Windows BBS The Place for Microsoft Windows Support! Windows, Support, Help Site

Go Back   Windows BBS > Security > Malware and Virus Removal
Reload this Page

[InActive] Can't remove Trojan horse bho.x

Register FAQDonate Mark Forums Read

Malware and Virus Removal Problems removing malware/viruses? Get help from our Malware removal experts.

Register your FREE account to unlock additional features at WindowsBBS.com
Register
Welcome to WindowsBBS.com
Microsoft Windows Support

Mission Statement

WindowsBBS is an online community dedicated to easily accessible technical support for those using Microsoft operating systems and other Windows software.

Our goal is to become the leading resource for computer users that require assistance with their day-to-day computer usage, including full support for networking PC's, virus & malware removal, system upgrades and general support questions.

Discussion Forums
Operating Systems
Windows 7 Windows 7
Windows Vista Windows Vista
Windows XP Windows XP
Windows Server System Windows Server System
Windows 2000 Windows 2000
Windows 95/98/Me/NT Windows 95/98/Me/NT
Internet & Networking
Networking
Internet Explorer
Microsoft Mail
Firefox, Thunderbird
      & SeaMonkey
General Internet
Security
General Security
Malware and Virus
     Removal
Other
Other Software
Hardware
Test Posts
Community
Introductions
General Discussions
Comments
      & Suggestions
News @ WindowsBBS

Forum Sponsor
Image

Reply
 
LinkBack Thread Tools
Old 29th October 2008   #1
Member
 
Profile:
Join Date: Oct 2008
Posts: 2
Computer Experience:
Intermediate
mr deeboy Reputation Level

My System

Exclamation [InActive] Can't remove Trojan horse bho.x
I have a trojan horse bho.x and i can't remove it.
I've tried ad adware, kaspersky, mcafee, spyware stop, you name it. I have AVG which found the trojan. I can't delete as it said access denied.

It is located : C:\windows\system32\iprtrmg.dll

In my hijack this log the trojan is on the 5th line of the O2 section:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:23:48, on 29/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\wltray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\ePM\EPM-DM.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {88BD51F3-93E0-460E-BDCC-968060534FCF} - C:\WINDOWS\system32\iprtrmg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [wltray.exe] C:\WINDOWS\system32\wltray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [EPM-DM] C:\Acer\ePM\EPM-DM.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.co.uk/SnapfishUKActivia.cab
O16 - DPF: {48DF87EE-F2DE-11D8-BE7F-302050C10801} (FlyLoader Class) - http://www.flyword.com/loaderword_win.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...oUploader3.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/amp...1.11_en_dl.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata...SUploader4.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader_uni.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

--
End of file - 8781 bytes

Thx for any help
mr deeboy is offline   Reply With Quote
Didn't find the information you thought to find?
Check out these Similar Threads
Old 30th October 2008   #2
Staff
 
noahdfear's Avatar
 
Profile:
Join Date: Apr 2003
Location: New Bremen, Ohio U.S.A.
Posts: 12,524
Computer Experience:
~@<*+
noahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Level

My System

Welcome to WindowsBBS mr deeboy

Lets use another tool to see if it has friends, which will help us determine just what method of removal might be best.
  • Download RSIT by random/random and save it to your desktop.
  • Double click RSIT.exe to start the tool.
  • At the disclaimer, please use the drop down box to select 3 months for the file/folder search, then click Continue.
  • When the scan completes it will open a log named log.txt maximized, and a log named info.txt minimized.
  • Please post the contents of log.txt here in your next reply.
noahdfear is offline   Reply With Quote
Old 8th November 2008   #3
Member
 
Profile:
Join Date: Oct 2008
Posts: 2
Computer Experience:
Intermediate
mr deeboy Reputation Level

My System

Exclamation Can't remove trojan horse bho.x
Hi,

I followed your directions and this is my log.txt:

