediaSource 5
MSXML 4.0 SP2 (KB936181)
First Step Guide
Microsoft .NET Framework 1.1
Nero 7 Demo
Motorola Software Update
Call of Duty(R) - World at War(TM)
iPod for Windows 2005-10-12
Diskeeper Professional Edition
Call of Duty(R) 4 - Modern Warfare(TM)
Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch
Adobe Help Center 1.0
mobile PhoneTools
ImageMixer VCD2
Realtek AC'97 Audio

======== Other Info ========

TOTAL PHYSICAL RAM: 2147 MB


*

Offline bamajim

  • Administrator
  • Platinum Member
  • 3116
Re: [ In Progress ] Popups,Trojan.Vundo andTrojan.Metajuan
« Reply #3 on: February 26, 2009, 07:24:40 PM »
needhelpplz

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

2008-2010
Rights cannot exist without morals

*

Offline needhelpplz

  • Bronze Member
  • 12
Re: [ In Progress ] Popups,Trojan.Vundo andTrojan.Metajuan
« Reply #4 on: February 27, 2009, 07:07:44 PM »
bamajim,

Here's the info you requested

Thank you,


Malwarebytes' Anti-Malware 1.34
Database version: 1807
Windows 5.1.2600 Service Pack 3

2/26/2009 8:24:24 PM
mbam-log-2009-02-26 (20-24-24).txt

Scan type: Quick Scan
Objects scanned: 66789
Time elapsed: 3 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 18
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 45

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\opnkllKa.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\imcoxi.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\awtqrsQi.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awtqrsqi (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7e97978c-01d0-4dfc-9dcf-c22c992f238a} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7e97978c-01d0-4dfc-9dcf-c22c992f238a} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a53c4498-1108-4b26-8e24-bbb2788dc4d9} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a53c4498-1108-4b26-8e24-bbb2788dc4d9} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7e97978c-01d0-4dfc-9dcf-c22c992f238a} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a53c4498-1108-4b26-8e24-bbb2788dc4d9} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\opnkllka -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\opnkllka  -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\awtqrsQi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\imcoxi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\opnkllKa.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\aKllknpo.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\aKllknpo.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awtqrqRk.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kRqrqtwa.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kRqrqtwa.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\byXNddab.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\baddNXyb.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\baddNXyb.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\byXOifEu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uEfiOXyb.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uEfiOXyb.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ddcDuVlj.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jlVuDcdd.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jlVuDcdd.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\efcaXpPj.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jPpXacfe.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jPpXacfe.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kuwkwquf.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fuqwkwuk.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opnmljjj.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jjjlmnpo.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jjjlmnpo.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wvUkIARh.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hRAIkUvw.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hRAIkUvw.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wvUkKaab.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\baaKkUvw.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\baaKkUvw.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wyotnerr.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rrentoyw.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xxyaxuSK.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\KSuxayxx.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\KSuxayxx.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ievunnfh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\evolilnl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mqchlcsk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nsfnqjds.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wdtruqng.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cwdqespi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mwmdkvbb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ykflxn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

*

Offline needhelpplz

  • Bronze Member
  • 12
Re: [ In Progress ] Popups,Trojan.Vundo andTrojan.Metajuan
« Reply #5 on: February 27, 2009, 07:45:48 PM »
bamajim,

After running the scan and restarting my computer is running very slow. if i go into IE it opens 30 windows

*

Offline bamajim

  • Administrator
  • Platinum Member
  • 3116
Re: [ In Progress ] Popups,Trojan.Vundo andTrojan.Metajuan
« Reply #6 on: March 01, 2009, 08:18:08 PM »
needhelpplz

Rerun FileLister and post a fresh Fileleister log

2008-2010
Rights cannot exist without morals

*

Offline needhelpplz

  • Bronze Member
  • 12
Re: [ In Progress ] Popups,Trojan.Vundo andTrojan.Metajuan
« Reply #7 on: March 01, 2009, 10:02:05 PM »
bamajim,

While i was waiting for your reply i ran Ad Aware SE just to try it out and it was able to grab some file that malwarebytes didn't. Here's the files, I thought this might help. My computer seems to be acting normal for now. i will still run FileLister log below

Thank You for all the help so far.



ArchiveData(auto-quarantine- 2009-02-27 20-17-50.bckp)
Referencefile : SE1R339 23.02.2009
======================================================

MRU LIST
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[0]=MRU FileReference : C:\Documents and Settings\owner\recent\114_1414.AVI.lnk
obj[1]=MRU FileReference : C:\Documents and Settings\owner\recent\117_1769(2).jpg.lnk
obj[2]=MRU FileReference : C:\Documents and Settings\owner\recent\117_1769(3).jpg.lnk
obj[3]=MRU FileReference : C:\Documents and Settings\owner\recent\117_1769.jpg.lnk
obj[4]=MRU FileReference : C:\Documents and Settings\owner\recent\117_1770(2).jpg.lnk
obj[5]=MRU FileReference : C:\Documents and Settings\owner\recent\117_1770(3).jpg.lnk
obj[6]=MRU FileReference : C:\Documents and Settings\owner\recent\117_1770.jpg.lnk
obj[7]=MRU RegReference : S-1-5-21-299502267-152049171-725345543-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\*
obj[8]=MRU RegReference : S-1-5-21-299502267-152049171-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.AVI
obj[9]=MRU RegReference : S-1-5-21-299502267-152049171-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.jpg
obj[10]=MRU RegReference : S-1-5-21-299502267-152049171-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.txt
obj[11]=MRU FileReference : C:\Documents and Settings\owner\recent\Files.txt.lnk
obj[13]=MRU RegReference : S-1-5-21-299502267-152049171-725345543-1003\software\microsoft\windows media\wmsdk\general computername
obj[14]=MRU RegReference : software\microsoft\direct3d\mostrecentapplication name
obj[15]=MRU RegReference : software\microsoft\directdraw\mostrecentapplication name
obj[16]=MRU RegReference : S-1-5-21-299502267-152049171-725345543-1003\software\microsoft\directinput\mostrecentapplication name
obj[17]=MRU RegReference : S-1-5-21-299502267-152049171-725345543-1003\software\microsoft\directinput\mostrecentapplication id
obj[18]=MRU RegReference : S-1-5-21-299502267-152049171-725345543-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
obj[12]=MRU RegReference : S-1-5-21-299502267-152049171-725345543-1003\software\nico mak computing\winzip\filemenu

WIN32.TROJAN-PSW.DELF
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[11]=Regkey : CLSID\{35CEC8A3-2BE6-11D2-8773-92E220524153}
obj[19]=File : c:\windows\system32\folonmco.dll

TRACKING COOKIE
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[12]=IECache Entry : Cookie:owner@advertising.com/
obj[13]=IECache Entry : Cookie:owner@ordie.adbureau.net/
obj[14]=IECache Entry : Cookie:owner@www.stopzilla.com/
obj[15]=IECache Entry : Cookie:owner@atdmt.com/
obj[16]=IECache Entry : Cookie:owner@tradedoubler.com/
obj[17]=IECache Entry : Cookie:owner@live365.com/
obj[18]=IECache Entry : Cookie:owner@doubleclick.net/


:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

Here's the file lister log




+++++++++++++++++++++++++++++++++
+ File Lister  Version 1.0.6
+
+  By bamajim / bamajim.com
+++++++++++++++++++++++++++++++++

Report ran on --->>>  3/1/2009 7:56:58 PM


====== Running Processes ======

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VentSrv\ventrilo_svc.exe
C:\Program Files\VentSrv\ventrilo_srv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\WINDOWS\System32\WScript.exe

====== BHO's under HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects ======

BHO: (NO NAME) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

BHO: (NO NAME) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

BHO: (NO NAME) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

BHO: (NO NAME) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

====== Values under HKLM\~\Run ======

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDrvEmulator"="\"C:\\Program Files\\Creative\\Shared Files\\Module Loader\\DLLML.exe\" -1 AudioDrvEmulator \"C:\\Program Files\\Creative\\Shared Files\\Module Loader\\Audio Emulator\\AudDrvEm.dll\""
"zBrowser Launcher"="C:\\Program Files\\Logitech\\iTouch\\iTouch.exe"
@=""
"NVIDIA nTune"="\"C:\\Program Files\\NVIDIA Corporation\\nTune\\\\nTune.exe\" clear"
"Logitech Utility"="Logi_MwX.Exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"


====== Values under HKCU\~\Run ======

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]


====== Folders and Files from "%\" and "%\Windows" Created Last 60 Days ======

2/25/2009 11:59:50 AM    3225    32    C:\Files.txt
1/13/2009 7:22:28 PM    956894    C:\WINDOWS\$NtUninstallKB958687$
1/13/2009 7:22:28 PM    623070    C:\WINDOWS\$NtUninstallKB958687$\spuninst
2/9/2009 10:12:38 AM    616    32    C:\WINDOWS\eReg.dat
1/13/2009 7:22:20 PM    9755    32    C:\WINDOWS\KB958687.log
2/10/2009 9:44:46 AM    403026    32    C:\WINDOWS\ntbtlog.txt
2/1/2009 8:59:11 PM    0    32    C:\WINDOWS\system32\9b10ce72-.txt
2/17/2009 4:46:19 AM    1620202    6    C:\WINDOWS\system32\aanrdudi.ini
2/1/2009 8:58:48 PM    31813    38    C:\WINDOWS\system32\AKUDeMoq.ini
2/1/2009 8:58:49 PM    36042    38    C:\WINDOWS\system32\AKUDeMoq.ini2
2/16/2009 7:25:36 AM    1599490    6    C:\WINDOWS\system32\clwbreib.ini
2/19/2009 11:16:49 AM    1627630    6    C:\WINDOWS\system32\cpssagvl.ini
2/6/2009 7:44:11 PM    1580262    38    C:\WINDOWS\system32\donbjeph.ini
2/1/2009 9:04:52 PM    1523788    38    C:\WINDOWS\system32\fluupgeu.ini
2/4/2009 9:43:42 AM    1566028    38    C:\WINDOWS\system32\gmtlrlpd.ini
2/3/2009 8:19:41 AM    1544349    38    C:\WINDOWS\system32\higbuwud.ini
2/18/2009 7:54:02 AM    1620202    6    C:\WINDOWS\system32\idquccxw.ini
2/14/2009 8:07:25 AM    1593556    6    C:\WINDOWS\system32\jrlwqamh.ini
2/25/2009 10:34:32 PM    1599703    6    C:\WINDOWS\system32\ldeafgvk.ini
2/11/2009 2:44:54 PM    1576264    6    C:\WINDOWS\system32\mphebnqa.ini
2/25/2009 10:31:30 PM    129024    32    C:\WINDOWS\system32\nlymut.dll
2/25/2009 10:31:29 PM    129024    32    C:\WINDOWS\system32\nsnyvxrg.dll
2/9/2009 10:06:43 AM    1586322    6    C:\WINDOWS\system32\ojxkxuky.ini
2/5/2009 7:19:15 PM    1580262    6    C:\WINDOWS\system32\oyrowwdk.ini
2/8/2009 6:31:01 PM    1580261    6    C:\WINDOWS\system32\qmdhubae.ini
2/15/2009 5:04:31 PM    1593556    6    C:\WINDOWS\system32\saspabvv.ini
2/12/2009 9:13:55 PM    1593556    6    C:\WINDOWS\system32\tvjhdsjh.ini
2/25/2009 9:04:46 AM    129024    32    C:\WINDOWS\system32\wxtrslyl.dll
2/7/2009 8:29:43 PM    1580261    6    C:\WINDOWS\system32\xlscftnu.ini

====== Files under "\Administrator\Startup" Last 60 Days======



====== Files under "\All Users\Startup" Last 60 Days======


====== Folders under "\Program Files" Last 60 Days======

2/26/2009 8:18:31 PM    4153220    C:\Program Files\Malwarebytes' Anti-Malware
2/26/2009 8:18:31 PM    372760    C:\Program Files\Malwarebytes' Anti-Malware\Languages

====== Files under "\System32\Drivers" Last 60 Days======

2/26/2009 8:18:35 PM    15504    32    C:\WINDOWS\system32\drivers\mbam.sys
2/26/2009 8:18:32 PM    38496    32    C:\WINDOWS\system32\drivers\mbamswissarmy.sys

