Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected w/ antivirus xp pro 2009 and other malware


  • Please log in to reply
6 replies to this topic

#1 ASR-10

ASR-10

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:30 AM

Posted 21 March 2009 - 08:20 PM

I need help...
So i was first (or still am) infected with antivirus xp pro 2009 and did the whole malware bytes anti-malware described in the removal instructions but im still seeing symptoms of infection of some kind. now if my computer is idle for more then 30 minutes it restarts by itself constantly and my wireless connection gives out after about 15 minutes once restarted even though the wireless router and nic are absolutely fine. please help, thanks

here's my dds log and my attach is attached:


DDS (Ver_09-03-16.01) - NTFSx86
Run by MC at 17:50:26.04 on Sat 03/21/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_10
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1315 [GMT -7:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\sopidkc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\tdctxte.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AirLink101\WLAN Monitor\WLANmon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Creative\Shared Files\Software Update\AutoUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Orb Networks\Orb\bin\Orb.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\System32\wuauclt.exe
\\?\globalroot\systemroot\system32\gldx.exe
C:\Documents and Settings\MC\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\twex.exe,
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
{5700eb54-b42a-4f37-8635-e644a2b6fde9}
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
{9722a032-0ba4-4d84-a523-0c31b2412fed}
BHO: {03844d37-fd9e-e329-3944-229217c1ea0a}: {a0ae1c71-2922-4493-923e-e9df73d44830} - c:\windows\system32\mbfllj.dll
{a8056a53-f60f-420f-9659-81d6666723e1}
BHO: {aa65ab92-275a-4d94-a61d-050e6e4bbcc3} - c:\windows\system32\gejaneme.dll
{ab240e84-dea7-4d0f-8e8e-7fce12bd11c2}
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DAEMON Tools Pro Agent] "c:\program files\daemon tools pro\DTProAgent.exe"
uRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" clear
uRun: [Orb] c:\program files\orb networks\orb\bin\OrbTray.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe
mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
mRun: [P17Helper] Rundll32 P17.dll,P17Helper
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [CTRegRun] c:\windows\CTRegRun.EXE
mRun: [CreativeTaskScheduler] "c:\program files\creative\shared files\CTSched.exe" /logon
mRun: [DigidesignMMERefresh] c:\program files\digidesign\drivers\MMERefresh.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [CellVision WLAN Monitor] c:\program files\airlink101\wlan monitor\WLANmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [BtTray] "c:\program files\ivt corporation\bluesoleil\BtTray.exe"
mRun: [dvd43] c:\program files\dvd43\dvd43_tray.exe
mRun: [Creative Software Update] "c:\program files\creative\shared files\software update\AutoUpdate.exe" /Silent
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [nwiz] nwiz.exe /install
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [zayotejizi] Rundll32.exe "c:\windows\system32\winusime.dll",s
mRun: [Ckumo] rundll32.exe "c:\windows\Bdohedakokoxev.dll",e
mRun: [Kkahene] rundll32.exe "c:\windows\iloludosayeroxeh.dll",e
mRun: [84fae851] rundll32.exe "c:\windows\system32\jeyanoyu.dll",b
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
dRun: [Java S1] \\?\globalroot\systemroot\system32\mschr.exe
dRun: [A00FE5475.exe] c:\windows\temp\_A00FE5475.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
IE: Download All Files by HiDownload - c:\program files\hidownload\HDGetAll.htm
IE: Download by HiDownload - c:\program files\hidownload\HDGet.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - c:\program files\hidownload\hidownload.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: winamp.com\www
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1180725578015
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: __c007C43E - c:\windows\system32\__c007C43E.dat
AppInit_DLLs: alsnoe.dll,c:\windows\system32\tuhuguhi.dll mbfllj.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli c:\windows\system32\tuhuguhi.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\mc\applic~1\mozilla\firefox\profiles\j7zms8d6.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\documents and settings\mc\application data\mozilla\firefox\profiles\j7zms8d6.default\extensions\piclens@cooliris.com\components\piclensstub.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPSFDMGR.dll
FF - HiddenExtension: XUL Cache: {BBF40E96-4A1C-42E1-96C2-7ABCA2BDFC19} - c:\documents and settings\mc\local settings\application data\{bbf40e96-4a1c-42e1-96c2-7abca2bdfc19}\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [2007-6-2 15872]
R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\drivers\nvcchflt.sys [2005-2-11 16640]
R1 NVHelper;NVHelper;c:\windows\system32\drivers\nvHelper.sys [2007-11-6 111689]
R2 softyinforwow1;.Freame Micer;c:\windows\system32\svchost.exe -k netsvcs [2006-2-28 14336]
R2 sopidkc;sopidkc Service;c:\windows\system32\sopidkc.exe [2006-2-28 48128]
R2 tdctxte;tdctxte Service;c:\windows\system32\tdctxte.exe [2006-2-28 171520]
R3 N3AB;N3AB Wireless Network Adapter Service;c:\windows\system32\drivers\N3AB.sys [2004-7-28 395616]
S0 vkxzrvnk;vkxzrvnk;c:\windows\system32\drivers\hximqkqp.sys []
S2 afisicx;afisicx Service;c:\windows\system32\afisicx.exe [2006-2-28 176128]
S2 mabidwe;mabidwe Service;c:\windows\system32\mabidwe.exe [2006-2-28 176640]
S3 ap1394;ap1394;c:\windows\system32\ap1394.sys [2006-2-28 2304]
S3 dalwdmservice;dal service;c:\windows\system32\drivers\Dalwdm.sys [2007-6-2 74752]
S3 SeratoUsb;SeratoUsb driver;c:\windows\system32\drivers\SeratoUsb.sys [2007-5-10 35712]