Logfile of random's system information tool 1.04 (written by random/random)
Run by LIZY at 2008-11-08 00:57:04
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 5 MB (0%) free of 18 GB
Total RAM: 239 MB (5% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:57:40, on 08/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wltray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\ePM\EPM-DM.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\LIZY\My Documents\My Received Files\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\LIZY.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {88BD51F3-93E0-460E-BDCC-968060534FCF} - C:\WINDOWS\system32\iprtrmg.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [wltray.exe] C:\WINDOWS\system32\wltray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [EPM-DM] C:\Acer\ePM\EPM-DM.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.co.uk/SnapfishUKActivia.cab
O16 - DPF: {48DF87EE-F2DE-11D8-BE7F-302050C10801} (FlyLoader Class) - http://www.flyword.com/loaderword_win.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...oUploader3.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/amp...1.11_en_dl.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata...SUploader4.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader_uni.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

--
End of file - 8882 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Norton Security Scan.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{97DEBB88-10CF-4834-9644-625BA1AF37C1}.job
C:\WINDOWS\tasks\SpywareStop Scheduled Scan.job
C:\WINDOWS\tasks\AdwareAlert Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\AutorunsDisabled]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-10-03 308832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{88BD51F3-93E0-460E-BDCC-968060534FCF}]
C:\WINDOWS\system32\iprtrmg.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-08-14 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-08-14 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"=Alaunch []
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-04 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"wltray.exe"=C:\WINDOWS\system32\wltray.exe [2005-01-29 696422]
"SoundMan"=SOUNDMAN.EXE []
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2004-08-12 102400]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2004-08-12 684032]
"EPM-DM"=C:\Acer\ePM\EPM-DM.exe [2004-10-27 163840]
"ePowerManagement"=C:\Acer\ePM\ePM.exe [2004-11-02 2884096]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-09-30 1234712]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-10-03 185872]
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2004-08-04 158208]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE [2005-01-04 405583]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
"AdwareAlert"=C:\Program Files\AdwareAlert\AdwareAlert.exe -boot []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent]
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitDefender Antiphishing Helper]
C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DSLAGENTEXE]
C:\Program Files\BT Voyager 205 ADSL Router\Adsl\dslagent.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\forsinit]
C:\WINDOWS\sprscore.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe [2003-10-02 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe [2003-10-02 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegClean]
C:\Program Files\RegClean\RegClean.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareStop]
C:\Program Files\SpywareStop\SpywareStop.exe [2008-08-21 7763184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2009]
C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winxld]
C:\Program Files\XSoft\xworking\xld.exe a []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^LIZY^Start Menu^Programs^Startup^Search Bar.lnk]
C:\PROGRA~1\DEVICE~1\BIBLEL~1\SEARCH~1.EXE [2008-01-26 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WLTRYSVC"=2
"WLSetupSvc"=3
"ose"=3
"gusvc"=3
"LIVESRV"=2
"XCOMM"=2
"odserv"=3

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Documents and Settings\LIZY\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
igfxsrvc.dll []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Syste m]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableTaskMgr"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explor er]
"NoDriveTypeAutoRun"=145
"NoWindowsUpdate"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explo rer]
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameter s\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@x psp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE:*:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMGR.EXE"="C:\Program Files\Microsoft ActiveSync\WCESMGR.EXE:*:Enabled:ActiveSync Application"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\HelpCtr.exe"="C:\WINDOWS\PCHEALTH\HEL PCTR\BINARIES\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"C:\kav\kis7.0\english\setup.exe"="C:\kav\kis7.0\english\setup.exe:*isabl ed:Kaspersky Internet Security 7.0 Setup"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Java\jre1.6.0_07\bin\javaw.exe"="C:\Program Files\Java\jre1.6.0_07\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*isabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*isabled:avgupd.exe"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*isabled:LimeWire"
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*isabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameter s\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@x psp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{3611cb08-cfa0-11dc-b2ad-0016e3b48814}]
shell\AutoRun\command - F:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{ab0f3c78-fcb1-11db-b219-000fb07fc62b}]
shell\AutoRun\command - F:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{ab0f3c79-fcb1-11db-b219-000fb07fc62b}]
shell\AutoRun\command - F:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{ab0f3c7a-fcb1-11db-b219-000fb07fc62b}]
shell\AutoRun\command - F:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{ab0f3c7b-fcb1-11db-b219-000fb07fc62b}]
shell\AutoRun\command - F:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{ab0f3c7c-fcb1-11db-b219-000fb07fc62b}]
shell\AutoRun\command - F:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{ab0f3c7d-fcb1-11db-b219-000fb07fc62b}]
shell\AutoRun\command - F:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{d81f9c3c-9156-11dc-b28d-000fb07fc62b}]
shell\Auto\command - adp.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL adp.exe