====== Files Deleted under "%Temp%" ======

C:\DOCUME~1\owner\LOCALS~1\Temp\002-1.mpg
C:\DOCUME~1\owner\LOCALS~1\Temp\002.mpg
C:\DOCUME~1\owner\LOCALS~1\Temp\02-1.mpg
C:\DOCUME~1\owner\LOCALS~1\Temp\02.mpg
C:\DOCUME~1\owner\LOCALS~1\Temp\03-1.mpg
C:\DOCUME~1\owner\LOCALS~1\Temp\03-2.mpg
C:\DOCUME~1\owner\LOCALS~1\Temp\03.mpg
C:\DOCUME~1\owner\LOCALS~1\Temp\04.mpg
C:\DOCUME~1\owner\LOCALS~1\Temp\0926081222a.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\ahlocini.tmp
C:\DOCUME~1\owner\LOCALS~1\Temp\AT11041-MD500.wmv
C:\DOCUME~1\owner\LOCALS~1\Temp\Cali 118.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\etilqs_0IrbXjQ768x0jW4NmFhM
C:\DOCUME~1\owner\LOCALS~1\Temp\Filelister.vbe
C:\DOCUME~1\owner\LOCALS~1\Temp\FileLister.zip
C:\DOCUME~1\owner\LOCALS~1\Temp\folonmco.dat
C:\DOCUME~1\owner\LOCALS~1\Temp\Image000.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\Image001.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\Image002.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\Image003.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\Image004.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\Image005.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\Image006.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\Image007.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\Image008.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\Image009.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\Image010.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\Image011.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\Image012.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\Image013j.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\Image014.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\Image015.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\Image016.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\Image017.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\Image018.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\Image019.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\Image020.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\Image021.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\Image022t.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\Image023.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\Image024.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\Image025.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\Image026.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\Image027..jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\Image028.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\Image029a.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\Image031a.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\Image032.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\Image033.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\Image034a.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\Image035a.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\Image036.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\Image037g.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\Image038..jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\Image039.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\Image040.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\Image041.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\Image042.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\Image043.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\InsiderSecretsreport1.zip
C:\DOCUME~1\owner\LOCALS~1\Temp\julia-bond1.wmv
C:\DOCUME~1\owner\LOCALS~1\Temp\julia-bond2.wmv
C:\DOCUME~1\owner\LOCALS~1\Temp\julia-bond3-1.wmv
C:\DOCUME~1\owner\LOCALS~1\Temp\julia-bond3.wmv
C:\DOCUME~1\owner\LOCALS~1\Temp\m04.mpg
C:\DOCUME~1\owner\LOCALS~1\Temp\P.txt
C:\DOCUME~1\owner\LOCALS~1\Temp\Photo_111107_001.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\poweciebxwe.tmp
C:\DOCUME~1\owner\LOCALS~1\Temp\R.txt
C:\DOCUME~1\owner\LOCALS~1\Temp\sc.txt
C:\DOCUME~1\owner\LOCALS~1\Temp\set33.tmp
C:\DOCUME~1\owner\LOCALS~1\Temp\setB.tmp
C:\DOCUME~1\owner\LOCALS~1\Temp\sojejjw.tmp
C:\DOCUME~1\owner\LOCALS~1\Temp\spider 001.JPG
C:\DOCUME~1\owner\LOCALS~1\Temp\ST418-Rafale.wmv
C:\DOCUME~1\owner\LOCALS~1\Temp\summer fun 08 027.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\summer fun 08 036.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\summer fun 08 038-1.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\summer fun 08 038.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\summer fun 08 047.jpg
C:\DOCUME~1\owner\LOCALS~1\Temp\temp.fr231F
C:\DOCUME~1\owner\LOCALS~1\Temp\wewdoasucra.tmp
C:\DOCUME~1\owner\LOCALS~1\Temp\weylaca.tmp
C:\DOCUME~1\owner\LOCALS~1\Temp\ztod-2-young-to-fall-in-love-62.mpg
C:\DOCUME~1\owner\LOCALS~1\Temp\ztod-2-young-to-fall-in-love-63.mpg
C:\DOCUME~1\owner\LOCALS~1\Temp\ztod-whos-your-daddy-8-41.mpg
C:\DOCUME~1\owner\LOCALS~1\Temp\_is7.tmp
C:\DOCUME~1\owner\LOCALS~1\Temp\_isB.tmp
C:\DOCUME~1\owner\LOCALS~1\Temp\~DF8A0E.tmp

89 Files deleted

====== Files and Folders under "All Users\Application Data" Last 60 Days======

2/26/2009 8:18:31 PM    1701172    C:\Documents and Settings\All Users\Application Data\Malwarebytes
2/26/2009 8:18:31 PM    1701172    C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware

 ====== Possible Rootkit Scan (Note: Items listed here are not necessarily bad)======


====== Values under HKLM\Software\microsoft\shared tools\msconfig\startupreg ======