============== File Associations ===============

txtfile="c:\windows\system32\nxtepad.exe" "%1"

=============== Created Last 30 ================

2009-03-21 17:50 24,576 a------- c:\windows\system32\__c007C43E.dat
2009-03-21 17:50 35,840 a------- c:\windows\system32\gldx.exe
2009-03-21 17:48 132,608 a------- c:\windows\iloludosayeroxeh.dll
2009-03-21 17:36 1,790,776 ---sh--- c:\windows\system32\uyonayej.ini
2009-03-19 02:04 124,928 a--sh--- c:\windows\system32\mbfllj.dll
2009-03-18 07:32 40,448 a------- c:\windows\system32\KuzSmall.exe
2009-03-18 07:17 42,496 a------- c:\windows\Bdohedakokoxev.dll
2009-03-18 07:17 42,496 a------- c:\windows\system32\kuzSniper.exe
2009-03-18 07:02 124,928 a--sh--- c:\windows\system32\jbvwhg.dll
2009-03-17 18:00 121 ---sh--- c:\windows\system32\utelaral.ini
2009-03-17 17:01 124,928 a--sh--- c:\windows\system32\khocff.dll
2009-03-17 12:26 47,616 a------- c:\windows\system32\ptch238120.exe
2009-03-12 09:54 75,264 a------- c:\windows\system32\MPh.exe
2009-03-11 19:42 456,734 a------- c:\windows\system32\mschr.exe
2009-03-11 19:42 36,864 a------- c:\windows\system32\nDler.exe
2009-03-05 14:03 44,032 a------- c:\windows\system32\kjsvc32.dll
2009-03-05 09:18 44,032 a------- c:\windows\system32\kmsvc32.dll
2009-03-05 09:18 100 a------- c:\windows\system32\wh
2009-03-03 12:58 30,208 a------- c:\windows\system32\1000.exe
2009-03-01 18:18 <DIR> --d----- C:\Downloads
2009-03-01 15:50 230 a------- c:\windows\system32\spupdsvc.inf
2009-02-28 05:08 65 a------- c:\windows\system32\stgh.bat
2009-02-28 03:08 71 a------- c:\windows\system32\work.ini
2009-02-28 03:08 227 a------- c:\windows\system32\hgset.ini
2009-02-28 03:08 90,112 a------- c:\windows\system32\20092832.dll
2009-02-28 03:08 77,824 a------- c:\windows\system32\u22899326.dll
2009-02-28 03:08 676,352 a------- c:\windows\system32\rtl60.bpl
2009-02-28 03:08 388,608 a------- c:\windows\system32\tmpxccacj0.exe
2009-02-28 03:07 196 a------- c:\windows\system32\xcchit32.ini
2009-02-28 03:07 598 a------- c:\windows\xccwinsys.ini
2009-02-28 03:07 <DIR> --d----- c:\windows\system32\inf
2009-02-28 03:07 155,175 a------- c:\windows\system32\icv.exe