======List of files/folders created in the last 3 months======

2008-11-08 00:57:04 ----D---- C:\rsit
2008-10-30 00:53:38 ----SHD---- C:\FOUND.006
2008-10-30 00:47:32 ----A---- C:\WINDOWS\gmer.ini
2008-10-30 00:47:24 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2008-10-30 00:47:23 ----A---- C:\WINDOWS\gmer.dll
2008-10-30 00:47:22 ----A---- C:\WINDOWS\gmer.exe
2008-10-29 23:43:46 ----D---- C:\Documents and Settings\LIZY\Application Data\Flock
2008-10-29 23:36:51 ----D---- C:\Program Files\Flock
2008-10-29 12:51:16 ----D---- C:\Program Files\Trend Micro
2008-10-29 12:32:30 ----D---- C:\Documents and Settings\LIZY\Application Data\AdwareAlert
2008-10-29 11:39:03 ----D---- C:\Program Files\Innovative Solutions
2008-10-29 10:53:15 ----D---- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-10-29 10:52:57 ----D---- C:\Program Files\Security Task Manager
2008-10-26 01:38:34 ----SHD---- C:\FOUND.005
2008-10-25 13:28:30 ----HD---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-17 17:33:38 ----HD---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-17 17:33:30 ----HD---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-17 17:33:18 ----HD---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-17 17:31:24 ----HD---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-17 17:30:48 ----HD---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-13 18:48:01 ----D---- C:\Documents and Settings\LIZY\Application Data\WinRAR
2008-10-13 18:47:22 ----D---- C:\Program Files\WinRAR
2008-10-13 18:13:57 ----D---- C:\Program Files\Common Files\Nullsoft
2008-10-10 16:49:22 ----SHD---- C:\FOUND.004
2008-10-06 21:02:21 ----A---- C:\Documents and Settings\LIZY\Application Data\BonsaiErrorLog.txt
2008-10-04 21:48:20 ----D---- C:\Documents and Settings\LIZY\Application Data\Bamzooki
2008-10-03 21:37:38 ----D---- C:\Program Files\Common Files\xing shared
2008-10-03 21:36:46 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2008-10-03 21:36:10 ----A---- C:\WINDOWS\system32\pndx5032.dll
2008-10-03 21:36:09 ----A---- C:\WINDOWS\system32\pndx5016.dll
2008-10-03 21:36:01 ----D---- C:\Program Files\Real
2008-09-30 18:59:57 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-09-14 21:39:55 ----D---- C:\Program Files\Sun
2008-09-14 21:39:20 ----A---- C:\WINDOWS\system32\javaws.exe
2008-09-14 21:39:20 ----A---- C:\WINDOWS\system32\javaw.exe
2008-09-14 21:39:20 ----A---- C:\WINDOWS\system32\java.exe
2008-09-14 21:37:21 ----D---- C:\Program Files\Java
2008-09-14 21:36:22 ----D---- C:\Program Files\Common Files\Java
2008-09-14 21:14:07 ----D---- C:\Program Files\Curt Hubbard