HKLM\Software\microsoft\shared tools\msconfig\startupreg\AnyDVD


HKLM\Software\microsoft\shared tools\msconfig\startupreg\CTHelper


HKLM\Software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp


HKLM\Software\microsoft\shared tools\msconfig\startupreg\Dell AIO Printer A940


HKLM\Software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray


HKLM\Software\microsoft\shared tools\msconfig\startupreg\iTunesHelper


HKLM\Software\microsoft\shared tools\msconfig\startupreg\Logitech Utility


HKLM\Software\microsoft\shared tools\msconfig\startupreg\MsnMsgr


HKLM\Software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck


HKLM\Software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon


HKLM\Software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter


HKLM\Software\microsoft\shared tools\msconfig\startupreg\nwiz


HKLM\Software\microsoft\shared tools\msconfig\startupreg\OrderReminder


HKLM\Software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication


HKLM\Software\microsoft\shared tools\msconfig\startupreg\QuickTime Task


HKLM\Software\microsoft\shared tools\msconfig\startupreg\RemoteControl


HKLM\Software\microsoft\shared tools\msconfig\startupreg\SoundMan


HKLM\Software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched


HKLM\Software\microsoft\shared tools\msconfig\startupreg\updateMgr


HKLM\Software\microsoft\shared tools\msconfig\startupreg\UpdReg


HKLM\Software\microsoft\shared tools\msconfig\startupreg\VolPanel


HKLM\Software\microsoft\shared tools\msconfig\startupreg\vptray


HKLM\Software\microsoft\shared tools\msconfig\startupreg\WatchDog


HKLM\Software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG


HKLM\Software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager


====== Services ( Services that are Whitelisted are not shown) ======

Abiosdsk (Abiosdsk)-  - Disabled/Stopped
abp480n5 (abp480n5)-  - Disabled/Stopped
ACPI (Microsoft ACPI Driver)- C:\WINDOWS\system32\DRIVERS\ACPI.sys - Boot/Running
ACPIEC (ACPIEC)- C:\WINDOWS\system32\drivers\ACPIEC.sys - Disabled/Stopped
adpu160m (adpu160m)-  - Disabled/Stopped
aec (Microsoft Kernel Acoustic Echo Canceller)- C:\WINDOWS\system32\drivers\aec.sys - Manual/Stopped
AFD (AFD)- C:\WINDOWS\system32\drivers\afd.sys - System/Running
Aha154x (Aha154x)-  - Disabled/Stopped
aic78u2 (aic78u2)-  - Disabled/Stopped
aic78xx (aic78xx)-  - Disabled/Stopped
ALCXWDM (Service for Realtek AC97 Audio (WDM))- C:\WINDOWS\system32\drivers\ALCXWDM.SYS - Manual/Stopped
AliIde (AliIde)-  - Disabled/Stopped
amsint (amsint)-  - Disabled/Stopped
AnyDVD (AnyDVD)- C:\WINDOWS\system32\Drivers\AnyDVD.sys - Manual/Running
asc (asc)-  - Disabled/Stopped
asc3350p (asc3350p)-  - Disabled/Stopped
asc3550 (asc3550)-  - Disabled/Stopped
ASInsHelp (ASInsHelp)- \??\C:\WINDOWS\system32\drivers\AsInsHelp32.sys - Auto/Running
AsIO (AsIO)- \??\C:\WINDOWS\system32\drivers\AsIO.sys - System/Running
AsyncMac (RAS Asynchronous Media Driver)- C:\WINDOWS\system32\DRIVERS\asyncmac.sys - Manual/Stopped
atapi (Standard IDE/ESDI Hard Disk Controller)- C:\WINDOWS\system32\DRIVERS\atapi.sys - Boot/Running
Atdisk (Atdisk)-  - Disabled/Stopped
Atmarpc (ATM ARP Client Protocol)- C:\WINDOWS\system32\DRIVERS\atmarpc.sys - Manual/Stopped
audstub (Audio Stub Driver)- C:\WINDOWS\system32\DRIVERS\audstub.sys - Manual/Running
Beep (Beep)- C:\WINDOWS\system32\drivers\Beep.sys - System/Running
cbidf2k (cbidf2k)- C:\WINDOWS\system32\drivers\cbidf2k.sys - Disabled/Stopped
CCDECODE (Closed Caption Decoder)- C:\WINDOWS\system32\DRIVERS\CCDECODE.sys - Manual/Stopped
cd20xrnt (cd20xrnt)-  - Disabled/Stopped
Cdaudio (Cdaudio)- C:\WINDOWS\system32\drivers\Cdaudio.sys - System/Stopped
Cdfs (Cdfs)- C:\WINDOWS\system32\drivers\Cdfs.sys - Disabled/Running
cdrbsdrv (cdrbsdrv)- C:\WINDOWS\system32\drivers\cdrbsdrv.sys - System/Running
Cdrom (CD-ROM Driver)- C:\WINDOWS\system32\DRIVERS\cdrom.sys - System/Running
Changer (Changer)-  - System/Stopped
CmdIde (CmdIde)-  - Disabled/Stopped
COMMONFX.DLL (COMMONFX.DLL)- C:\WINDOWS\system32\COMMONFX.DLL - Manual/Stopped
Cpqarray (Cpqarray)-  - Disabled/Stopped
CT20XUT.DLL (CT20XUT.DLL)- C:\WINDOWS\system32\CT20XUT.DLL - Manual/Running
ctac32k (Creative AC3 Software Decoder)- C:\WINDOWS\system32\drivers\ctac32k.sys - Manual/Running
ctaud2k (Creative Audio Driver (WDM))- C:\WINDOWS\system32\drivers\ctaud2k.sys - Manual/Running
CTAUDFX.DLL (CTAUDFX.DLL)- C:\WINDOWS\system32\CTAUDFX.DLL - Manual/Stopped
ctdvda2k (Creative DVD-Audio Device Driver)- C:\WINDOWS\system32\drivers\ctdvda2k.sys - Manual/Stopped
CTEAPSFX.DLL (CTEAPSFX.DLL)- C:\WINDOWS\system32\CTEAPSFX.DLL - Manual/Stopped
CTEDSPFX.DLL (CTEDSPFX.DLL)- C:\WINDOWS\system32\CTEDSPFX.DLL - Manual/Stopped
CTEDSPIO.DLL (CTEDSPIO.DLL)- C:\WINDOWS\system32\CTEDSPIO.DLL - Manual/Stopped
CTEDSPSY.DLL (CTEDSPSY.DLL)- C:\WINDOWS\system32\CTEDSPSY.DLL - Manual/Stopped
CTERFXFX.DLL (CTERFXFX.DLL)- C:\WINDOWS\system32\CTERFXFX.DLL - Manual/Stopped
CTEXFIFX.DLL (CTEXFIFX.DLL)- C:\WINDOWS\system32\CTEXFIFX.DLL - Manual/Running
CTHWIUT.DLL (CTHWIUT.DLL)- C:\WINDOWS\system32\CTHWIUT.DLL - Manual/Running
ctprxy2k (Creative Proxy Driver)- C:\WINDOWS\system32\drivers\ctprxy2k.sys - Manual/Running
CTSBLFX.DLL (CTSBLFX.DLL)- C:\WINDOWS\system32\CTSBLFX.DLL - Manual/Stopped
ctsfm2k (Creative SoundFont Management Device Driver)- C:\WINDOWS\system32\drivers\ctsfm2k.sys - Manual/Running
dac960nt (dac960nt)-  - Disabled/Stopped
Disk (Disk Driver)- C:\WINDOWS\system32\DRIVERS\disk.sys - Boot/Running
dmboot (dmboot)- C:\WINDOWS\system32\drivers\dmboot.sys - Disabled/Stopped
dmio (Logical Disk Manager Driver)- C:\WINDOWS\system32\drivers\dmio.sys - Boot/Running
dmload (dmload)- C:\WINDOWS\system32\drivers\dmload.sys - Boot/Running
DMusic (Microsoft Kernel DLS Syntheiszer)- C:\WINDOWS\system32\drivers\DMusic.sys - Manual/Stopped
dpti2o (dpti2o)-  - Disabled/Stopped
drmkaud (Microsoft Kernel DRM Audio Descrambler)- C:\WINDOWS\system32\drivers\drmkaud.sys - Manual/Stopped
eeCtrl (Symantec Eraser Control driver)- \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys - System/Running
ElbyCDIO (ElbyCDIO Driver)- C:\WINDOWS\system32\Drivers\ElbyCDIO.sys - System/Running
ElbyDelay (ElbyDelay)- C:\WINDOWS\system32\Drivers\ElbyDelay.sys - Manual/Running
emupia (E-mu Plug-in Architecture Driver)- C:\WINDOWS\system32\drivers\emupia2k.sys - Manual/Running
Fastfat (Fastfat)- C:\WINDOWS\system32\drivers\Fastfat.sys - Disabled/Stopped
Fdc (Floppy Disk Controller Driver)- C:\WINDOWS\system32\DRIVERS\fdc.sys - Manual/Running
Fips (Fips)- C:\WINDOWS\system32\drivers\Fips.sys - System/Running
Flpydisk (Floppy Disk Driver)- C:\WINDOWS\system32\DRIVERS\flpydisk.sys - Manual/Running
FltMgr (FltMgr)- C:\WINDOWS\system32\drivers\fltmgr.sys - Boot/Running
Ftdisk (Volume Manager Driver)- C:\WINDOWS\system32\DRIVERS\ftdisk.sys - Boot/Running