==================== Find3M ====================

2009-03-21 17:36 79,872 a--sh--- c:\windows\system32\bihorugi.dll
2009-03-19 16:04 79,872 a--sh--- c:\windows\system32\buloreke.dll
2009-03-19 02:04 124,928 a--sh--- c:\windows\system32\bijukotu.dll
2009-03-19 02:04 79,872 a--sh--- c:\windows\system32\jeyanoyu.dll
2009-03-18 07:02 124,928 a--sh--- c:\windows\system32\wapifiwa.dll
2009-03-18 07:02 79,872 a--sh--- c:\windows\system32\pemivubu.dll
2009-03-17 17:01 79,872 a--sh--- c:\windows\system32\laraletu.dll
2009-03-17 17:01 124,928 a--sh--- c:\windows\system32\liwinise.dll
2009-02-17 16:22 104,960 a------- c:\windows\system32\userinit.exe
2009-02-12 10:29 84,992 a------- c:\windows\system32\qspcuyeu.dll
2009-02-11 11:19 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 11:19 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-10-15 01:17 22,328 ac------ c:\docume~1\mc\applic~1\PnkBstrK.sys
2008-04-09 23:45 87,608 ac------ c:\docume~1\mc\applic~1\inst.exe
2008-04-09 23:45 47,360 ac------ c:\docume~1\mc\applic~1\pcouffin.sys
0000-00-00 00:00 47,616 a--sh--- c:\windows\system32\gejaneme.dll
0000-00-00 00:00 124,928 a--sh--- c:\windows\system32\hovutale.dll
0000-00-00 00:00 124,928 a--sh--- c:\windows\system32\jajulaze.dll
0000-00-00 00:00 47,616 a--sh--- c:\windows\system32\tuhuguhi.dll
0000-00-00 00:00 47,616 a--sh--- c:\windows\system32\winusime.dll

============= FINISH: 17:52:07.78 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:12:30 PM

Posted 24 March 2009 - 05:03 PM

Hello ASR-10 and welcome to Bleeping Computer,

1. Please download GooredFix and save it to your Desktop.
  • Select "2. Fix Goored" by typing 2 and pressing Enter.
  • Make sure all instances of Firefox are closed at this point.
  • Type y at the prompt and press Enter again.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).
Note: If you receive a message saying that GooredFix needs your system to be restarted, please close all applications and reboot your system. Please also allow any registry changes that may be prompted by any of your security programs.

2. Please read this tutorial carefully to download ComboFix from one of the locations specified, and save it to your Desktop.
Double click the ComboFix icon to run it.
If ComboFix askes you to install the Recovery Console, please do so..
The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you.
Once the Recovery Console is installed, continue with the malware scan.

Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.

Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. :thumbup2:

If you have any questions along the way, STOP and ask them before proceeding !!

If ComboFix does run it's full circle, the please try to install Avira Antivir as well, update and run a full system scan.

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#3 ASR-10

ASR-10
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:30 AM

Posted 25 March 2009 - 01:10 AM

Thanks Thun-dog!

here is my goored log:

GooredFix v1.92 by jpshortstuff
Log created at 22:03 on 24/03/2009 running Option #2 (MC)
Firefox version 3.0.6 (en-US)

=====Goored Deletions=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{BBF40E96-4A1C-42E1-96C2-7ABCA2BDFC19}"="C:\Documents and Settings\MC\Local Settings\Application Data\{BBF40E96-4A1C-42E1-96C2-7ABCA2BDFC19}"
->Backing up value... Done.
->Deleting value... Done.