2008-09-14 20:39:29 ----D---- C:\Program Files\Unlocker
2008-09-13 21:55:51 ----HD---- C:\$AVG8.VAULT$
2008-09-13 21:52:42 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2008-09-13 21:52:02 ----D---- C:\Program Files\AVG
2008-09-13 21:52:02 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-09-13 21:44:26 ----SHD---- C:\FOUND.003
2008-09-13 19:18:50 ----HD---- C:\WINDOWS\PIF
2008-09-13 00:29:45 ----D---- C:\WINDOWS\TEMP
2008-09-12 00:38:25 ----N---- C:\WINDOWS\system32\wltrysvc.exe
2008-09-12 00:38:25 ----N---- C:\WINDOWS\system32\PlugPlayPCIDevice.exe
2008-09-12 00:38:25 ----N---- C:\WINDOWS\system32\bcmwlu00.exe
2008-09-12 00:38:25 ----N---- C:\WINDOWS\system32\bcmwltry.exe
2008-09-12 00:38:25 ----N---- C:\WINDOWS\system32\bcmwlhom.ini
2008-09-12 00:38:25 ----N---- C:\WINDOWS\system32\bcmwlhom.exe
2008-09-12 00:38:25 ----N---- C:\WINDOWS\system32\bcmwld2k.exe
2008-09-12 00:38:25 ----N---- C:\WINDOWS\system32\AegisI5.exe
2008-09-12 00:38:25 ----N---- C:\WINDOWS\system32\AegisE5.dll
2008-09-12 00:38:25 ----D---- C:\Program Files\BT Voyager
2008-09-12 00:38:25 ----A---- C:\WINDOWS\system32\ssleay32.dll
2008-09-12 00:38:25 ----A---- C:\WINDOWS\system32\libeay32.dll
2008-09-11 19:14:42 ----HD---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-10 22:08:56 ----A---- C:\WINDOWS\system32\Codejock.CommandBars.9700.ocx
2008-09-10 22:08:53 ----A---- C:\WINDOWS\system32\ciaXPRegSvr20.dll
2008-09-10 22:08:44 ----A---- C:\WINDOWS\system32\ciaSCls20.dll
2008-09-10 22:08:43 ----A---- C:\WINDOWS\system32\ciaResSvr20.dll
2008-09-10 22:08:38 ----A---- C:\WINDOWS\system32\ijl15.dll
2008-09-10 22:08:37 ----A---- C:\WINDOWS\system32\duzactx.dll
2008-09-10 22:08:33 ----A---- C:\WINDOWS\system32\wodPop3.dll
2008-09-10 22:08:31 ----A---- C:\WINDOWS\system32\wodSmtp.dll
2008-09-10 20:34:12 ----A---- C:\WINDOWS\system32\winxtm.dll
2008-09-09 23:52:00 ----SHD---- C:\FOUND.002
2008-09-08 21:46:03 ----HD---- C:\WINDOWS\$NtUninstallWIC$
2008-09-08 21:45:53 ----D---- C:\Program Files\MSXML 6.0
2008-09-08 21:39:50 ----RHD---- C:\AHCache
2008-09-08 20:47:30 ----D---- C:\Acer
2008-09-08 20:47:30 ----A---- C:\WINDOWS\system32\Epm-Po.dll
2008-09-08 20:29:07 ----D---- C:\Program Files\Synaptics
2008-09-08 20:29:07 ----A---- C:\WINDOWS\system32\SynTPFcs.dll
2008-09-08 20:29:07 ----A---- C:\WINDOWS\system32\SynTPCoI.dll
2008-09-08 20:29:07 ----A---- C:\WINDOWS\system32\SynTPAPI.dll
2008-09-08 20:29:07 ----A---- C:\WINDOWS\system32\SynCtrl.dll
2008-09-08 20:29:07 ----A---- C:\WINDOWS\system32\SynCOM.dll
2008-09-08 19:30:11 ----D---- C:\Program Files\PC Drivers HeadQuarters