gameenum (Game Port Enumerator)- C:\WINDOWS\system32\DRIVERS\gameenum.sys - Manual/Running
GEARAspiWDM (GEARAspiWDM)- C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys - Manual/Running
Gpc (Generic Packet Classifier)- C:\WINDOWS\system32\DRIVERS\msgpc.sys - Manual/Running
ha20x2k (Creative 20X HAL Driver)- C:\WINDOWS\system32\drivers\ha20x2k.sys - Manual/Running
hamachi (Hamachi Network Interface)- C:\WINDOWS\system32\DRIVERS\hamachi.sys - Manual/Stopped
hidgame (Microsoft Hid to Joystick Port Enabler)- C:\WINDOWS\system32\DRIVERS\hidgame.sys - Manual/Stopped
hidusb (Microsoft HID Class Driver)- C:\WINDOWS\system32\DRIVERS\hidusb.sys - Manual/Running
hpn (hpn)-  - Disabled/Stopped
HTTP (HTTP)- C:\WINDOWS\system32\Drivers\HTTP.sys - Manual/Running
i2omgmt (i2omgmt)-  - System/Stopped
i2omp (i2omp)-  - Disabled/Stopped
i8042prt (i8042 Keyboard and PS/2 Mouse Port Driver)- C:\WINDOWS\system32\DRIVERS\i8042prt.sys - System/Stopped
Imapi (CD-Burning Filter Driver)- C:\WINDOWS\system32\DRIVERS\imapi.sys - System/Running
ini910u (ini910u)-  - Disabled/Stopped
IntelIde (IntelIde)-  - Disabled/Stopped
Ip6Fw (IPv6 Windows Firewall Driver)- C:\WINDOWS\system32\drivers\ip6fw.sys - Manual/Stopped
IpFilterDriver (IP Traffic Filter Driver)- C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys - Manual/Stopped
IpInIp (IP in IP Tunnel Driver)- C:\WINDOWS\system32\DRIVERS\ipinip.sys - Manual/Stopped
IpNat (IP Network Address Translator)- C:\WINDOWS\system32\DRIVERS\ipnat.sys - Manual/Running
IPSec (IPSEC driver)- C:\WINDOWS\system32\DRIVERS\ipsec.sys - System/Running
IRENUM (IR Enumerator Service)- C:\WINDOWS\system32\DRIVERS\irenum.sys - Manual/Stopped
isapnp (PnP ISA/EISA Bus Driver)- C:\WINDOWS\system32\DRIVERS\isapnp.sys - Boot/Running
itchfltr (iTouch Keyboard Filter)- C:\WINDOWS\system32\Drivers\itchfltr.sys - Manual/Stopped
Kbdclass (Keyboard Class Driver)- C:\WINDOWS\system32\DRIVERS\kbdclass.sys - System/Running
kbdhid (Keyboard HID Driver)- C:\WINDOWS\system32\DRIVERS\kbdhid.sys - System/Running
kmixer (Microsoft Kernel Wave Audio Mixer)- C:\WINDOWS\system32\drivers\kmixer.sys - Manual/Stopped
KSecDD (KSecDD)- C:\WINDOWS\system32\drivers\KSecDD.sys - Boot/Running
lbrtfdc (lbrtfdc)-  - System/Stopped
LCcfltr (Logitech USB Filter Driver)- C:\WINDOWS\system32\Drivers\LCcFltr.Sys - Manual/Running
LHidFlt2 (Logitech HID/USB Mouse Filter Driver)- C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys - Manual/Running
LHidUsb (Logitech USB Receiver device driver)- C:\WINDOWS\system32\Drivers\LHidUsb.Sys - Manual/Running
LMouFlt2 (Logitech Mouse Class Filter Driver)- C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys - Manual/Running
mnmdd (mnmdd)- C:\WINDOWS\system32\drivers\mnmdd.sys - System/Running
Modem (Modem)- C:\WINDOWS\system32\drivers\Modem.sys - Manual/Stopped
MotoSwitchService (MotoSwitch Service)- C:\WINDOWS\system32\DRIVERS\motswch.sys - Manual/Stopped
Mouclass (Mouse Class Driver)- C:\WINDOWS\system32\DRIVERS\mouclass.sys - System/Running
mouhid (Mouse HID Driver)- C:\WINDOWS\system32\DRIVERS\mouhid.sys - Manual/Running
MountMgr (Mount Point Manager)- C:\WINDOWS\system32\drivers\MountMgr.sys - Boot/Running
mqdmbus (Motorola DM Composite Driver (WDM))- C:\WINDOWS\system32\DRIVERS\mqdmbus.sys - Manual/Stopped
mqdmmdfl (Motorola USB Modem (Filter))- C:\WINDOWS\system32\DRIVERS\mqdmmdfl.sys - Manual/Stopped
mqdmmdm (Motorola USB Modem)- C:\WINDOWS\system32\DRIVERS\mqdmmdm.sys - Manual/Stopped
mqdmserd (Motorola USB Diag)- C:\WINDOWS\system32\DRIVERS\mqdmserd.sys - Manual/Stopped
mraid35x (mraid35x)-  - Disabled/Stopped
MRxDAV (WebDav Client Redirector)- C:\WINDOWS\system32\DRIVERS\mrxdav.sys - Manual/Running
MRxSmb (MRXSMB)- C:\WINDOWS\system32\DRIVERS\mrxsmb.sys - System/Running
Msfs (Msfs)- C:\WINDOWS\system32\drivers\Msfs.sys - System/Running
MSKSSRV (Microsoft Streaming Service Proxy)- C:\WINDOWS\system32\drivers\MSKSSRV.sys - Manual/Stopped
MSPCLOCK (Microsoft Streaming Clock Proxy)- C:\WINDOWS\system32\drivers\MSPCLOCK.sys - Manual/Stopped
MSPQM (Microsoft Streaming Quality Manager Proxy)- C:\WINDOWS\system32\drivers\MSPQM.sys - Manual/Stopped
mssmbios (Microsoft System Management BIOS Driver)- C:\WINDOWS\system32\DRIVERS\mssmbios.sys - Manual/Running
MSTEE (Microsoft Streaming Tee/Sink-to-Sink Converter)- C:\WINDOWS\system32\drivers\MSTEE.sys - Manual/Stopped
ms_mpu401 (Microsoft MPU-401 MIDI UART Driver)- C:\WINDOWS\system32\drivers\msmpu401.sys - Manual/Running
MTsensor (ATK0110 ACPI UTILITY)- C:\WINDOWS\system32\DRIVERS\ASACPI.sys - Manual/Running
Mup (Mup)- C:\WINDOWS\system32\drivers\Mup.sys - Boot/Running
NABTSFEC (NABTS/FEC VBI Codec)- C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys - Manual/Stopped
NAVAP (NAVAP)- \??\C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAP.sys - Manual/Running
NAVAPEL (NAVAPEL)- \??\C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPEL.SYS - Auto/Running
NAVENG (NAVENG)- \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090226.003\NAVENG.sys - Manual/Running
NAVEX15 (NAVEX15)- \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090226.003\NAVEX15.sys - Manual/Running
NDIS (NDIS System Driver)- C:\WINDOWS\system32\drivers\NDIS.sys - Boot/Running
NdisIP (Microsoft TV/Video Connection)- C:\WINDOWS\system32\DRIVERS\NdisIP.sys - Manual/Stopped
NdisTapi (Remote Access NDIS TAPI Driver)- C:\WINDOWS\system32\DRIVERS\ndistapi.sys - Manual/Running
Ndisuio (NDIS Usermode I/O Protocol)- C:\WINDOWS\system32\DRIVERS\ndisuio.sys - Manual/Running
NdisWan (Remote Access NDIS WAN Driver)- C:\WINDOWS\system32\DRIVERS\ndiswan.sys - Manual/Running
NDProxy (NDIS Proxy)- C:\WINDOWS\system32\drivers\NDProxy.sys - Manual/Running
NetBIOS (NetBIOS Interface)- C:\WINDOWS\system32\DRIVERS\netbios.sys - System/Running
NetBT (NetBios over Tcpip)- C:\WINDOWS\system32\DRIVERS\netbt.sys - System/Running
nmwcd (Nokia USB Phone Parent)- C:\WINDOWS\system32\drivers\nmwcd.sys - Manual/Stopped
nmwcdc (Nokia USB Generic)- C:\WINDOWS\system32\drivers\nmwcdc.sys - Manual/Stopped
nmwcdcj (Nokia USB Port)- C:\WINDOWS\system32\drivers\nmwcdcj.sys - Manual/Stopped
nmwcdcm (Nokia USB Modem)- C:\WINDOWS\system32\drivers\nmwcdcm.sys - Manual/Stopped
Npfs (Npfs)- C:\WINDOWS\system32\drivers\Npfs.sys - System/Running
NPPTNT2 (NPPTNT2)- \??\C:\WINDOWS\system32\npptNT2.sys - System/Running
Ntfs (Ntfs)- C:\WINDOWS\system32\drivers\Ntfs.sys - Disabled/Running
Null (Null)- C:\WINDOWS\system32\drivers\Null.sys - System/Running
nv (nv)- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys - Manual/Running
nvatabus (nvatabus)- C:\WINDOWS\system32\DRIVERS\nvatabus.sys - Boot/Running
NVENETFD (NVIDIA nForce Networking Controller Driver)- C:\WINDOWS\system32\DRIVERS\NVENETFD.sys - Manual/Running