C:\Documents and Settings\MC\Local Settings\Application Data\{BBF40E96-4A1C-42E1-96C2-7ABCA2BDFC19}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.
C:\Program Files\Mozilla Firefox\extensions\{735F6811-A4DF-4549-AC0C-37A76F28EC9B}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.6\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.6\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff"


here is my combofix log:

ComboFix 09-03-23.01 - MC 2009-03-24 22:44:22.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1803 [GMT -7:00]
Running from: c:\documents and settings\MC\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\MC\Application Data\inst.exe
c:\windows\Bdohedakokoxev.dll
c:\windows\Install.txt
c:\windows\system32\__c007C43E.dat
c:\windows\system32\1000.exe
c:\windows\system32\20092832.dll
c:\windows\system32\afisicx.exe
c:\windows\system32\bijukotu.dll
c:\windows\system32\comsa32.sys
c:\windows\system32\drivers\seneka.sys
c:\windows\system32\drivers\senekakdsffypu.sys
c:\windows\system32\dunulaju.dll
c:\windows\system32\dxonool32.sys
c:\windows\system32\hndcavbs.ini
c:\windows\system32\hovutale.dll
c:\windows\system32\hupebogi.dll
c:\windows\system32\jajulaze.dll
c:\windows\system32\jbvwhg.dll
c:\windows\system32\jggaytfh.ini
c:\windows\system32\khocff.dll
c:\windows\system32\legpbujv.ini
c:\windows\system32\liwinise.dll
c:\windows\system32\mabidwe.exe
c:\windows\system32\mbfllj.dll
c:\windows\system32\nrquspti.ini
c:\windows\system32\peptfvrk.ini
c:\windows\system32\senekaforyguum.dll
c:\windows\system32\senekafuwbpjdu.db
c:\windows\system32\senekaiqxdmapa.dll
c:\windows\system32\senekalynayrgi.dll
c:\windows\system32\senekaqdybviof.dll
c:\windows\system32\senekatmayqsnv.dat
c:\windows\system32\senekawscfprgb.dat
c:\windows\system32\slrytqdr.ini
c:\windows\system32\sopidkc.exe
c:\windows\system32\tmpxccacj0.exe
c:\windows\system32\tpszxyd.sys
c:\windows\system32\tuhuguhi.dll
c:\windows\system32\twain32
c:\windows\system32\twain32\local.ds
c:\windows\system32\twain32\user.ds
c:\windows\system32\twex.exe
c:\windows\system32\utelaral.ini
c:\windows\system32\uyonayej.ini
c:\windows\system32\vfkyfgsn.ini
c:\windows\system32\wapifiwa.dll
c:\windows\system32\wepekigi.dll
c:\windows\system32\wevbkxoy.ini
c:\windows\system32\win32hlp.cnf
c:\windows\system32\xcchit32.ini
c:\windows\system32\xrxphoxk.ini
c:\windows\system32\yehikufu.dll
c:\windows\system32\yvyffiop.ini
c:\windows\xccwinsys.ini

Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\system32\init32.exe


c:\windows\system32\winlogon.exe . . . is infected!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SENEKA
-------\Legacy_6TO4
-------\Legacy_AFISICX
-------\Legacy_DEFAULTLIB
-------\Legacy_MABIDWE
-------\Legacy_SOFTYINFORWOW1
-------\Legacy_SOPIDKC
-------\Service_6to4
-------\Service_afisicx
-------\Service_mabidwe
-------\Service_softyinforwow1
-------\Service_sopidkc


((((((((((((((((((((((((( Files Created from 2009-02-25 to 2009-03-25 )))))))))))))))))))))))))))))))
.