2008-09-08 19:30:11 ----D---- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
2008-09-08 19:23:07 ----RSD---- C:\WINDOWS\assembly
2008-09-08 19:21:38 ----D---- C:\WINDOWS\Microsoft.NET
2008-09-08 19:06:12 ----D---- C:\Documents and Settings\LIZY\Application Data\Uniblue
2008-09-08 18:33:27 ----D---- C:\Program Files\MP3 Rocket
2008-09-06 23:24:58 ----A---- C:\WINDOWS\bdagent.INI
2008-09-06 22:47:18 ----D---- C:\Program Files\Common Files\BitDefender
2008-09-05 18:19:05 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-09-04 16:54:29 ----D---- C:\Documents and Settings\LIZY\Application Data\SpywareStop
2008-09-04 16:54:14 ----D---- C:\Program Files\SpywareStop
2008-09-04 16:43:34 ----D---- C:\Documents and Settings\LIZY\Application Data\RegClean
2008-09-04 16:29:52 ----SHD---- C:\FOUND.001
2008-09-02 14:09:10 ----SHD---- C:\FOUND.000
2008-09-02 13:41:47 ----A---- C:\WINDOWS\system32\MPFServiceFailureCount.txt
2008-09-01 22:44:53 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2008-09-01 20:16:29 ----D---- C:\Documents and Settings\LIZY\Application Data\Cashfiesta
2008-08-31 15:56:31 ----D---- C:\Documents and Settings\All Users\Application Data\TVU Networks
2008-08-31 15:47:35 ----D---- C:\Documents and Settings\LIZY\Application Data\MP3Rocket
2008-08-30 18:22:54 ----D---- C:\Program Files\Realtek Sound Manager
2008-08-30 18:22:48 ----D---- C:\Program Files\AvRack
2008-08-30 18:22:45 ----A---- C:\WINDOWS\system32\Audio3D.dll
2008-08-30 18:22:44 ----N---- C:\WINDOWS\system32\ChCfg.exe
2008-08-30 18:22:44 ----A---- C:\WINDOWS\system32\RtlCPAPI.dll
2008-08-30 18:22:44 ----A---- C:\WINDOWS\SOUNDMAN.EXE
2008-08-30 18:22:41 ----A---- C:\WINDOWS\system32\RTLCPL.EXE
2008-08-30 18:22:36 ----N---- C:\WINDOWS\alcupd.exe
2008-08-30 18:22:36 ----N---- C:\WINDOWS\alcrmv.exe
2008-08-30 01:37:38 ----D---- C:\Program Files\Windows Live
2008-08-30 00:41:20 ----N---- C:\WINDOWS\avrack.ini
2008-08-30 00:34:32 ----D---- C:\WINDOWS\system32\Lang
2008-08-29 23:46:35 ----A---- C:\WINDOWS\system32\XceedZip.dll
2008-08-23 02:48:56 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-08-14 17:40:59 ----D---- C:\WINDOWS\system32\Adobe
2008-08-14 03:39:54 ----HD---- C:\WINDOWS\$NtUninstallKB952954$
2008-08-14 03:39:49 ----HD---- C:\WINDOWS\$NtUninstallKB946648$
2008-08-14 03:39:42 ----HD---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-14 03:39:11 ----HD---- C:\WINDOWS\$NtUninstallKB950974$
2008-08-14 03:35:59 ----HD---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-14 03:35:48 ----HD---- C:\WINDOWS\$NtUninstallKB952287$
2008-08-14 03:33:29 ----HD---- C:\WINDOWS\$NtUninstallKB951066$