nvnetbus (NVIDIA Network Bus Enumerator)- C:\WINDOWS\system32\DRIVERS\nvnetbus.sys - Manual/Running
NVR0Dev (NVR0Dev)- \??\C:\WINDOWS\nvoclock.sys - Manual/Stopped
NwlnkFlt (IPX Traffic Filter Driver)- C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys - Manual/Stopped
NwlnkFwd (IPX Traffic Forwarder Driver)- C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys - Manual/Stopped
ossrv (Creative OS Services Driver)- C:\WINDOWS\system32\drivers\ctoss2k.sys - Manual/Running
P2k (Motorola USB Device)- C:\WINDOWS\system32\DRIVERS\P2k.sys - Manual/Stopped
Parport (Parallel port driver)- C:\WINDOWS\system32\DRIVERS\parport.sys - Manual/Running
PartMgr (Partition Manager)- C:\WINDOWS\system32\drivers\PartMgr.sys - Boot/Running
ParVdm (ParVdm)- C:\WINDOWS\system32\drivers\ParVdm.sys - Auto/Running
PCI (PCI Bus Driver)- C:\WINDOWS\system32\DRIVERS\pci.sys - Boot/Running
PCIDump (PCIDump)-  - System/Stopped
PCIIde (PCIIde)- C:\WINDOWS\system32\DRIVERS\pciide.sys - Boot/Running
Pcmcia (Pcmcia)- C:\WINDOWS\system32\drivers\Pcmcia.sys - Disabled/Stopped
PDCOMP (PDCOMP)-  - Manual/Stopped
PDFRAME (PDFRAME)-  - Manual/Stopped
PDRELI (PDRELI)-  - Manual/Stopped
PDRFRAME (PDRFRAME)-  - Manual/Stopped
perc2 (perc2)-  - Disabled/Stopped
perc2hib (perc2hib)-  - Disabled/Stopped
PptpMiniport (WAN Miniport (PPTP))- C:\WINDOWS\system32\DRIVERS\raspptp.sys - Manual/Running
Processor (Processor Driver)- C:\WINDOWS\system32\DRIVERS\processr.sys - System/Running
PSched (QoS Packet Scheduler)- C:\WINDOWS\system32\DRIVERS\psched.sys - Manual/Running
Ptilink (Direct Parallel Link Driver)- C:\WINDOWS\system32\DRIVERS\ptilink.sys - Manual/Running
PxHelp20 (PxHelp20)- C:\WINDOWS\system32\Drivers\PxHelp20.sys - Boot/Running
ql1080 (ql1080)-  - Disabled/Stopped
Ql10wnt (Ql10wnt)-  - Disabled/Stopped
ql12160 (ql12160)-  - Disabled/Stopped
ql1240 (ql1240)-  - Disabled/Stopped
ql1280 (ql1280)-  - Disabled/Stopped
RasAcd (Remote Access Auto Connection Driver)- C:\WINDOWS\system32\DRIVERS\rasacd.sys - System/Running
Rasl2tp (WAN Miniport (L2TP))- C:\WINDOWS\system32\DRIVERS\rasl2tp.sys - Manual/Running
RasPppoe (Remote Access PPPOE Driver)- C:\WINDOWS\system32\DRIVERS\raspppoe.sys - Manual/Running
Raspti (Direct Parallel)- C:\WINDOWS\system32\DRIVERS\raspti.sys - Manual/Running
Rdbss (Rdbss)- C:\WINDOWS\system32\DRIVERS\rdbss.sys - System/Running
RDPCDD (RDPCDD)- C:\WINDOWS\system32\DRIVERS\RDPCDD.sys - System/Running
rdpdr (Terminal Server Device Redirector Driver)- C:\WINDOWS\system32\DRIVERS\rdpdr.sys - Manual/Running
RDPWD (RDPWD)- C:\WINDOWS\system32\drivers\RDPWD.sys - Manual/Stopped
redbook (Digital CD Audio Playback Filter Driver)- C:\WINDOWS\system32\DRIVERS\redbook.sys - System/Running
Secdrv (Secdrv)- C:\WINDOWS\system32\DRIVERS\secdrv.sys - Auto/Running
serenum (Serenum Filter Driver)- C:\WINDOWS\system32\DRIVERS\serenum.sys - Manual/Running
Serial (Serial port driver)- C:\WINDOWS\system32\DRIVERS\serial.sys - System/Running
Sfloppy (Sfloppy)- C:\WINDOWS\system32\drivers\Sfloppy.sys - System/Stopped
Simbad (Simbad)-  - Disabled/Stopped
SLIP (BDA Slip De-Framer)- C:\WINDOWS\system32\DRIVERS\SLIP.sys - Manual/Stopped
sonypvs1 (Sony Digital Imaging Video2)- C:\WINDOWS\system32\DRIVERS\sonypvs1.sys - Manual/Stopped
Sparrow (Sparrow)-  - Disabled/Stopped
splitter (Microsoft Kernel Audio Splitter)- C:\WINDOWS\system32\drivers\splitter.sys - Manual/Stopped
sr (System Restore Filter Driver)- C:\WINDOWS\system32\DRIVERS\sr.sys - Disabled/Stopped
Srv (Srv)- C:\WINDOWS\system32\DRIVERS\srv.sys - Manual/Running
streamip (BDA IPSink)- C:\WINDOWS\system32\DRIVERS\StreamIP.sys - Manual/Stopped
swenum (Software Bus Driver)- C:\WINDOWS\system32\DRIVERS\swenum.sys - Manual/Running
swmidi (Microsoft Kernel GS Wavetable Synthesizer)- C:\WINDOWS\system32\drivers\swmidi.sys - Manual/Stopped
symc810 (symc810)-  - Disabled/Stopped
symc8xx (symc8xx)-  - Disabled/Stopped
SymEvent (SymEvent)- \??\C:\Program Files\Symantec\SYMEVENT.SYS - Manual/Running
sym_hi (sym_hi)-  - Disabled/Stopped
sym_u3 (sym_u3)-  - Disabled/Stopped
sysaudio (Microsoft Kernel System Audio Device)- C:\WINDOWS\system32\drivers\sysaudio.sys - Manual/Running
Tcpip (TCP/IP Protocol Driver)- C:\WINDOWS\system32\DRIVERS\tcpip.sys - System/Running
TDPIPE (TDPIPE)- C:\WINDOWS\system32\drivers\TDPIPE.sys - Manual/Stopped
TDTCP (TDTCP)- C:\WINDOWS\system32\drivers\TDTCP.sys - Manual/Stopped
TermDD (Terminal Device Driver)- C:\WINDOWS\system32\DRIVERS\termdd.sys - System/Running
TosIde (TosIde)-  - Disabled/Stopped
Udfs (Udfs)- C:\WINDOWS\system32\drivers\Udfs.sys - Disabled/Stopped
ultra (ultra)-  - Disabled/Stopped
Update (Microcode Update Driver)- C:\WINDOWS\system32\DRIVERS\update.sys - Manual/Running
usbaudio (USB Audio Driver (WDM))- C:\WINDOWS\system32\drivers\usbaudio.sys - Manual/Stopped
usbccgp (Microsoft USB Generic Parent Driver)- C:\WINDOWS\system32\DRIVERS\usbccgp.sys - Manual/Running
usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver)- C:\WINDOWS\system32\DRIVERS\usbehci.sys - Manual/Running
usbhub (USB2 Enabled Hub)- C:\WINDOWS\system32\DRIVERS\usbhub.sys - Manual/Running
usbohci (Microsoft USB Open Host Controller Miniport Driver)- C:\WINDOWS\system32\DRIVERS\usbohci.sys - Manual/Running
usbprint (Microsoft USB PRINTER Class)- C:\WINDOWS\system32\DRIVERS\usbprint.sys - Manual/Stopped
usbscan (USB Scanner Driver)- C:\WINDOWS\system32\DRIVERS\usbscan.sys - Manual/Stopped
usbser (Motorola USB Modem Driver)- C:\WINDOWS\system32\DRIVERS\usbser.sys - Manual/Stopped
USBSTOR (USB Mass Storage Driver)- C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Manual/Stopped
VgaSave (VGA Display Controller.)- C:\WINDOWS\system32\drivers\vga.sys - System/Running
ViaIde (ViaIde)-  - Disabled/Stopped
VolSnap (VolSnap)- C:\WINDOWS\system32\drivers\VolSnap.sys - Boot/Running
Wanarp (Remote Access IP ARP Driver)- C:\WINDOWS\system32\DRIVERS\wanarp.sys - Manual/Running
WDICA (WDICA)-  - Manual/Stopped
wdmaud (Microsoft WINMM WDM Audio Compatibility Driver)- C:\WINDOWS\system32\drivers\wdmaud.sys - Manual/Running
WmBEnum (Logitech Virtual Bus Enumerator Driver)- C:\WINDOWS\system32\drivers\WmBEnum.sys - Manual/Running
WmVirHid (Logitech Virtual Hid Device Driver)- C:\WINDOWS\system32\drivers\WmVirHid.sys - Manual/Stopped
WmXlCore (Logitech WingMan Translation Layer Driver)- C:\WINDOWS\system32\drivers\WmXlCore.sys - Manual/Running
WpdUsb (WpdUsb)- C:\WINDOWS\system32\DRIVERS\wpdusb.sys - Manual/Stopped
WSTCODEC (World Standard Teletext Codec)- C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS - Manual/Stopped
WudfPf (Windows Driver Foundation - User-mode Driver Framework Platform Driver)- C:\WINDOWS\system32\DRIVERS\WudfPf.sys - Boot/Running
WudfRd (Windows Driver Foundation - User-mode Driver Framework Reflector)- C:\WINDOWS\system32\DRIVERS\wudfrd.sys - Manual/Stopped