2009-03-21 17:50 . 2009-03-21 17:50 35,840 --a------ c:\windows\system32\gldx.exe
2009-03-21 17:48 . 2009-03-21 17:48 132,608 --a------ c:\windows\iloludosayeroxeh.dll
2009-03-18 07:32 . 2009-03-18 07:32 40,448 --a------ c:\windows\system32\KuzSmall.exe
2009-03-18 07:17 . 2009-03-18 07:17 42,496 --a------ c:\windows\system32\kuzSniper.exe
2009-03-17 12:26 . 2009-03-17 12:26 47,616 --a------ c:\windows\system32\ptch238120.exe
2009-03-12 09:54 . 2009-03-12 09:54 75,264 --a------ c:\windows\system32\MPh.exe
2009-03-11 19:42 . 2009-03-12 14:38 456,734 --a------ c:\windows\system32\mschr.exe
2009-03-11 19:42 . 2009-03-12 14:38 36,864 --a------ c:\windows\system32\nDler.exe
2009-03-05 14:03 . 2009-03-06 08:59 44,032 --a------ c:\windows\system32\kjsvc32.dll
2009-03-05 09:18 . 2009-03-06 13:43 44,032 --a------ c:\windows\system32\kmsvc32.dll
2009-03-05 09:18 . 2009-03-06 13:43 100 --a------ c:\windows\system32\wh
2009-03-03 13:00 . 2009-03-03 13:00 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\MySpace
2009-03-01 18:18 . 2009-03-22 14:32 <DIR> d-------- C:\Downloads
2009-03-01 18:07 . 2009-03-01 18:08 <DIR> d-------- c:\documents and settings\MC\Application Data\Winamp
2009-03-01 15:50 . 2009-03-01 15:50 230 --a------ c:\windows\system32\spupdsvc.inf
2009-02-28 05:08 . 2009-02-28 05:08 65 --a------ c:\windows\system32\stgh.bat
2009-02-28 03:08 . 2002-02-15 15:02 676,352 --a------ c:\windows\system32\rtl60.bpl
2009-02-28 03:08 . 2009-02-28 03:08 77,824 --a------ c:\windows\system32\u22899326.dll
2009-02-28 03:08 . 2009-02-28 22:00 227 --a------ c:\windows\system32\hgset.ini
2009-02-28 03:08 . 2009-02-28 03:08 71 --a------ c:\windows\system32\work.ini
2009-02-28 03:07 . 2009-03-01 01:54 <DIR> d-------- c:\windows\system32\inf
2009-02-28 03:07 . 2009-02-28 03:07 155,175 --a------ c:\windows\system32\icv.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-09 03:30 --------- d-----w c:\program files\Soulseek
2009-03-04 13:17 --------- d-----w c:\program files\Propellerhead
2009-03-02 04:20 --------- d-----w c:\documents and settings\MC\Application Data\Vso
2009-03-02 01:08 --------- d-----w c:\program files\Winamp
2009-02-22 23:43 --------- d-----w c:\documents and settings\All Users\Application Data\1Click DVD Copy Pro
2009-02-19 06:22 --------- d-----w c:\program files\Common Files\Ahead
2009-02-19 05:12 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-02-19 05:12 --------- d-----w c:\documents and settings\MC\Application Data\Malwarebytes
2009-02-19 05:11 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-13 08:18 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-13 08:12 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-13 07:54 --------- d-----w c:\program files\Trend Micro
2009-02-11 18:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 18:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-01-30 04:22 --------- d-----w c:\program files\iTunes
2009-01-30 04:22 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-30 04:21 --------- d-----w c:\program files\iPod
2009-01-30 04:21 --------- d-----w c:\program files\Common Files\Apple
2009-01-30 04:16 --------- d-----w c:\program files\QuickTime
2008-10-15 08:17 22,328 -c--a-w c:\documents and settings\MC\Application Data\PnkBstrK.sys
2008-04-10 06:45 47,360 -c--a-w c:\documents and settings\MC\Application Data\pcouffin.sys
2008-04-25 21:32 5,817,064 ----a-w c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
1601-01-01 00:12 47,616 --sha-w c:\windows\system32\gejaneme.dll
1601-01-01 00:12 47,616 --sha-w c:\windows\system32\winusime.dll
.