======List of files/folders modified in the last 3 months======

2008-10-30 00:57:36 ----A---- C:\WINDOWS\ntbtlog.txt
2008-10-29 12:13:12 ----RASH---- C:\BOOT.INI
2008-10-29 12:13:12 ----A---- C:\WINDOWS\win.ini
2008-10-29 12:13:12 ----A---- C:\WINDOWS\system.ini
2008-10-28 19:52:16 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-26 01:02:28 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-17 17:33:42 ----A---- C:\WINDOWS\imsins.BAK
2008-10-15 17:57:56 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-07 12:19:42 ----A---- C:\WINDOWS\system32\MRT.exe
2008-10-03 21:36:02 ----A---- C:\WINDOWS\system32\msvcr71.dll
2008-10-03 21:36:02 ----A---- C:\WINDOWS\system32\msvcp71.dll
2008-10-03 21:36:00 ----A---- C:\WINDOWS\system32\pncrt.dll
2008-10-03 18:41:16 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-09-12 00:37:42 ----A---- C:\WINDOWS\system32\results.txt
2008-08-30 21:41:44 ----A---- C:\WINDOWS\RtlRack.ini
2008-08-27 09:24:32 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-08-26 08:24:32 ----A---- C:\WINDOWS\system32\wininet.dll
2008-08-26 08:24:32 ----A---- C:\WINDOWS\system32\webcheck.dll
2008-08-26 08:24:32 ----A---- C:\WINDOWS\system32\urlmon.dll
2008-08-26 08:24:30 ----A---- C:\WINDOWS\system32\url.dll
2008-08-26 08:24:30 ----A---- C:\WINDOWS\system32\pngfilt.dll
2008-08-26 08:24:30 ----A---- C:\WINDOWS\system32\occache.dll
2008-08-26 08:24:30 ----A---- C:\WINDOWS\system32\mstime.dll
2008-08-26 08:24:30 ----A---- C:\WINDOWS\system32\msrating.dll
2008-08-26 08:24:30 ----A---- C:\WINDOWS\system32\mshtmled.dll
2008-08-26 08:24:30 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2008-08-26 08:24:30 ----A---- C:\WINDOWS\system32\msfeeds.dll
2008-08-26 08:24:30 ----A---- C:\WINDOWS\system32\jsproxy.dll
2008-08-26 08:24:30 ----A---- C:\WINDOWS\system32\iertutil.dll
2008-08-26 08:24:30 ----A---- C:\WINDOWS\system32\iernonce.dll
2008-08-26 08:24:30 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2008-08-26 08:24:28 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2008-08-26 08:24:28 ----A---- C:\WINDOWS\system32\ieaksie.dll
2008-08-26 08:24:28 ----A---- C:\WINDOWS\system32\ieakeng.dll
2008-08-26 08:24:28 ----A---- C:\WINDOWS\system32\icardie.dll
2008-08-26 08:24:28 ----A---- C:\WINDOWS\system32\extmgr.dll
2008-08-26 08:24:28 ----A---- C:\WINDOWS\system32\dxtrans.dll
2008-08-26 08:24:28 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2008-08-26 08:24:28 ----A---- C:\WINDOWS\system32\advpack.dll
2008-08-25 09:38:00 ----A---- C:\WINDOWS\system32\ieudinit.exe
2008-08-25 09:38:00 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2008-08-23 06:54:52 ----A---- C:\WINDOWS\system32\ieakui.dll
2008-08-14 11:00:46 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 10:22:14 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-09-13 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-09-13 26824]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-11-25 17801]
R2 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-09-13 76040]
R2 EpmPsd;Acer EPM Power Scheme Driver; \??\C:\WINDOWS\system32\drivers\epm-psd.sys []
R2 EpmShd;Acer EPM System Hardware Driver; \??\C:\WINDOWS\system32\drivers\epm-shd.sys []
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-03 87424]
R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.7; C:\WINDOWS\system32\DRIVERS\mdc8021x.sys [2008-09-12 15781]
R3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-10-08 120830]
R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-10-08 98842]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2004-02-24 400384]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-08-02 635281]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2003-10-08 93979]
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2004-10-05 6912]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2004-08-09 70144]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2004-08-12 185664]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
S2 osanbm;osanbm; C:\WINDOWS\system32\drivers\osanbm.sys []
S3 {E2B953A6-195A-44F9-9BA3-3D5F4E32BB55};AIM 3.0 Part 01 Codec Driver CH-7009-A/CH-7011; C:\WINDOWS\system32\drivers\wA301a.sys [2003-10-08 33847]
S3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\drivers\AgereSoftModem.sys []
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
S3 BCM43XX;BCM 802.11b Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2004-09-22 338176]
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-10-30 85969]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2006-10-02 88960]
S3 iadusb;BT Voyager 205 ADSL Router; C:\WINDOWS\system32\DRIVERS\glauiad.sys [2003-07-25 30371]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
S3 SMCIRDA;SMSC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2004-06-16 46080]
S3 StMp3Rec;Player Recovery Device Control Driver; C:\WINDOWS\System32\Drivers\StMp3Rec.sys [2007-02-15 19840]
S3 USB_RNDIS;BT Voyager 1055 Laptop Adapter Driver; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-04 12672]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys []
S3 w29n51;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2004-08-07 3210496]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2004-12-06 104064]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2004-08-04 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-09-13 875288]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-13 231704]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S4 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-14 138168]
S4 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S4 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 WLTRYSVC;WLTRYSVC; C:\WINDOWS\System32\wltrysvc.exe [2004-09-22 45056]