====== Uninstall List From Registry ======

Windows Driver Package - Nokia Modem  (02/15/2007 3.1)
Windows Driver Package - Nokia (WUDFRd) WPD  (06/01/2007 6.84.33.0)
Windows Driver Package - MSN (usbccgp) USB  (04/19/2006 1.1.0.2)
Ad-Aware SE Professional
Adobe Acrobat 5.0
Adobe Flash Player 10 Plugin
Adobe Photoshop CS2
AnyDVD
Advanced Uninstaller PRO 2006 - version 7
Creative Audio Console
Windows Driver Package - Nokia Modem  (02/15/2007 3.1)
Call of Duty Game of the Year Edition
Windows Driver Package - Nokia Modem  (05/24/2007 6.84.0.1)
CloneDVD2
Comanche 4
Creative Software AutoUpdate
Dell AIO Printer A940
FMS
HijackThis 2.0.2
HP OrderReminder
LaserJet 1018
Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
Command & Conquer Generals
Age of Empires III - The WarChiefs
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
Age of Empires III
NVIDIA nTune
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
Call of Duty - United Offensive
Call of Duty(R) - World at War(TM) 1.1 Patch
Call of Duty(R) - World at War(TM)
iPod for Windows 2005-10-12
Call of Duty(R) 4 - Modern Warfare(TM)
Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch
Windows Media Format SDK Hotfix - KB891122
Windows Genuine Advantage Validation Tool (KB892130)
Hotfix for Windows Media Format SDK (KB902344)
Microsoft Base Smart Card Cryptographic Service Provider Package
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows XP (KB913433)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB923689)
Security Update for Windows Media Player 6.4 (KB925398)
Hotfix for Windows Media Format 11 SDK (KB929399)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows XP (KB938464)
Hotfix for Windows Media Player 11 (KB939683)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Update for Windows XP (KB951072-v2)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Update for Windows XP (KB951978)
Security Update for Windows Media Player (KB952069)
Hotfix for Windows XP (KB952287)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Update for Windows XP (KB955839)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960714)
LiveUpdate 1.80 (Symantec Corporation)
Lords of the Realm II
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Malwarebytes' Anti-Malware
Mavis Beacon Teaches Typing
Microsoft .NET Framework 1.1
Microsoft MSDN 2005 Express Edition - ENU
Microsoft Visual Basic 2005 Express Edition - ENU
Mozilla Firefox (3.0.6)
Microsoft Compression Client Pack 1.0 for Windows XP
MSN
Nokia PC Suite
NVIDIA Drivers
PunkBuster Services
SharpDevelop2 2.0.1
Macromedia Flash Player 8
Sierra Utilities
Silkroad
Starcraft
Creative System Information
TeamSpeak 2 RC2
TeamSpeak 2 Server RC2
Viewpoint Media Player
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Notifications (KB905474)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Player 11
Microsoft User-Mode Driver Framework Feature Pack 1.5
Jane's Combat Simulations WWII Fighters
Xfire (remove only)
Yahoo! Toolbar
Yahoo! Browser Services
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar
Yahoo! Install Manager
Logitech iTouch Software
Battlefield 2(TM)
Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
Command & Conquer Generals
QuickTime
Civilization III
Symantec AntiVirus Client
Nokia Connectivity Cable Driver
AutoUpdate
Sound Blaster X-Fi
Cool & Quiet
Age of Empires III - The WarChiefs
Picture Package
Star Wars Jedi Knight Jedi Academy
Adobe Photoshop CS2
Microsoft MSDN 2005 Express Edition - ENU
FEAR
J2SE Runtime Environment 5.0 Update 6
WebFldrs XP
MSXML 4.0 SP2 (KB927978)
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
Microsoft Visual Basic 2005 Express Edition - ENU
Logitech MouseWare 9.79.1
Sony USB Driver
America's Army
PowerDVD
iTunes
Age of Empires III
LiveUpdate BVRP Software
Adobe Stock Photos 1.0
Ventrilo Client
Windows Live Messenger
DivX
NVIDIA nTune
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Patch
Ventrilo Server
MSXML 4.0 SP2 (KB954430)
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
DivX Player
Adobe Common File Installer
Logitech Desktop Messenger
Microsoft Office Professional Edition 2003
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
Logitech Gaming Software
PC Connectivity Solution
Apple Software Update
Call of Duty - United Offensive
Nokia PC Suite
Adobe Reader 7.1.0
Tom Clancy's Rainbow Six 3: Raven Shield 1.60.412
Call of Duty(R) - World at War(TM) 1.1 Patch
Microsoft .NET Framework 2.0 Service Pack 1
DivX Web Player
Adobe Bridge 1.0
Company of Heroes
Creative MediaSource 5
MSXML 4.0 SP2 (KB936181)
First Step Guide
Microsoft .NET Framework 1.1
Nero 7 Demo
Motorola Software Update
Call of Duty(R) - World at War(TM)
iPod for Windows 2005-10-12
Diskeeper Professional Edition
Call of Duty(R) 4 - Modern Warfare(TM)
Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch
Adobe Help Center 1.0
mobile PhoneTools
ImageMixer VCD2
Realtek AC'97 Audio