------- Sigcheck -------

2008-04-13 17:12 507904 ed0ef0a136dec83df69f04118870003e c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe
2007-07-27 23:14 502272 6e8ca4fcb30282f216f5db9dd58a5f81 c:\windows\system32\winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{aa65ab92-275a-4d94-a61d-050e6e4bbcc3}]
47616 --ahs---- c:\windows\system32\gejaneme.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-02-28 15360]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]
"Orb"="c:\program files\Orb Networks\Orb\bin\OrbTray.exe" [2007-12-17 471040]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-04-14 45056]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"CTRegRun"="c:\windows\CTRegRun.EXE" [1999-10-10 41984]
"CreativeTaskScheduler"="c:\program files\Creative\Shared Files\CTSched.exe" [2006-01-08 53340]
"DigidesignMMERefresh"="c:\program files\Digidesign\Drivers\MMERefresh.exe" [2005-04-12 49152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-06-03 180269]
"CellVision WLAN Monitor"="c:\program files\AirLink101\WLAN Monitor\WLANmon.exe" [2004-07-20 741376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-13 136600]
"BtTray"="c:\program files\IVT Corporation\BlueSoleil\BtTray.exe" [2007-09-10 258134]
"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2005-07-20 690176]
"Creative Software Update"="c:\program files\Creative\Shared Files\Software Update\AutoUpdate.exe" [2006-06-08 422029]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-09-12 36352]
"zayotejizi"="c:\windows\system32\winusime.dll" [ 47616]
"Kkahene"="c:\windows\iloludosayeroxeh.dll" [2009-03-21 132608]
"84fae851"="c:\windows\system32\jeyanoyu.dll" [2009-03-19 79872]
"P17Helper"="P17.dll" [2005-05-03 c:\windows\system32\P17.dll]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Java S1"="\\?\globalroot\systemroot\system32\mschr.exe" [?]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2007-12-18 8720384]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-03-14 2756608]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MIDI5"= diomidi.dll
"wave5"= Digi32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Antivirus-ashDisp.exe]
"Debugger"=c:\windows\system32\alg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Antivirus-ashserv.exe]
"Debugger"=c:\windows\system32\alg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Antivirus-ashSimpl.exe]
"Debugger"=c:\windows\system32\alg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avesvc.exe]
"Debugger"=c:\windows\system32\alg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdmcon.exe]
"Debugger"=c:\windows\system32\alg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdnagent.exe]
"Debugger"=c:\windows\system32\alg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdswitch.exe]
"Debugger"=c:\windows\system32\alg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DefWatch.exe]
"Debugger"=c:\windows\system32\alg.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\windows\system32\tuhuguhi.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\hiphophead206\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\hiphophead206\\condition zero\\hl.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\hiphophead206\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Valve\\Steam\\Steam.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Orb Networks\\Orb\\bin\\Orb.exe"=
"c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbTray.exe"=
"c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\explorer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15473:TCP"= 15473:TCP:BitComet 15473 TCP
"15473:UDP"= 15473:UDP:BitComet 15473 UDP
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"9948:TCP"= 9948:TCP:BitComet 9948 TCP
"9948:UDP"= 9948:UDP:BitComet 9948 UDP

R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [2007-06-02 15872]
R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\drivers\nvcchflt.sys [2005-02-11 16640]
R1 NVHelper;NVHelper;c:\windows\system32\drivers\nvHelper.sys [2007-11-06 111689]
R2 tdctxte;tdctxte Service;c:\windows\system32\tdctxte.exe [2006-02-28 171520]
R3 N3AB;N3AB Wireless Network Adapter Service;c:\windows\system32\drivers\N3AB.sys [2004-07-28 395616]
S0 vkxzrvnk;vkxzrvnk;c:\windows\system32\drivers\hximqkqp.sys []
S3 ap1394;ap1394;c:\windows\system32\ap1394.sys [2006-02-28 2304]
S3 dalwdmservice;dal service;c:\windows\system32\drivers\Dalwdm.sys [2007-06-02 74752]
S3 SeratoUsb;SeratoUsb driver;c:\windows\system32\drivers\SeratoUsb.sys [2007-05-10 35712]
.
Contents of the 'Scheduled Tasks' folder