-----------------EOF-----------------

Thx for any help given
mr deeboy is offline   Reply With Quote
Old 8th November 2008   #4
Member
 
Profile:
Join Date: Jul 2007
Posts: 1
Computer Experience:
Experienced
BudTheGrey Reputation Level
Quote:
I have a trojan horse bho.x and i can't remove it.
I've tried ad adware, kaspersky, mcafee, spyware stop, you name it. I have AVG which found the trojan. I can't delete as it said access denied.
Have you tried running AVG from safe mode? That invokes the command line AVG scanner. I've had pretty good luck with that method
BudTheGrey is offline   Reply With Quote
Old 8th November 2008   #5
Staff
 
noahdfear's Avatar
 
Profile:
Join Date: Apr 2003
Location: New Bremen, Ohio U.S.A.
Posts: 12,524
Computer Experience:
~@<*+
noahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Level

My System

I see that you have posted for help with this on 2 other forums.

http://www.computing.net/answers/sec...hox/23703.html
http://forums.techguy.org/malware-re...jan-horse.html

Please post back to those topics and let them know you are receiving assistance here.

Please download Flash_Disinfector by sUBs and save it to your desktop:

NOTE: In the event you already have Flash_Disinfector, this is a new version that I need you to download.
  • Plug in your USB flash drive.
  • Double-click Flash_Disinfector.exe to run it.
  • Follow any prompts that may appear.
  • Your desktop will vanish for a while, and then reappear. This is normal.
  • Wait until the program has finished scanning, then please exit the program. If you use more than 1 flash drive, run the tool with each plugged in.


Next, download ComboFix by sUBs from here, saving the file to your desktop.


Please disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.
  • Close all open programs and windows
  • Double click ComboFix.exe and follow the prompts.
  • It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log and a new HijackThis log in your next reply.
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
noahdfear is offline   Reply With Quote
Reply

« [Inactive] Computer infected with spyware | [Resolved] more Virtumonde trouble »
Thread Tools


Similar Threads
Thread Thread Starter Forum Replies Last Post
Trojan Horse Dialer BE, Trojan Horse Downloaded Agent.13.AI, Java Byte Verify charlie_c Malware and Virus Removal 5 8th July 2006 08:11
I know didly squat about computers, but I know how to read; TROJAN HORSE!! IowaFarmer Malware and Virus Removal 2 26th April 2006 01:11
Trojan/virus attacks Shturmovik General Security 8 30th June 2004 17:42
SpyWare/slyware/adware & Misc articles Lonny Jones General Security 5 11th June 2004 14:05
HELP! Trojan Horse Dialer Jeffrey General Security 1 1st February 2004 21:55


All times are GMT +1. The time now is 07:27.




Advertise - Contact Us - Windows BBS - Archive - Privacy Statement - Top

Advertisements do not imply our endorsement of the product or service advertised.
Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.3.2
Copyright © 2002 - 2009 WindowsBBS.com. All rights reserved.
Terms of Use, Legal Information & Privacy Policy
[]

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32