======== Other Info ========

TOTAL PHYSICAL RAM: 2147 MB


*

Offline bamajim

  • Administrator
  • Platinum Member
  • 3116
Re: [ In Progress ] Popups,Trojan.Vundo andTrojan.Metajuan
« Reply #8 on: March 02, 2009, 10:59:31 AM »
needhelpplz

We still have a little work to do

1. Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop

(How to extract (decompress) zipped or compressed files, help in the link here: )
[/list]
2. Copy all the text contained in the bold below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to Delete:
C:\WINDOWS\system32\9b10ce72-.txt
C:\WINDOWS\system32\aanrdudi.ini
C:\WINDOWS\system32\AKUDeMoq.ini
C:\WINDOWS\system32\AKUDeMoq.ini2
C:\WINDOWS\system32\clwbreib.ini
C:\WINDOWS\system32\cpssagvl.ini
C:\WINDOWS\system32\donbjeph.ini
C:\WINDOWS\system32\fluupgeu.ini
C:\WINDOWS\system32\gmtlrlpd.ini
C:\WINDOWS\system32\higbuwud.ini
C:\WINDOWS\system32\idquccxw.ini
C:\WINDOWS\system32\jrlwqamh.ini
C:\WINDOWS\system32\ldeafgvk.ini
C:\WINDOWS\system32\mphebnqa.ini
C:\WINDOWS\system32\nlymut.dll
C:\WINDOWS\system32\nsnyvxrg.dll
C:\WINDOWS\system32\ojxkxuky.ini
C:\WINDOWS\system32\oyrowwdk.ini
C:\WINDOWS\system32\qmdhubae.ini
C:\WINDOWS\system32\saspabvv.ini
C:\WINDOWS\system32\tvjhdsjh.ini
C:\WINDOWS\system32\wxtrslyl.dll
C:\WINDOWS\system32\xlscftnu.ini


Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by clicking on its icon on your desktop.
  • Select Load Script
  • Select Paste from Clipboard
  • The information should now appear in the Open window
  • Select Execute
  • Answer Yes When prompted "Are you sure you want to execute the current script?"
4. The Avenger will automatically do the following:
  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply

2008-2010
Rights cannot exist without morals

*

Offline needhelpplz

  • Bronze Member
  • 12
Re: [ In Progress ] Popups,Trojan.Vundo andTrojan.Metajuan
« Reply #9 on: March 03, 2009, 10:41:42 PM »
bamajim,

Here is the log you requested.

20:33:07: Error: Invalid script.  A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform:  Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINDOWS\system32\9b10ce72-.txt" deleted successfully.
File "C:\WINDOWS\system32\aanrdudi.ini" deleted successfully.
File "C:\WINDOWS\system32\AKUDeMoq.ini" deleted successfully.
File "C:\WINDOWS\system32\AKUDeMoq.ini2" deleted successfully.
File "C:\WINDOWS\system32\clwbreib.ini" deleted successfully.
File "C:\WINDOWS\system32\cpssagvl.ini" deleted successfully.
File "C:\WINDOWS\system32\donbjeph.ini" deleted successfully.
File "C:\WINDOWS\system32\fluupgeu.ini" deleted successfully.
File "C:\WINDOWS\system32\gmtlrlpd.ini" deleted successfully.
File "C:\WINDOWS\system32\higbuwud.ini" deleted successfully.
File "C:\WINDOWS\system32\idquccxw.ini" deleted successfully.
File "C:\WINDOWS\system32\jrlwqamh.ini" deleted successfully.
File "C:\WINDOWS\system32\ldeafgvk.ini" deleted successfully.
File "C:\WINDOWS\system32\mphebnqa.ini" deleted successfully.
File "C:\WINDOWS\system32\nlymut.dll" deleted successfully.
File "C:\WINDOWS\system32\nsnyvxrg.dll" deleted successfully.
File "C:\WINDOWS\system32\ojxkxuky.ini" deleted successfully.
File "C:\WINDOWS\system32\oyrowwdk.ini" deleted successfully.
File "C:\WINDOWS\system32\qmdhubae.ini" deleted successfully.
File "C:\WINDOWS\system32\saspabvv.ini" deleted successfully.
File "C:\WINDOWS\system32\tvjhdsjh.ini" deleted successfully.
File "C:\WINDOWS\system32\wxtrslyl.dll" deleted successfully.
File "C:\WINDOWS\system32\xlscftnu.ini" deleted successfully.

Completed script processing.

*******************

Finished!  Terminate.

*

Offline bamajim

  • Administrator
  • Platinum Member
  • 3116
Re: [ In Progress ] Popups,Trojan.Vundo andTrojan.Metajuan
« Reply #10 on: March 04, 2009, 09:36:49 AM »
needhelpplz

Good work.

Rerun Hijackthis and post a fresh Hijackthis log.

And in your reply tell me how your PC is running now.

2008-2010
Rights cannot exist without morals

*

Offline needhelpplz

  • Bronze Member
  • 12
Re: [ In Progress ] Popups,Trojan.Vundo andTrojan.Metajuan
« Reply #11 on: March 04, 2009, 05:21:17 PM »
Hi Bamajim,

My PC seems to be work well. I would like to think you for all the help you gave me. SpywareHammer Rocks!!!

Thank you again

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:18:01 PM, on 3/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VentSrv\ventrilo_svc.exe
C:\Program Files\VentSrv\ventrilo_srv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15035/CTPID.cab
O20 - AppInit_DLLs: imcoxi.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe

--
End of file - 7653 bytes

*

Offline bamajim

  • Administrator
  • Platinum Member
  • 3116
Re: [ In Progress ] Popups,Trojan.Vundo andTrojan.Metajuan
« Reply #12 on: March 05, 2009, 09:04:05 PM »
needhelpplz

Glad to hear it. And you are most welcome.

Just one item to fix

1. Rerun Hijackthis (scan only) and place checks beside the following entries

O20 - AppInit_DLLs: imcoxi.dll

Close all other open windows except Hijackthis and Select "Fix checked"

Close Hijackthis ->> Reboot your PC

You may now remove/delete/uninstall the tools we used to clean your PC

Now that your log is clean

There are some final notes:

Lets create a clean System Restore point
the instructions are here

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.

Updating Java:

Download the latest version of
Java Runtime Environment (JRE) 6.u11.
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u11-windowsi586-p.exe to install the newest version.

Update your Anti Virus Software

Use and maintain a Firewall

Visit Microsoft's Windows Update Site Frequently for critical updates

Backup your Important Documents and Files on a regular basis

To a disc or a USB key, not your Hardrive

You may want to read this article"So how did I get infected in the first place" by Tony Klein

surf safe

2008-2010
Rights cannot exist without morals