2009-03-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHANS REMOVED - - - -

BHO-{5700EB54-B42A-4F37-8635-E644A2B6FDE9} - (no file)
BHO-{9722A032-0BA4-4D84-A523-0C31B2412FED} - (no file)
BHO-{a0ae1c71-2922-4493-923e-e9df73d44830} - c:\windows\system32\mbfllj.dll
BHO-{A8056A53-F60F-420F-9659-81D6666723E1} - (no file)
BHO-{AB240E84-DEA7-4D0F-8E8E-7FCE12BD11C2} - (no file)
HKLM-Run-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
HKU-Default-Run-A00FE5475.exe - c:\windows\TEMP\_A00FE5475.exe
Notify-__c007C43E - c:\windows\system32\__c007C43E.dat


.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Download All Files by HiDownload - c:\program files\HiDownload\HDGetAll.htm
IE: Download by HiDownload - c:\program files\HiDownload\HDGet.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: winamp.com\www
FF - ProfilePath - c:\documents and settings\MC\Application Data\Mozilla\Firefox\Profiles\j7zms8d6.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\documents and settings\MC\Application Data\Mozilla\Firefox\Profiles\j7zms8d6.default\extensions\piclens@cooliris.com\components\piclensstub.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPSFDMGR.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-24 22:52:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\system32\drivers\hximqkqp.sys 25088 bytes executable
c:\windows\system32\tpszxyd.sys 214016 bytes executable

scan completed successfully
hidden files: 2

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1957994488-1417001333-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:e8,bc,f3,d1,f4,3b,a8,87,01,d7,2d,11,77,1b,a1,04,b4,51,72,76,28,69,f2,
49,f8,b4,b2,c7,f1,7f,5a,04,1a,63,4c,24,41,0a,6d,29,a8,36,9f,21,3e,94,56,40,\
"??"=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49

[HKEY_USERS\S-1-5-21-1957994488-1417001333-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:7c,6f,05,df,12,8f,e1,e9,33,ed,86,d4,6f,2b,c1,df,ca,fe,a8,02,c3,
15,f4,46,91,2f,73,0e,bc,0b,f3,f4,6a,ea,eb,73,fd,91,4a,64,d0,05,e0,2f,2a,98,\
"rkeysecu"=hex:1b,40,f4,1d,c3,a4,f5,d3,b6,c2,f1,1c,67,57,82,ba

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\WPAEvents]
@Denied: (Full) (LocalSystem)
"OOBETimer"=hex:7f,63,3e,be,ec,25,8e,19,be,a7,92,c6
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\NVidia Corporation\nTune\nTuneService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\IVT Corporation\BlueSoleil\BsHelpCS.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Orb Networks\Orb\bin\Orb.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-03-24 23:02:10 - machine was rebooted [MC]
ComboFix-quarantined-files.txt 2009-03-25 06:02:07

Pre-Run: 266,076,160 bytes free
Post-Run: 283,303,936 bytes free

324 --- E O F --- 2009-02-12 00:59:11

#4 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:12:30 PM

Posted 25 March 2009 - 02:41 PM

Hello ASR-10,

To be honest, a format would do more good here :thumbup2:
Any reason why there's no active antivirus program running ?

If you really want to pursue this :
Let's clean up some more :

Open Notepad - don't use any other texteditor than Notepad or the script will fail !
Copy/paste the bold, blue text below into an empty notepad window:http://www.bleepingcomputer.com/forums/t/212926/infected-w-antivirus-xp-pro-2009-and-other-malware/
Collect::c:\windows\system32\gldx.exe
c:\windows\iloludosayeroxeh.dll
c:\windows\system32\KuzSmall.exe
c:\windows\system32\kuzSniper.exe
c:\windows\system32\ptch238120.exe
c:\windows\system32\MPh.exe
c:\windows\system32\mschr.exe
c:\windows\system32\nDler.exe
c:\windows\system32\kjsvc32.dll
c:\windows\system32\kmsvc32.dll
c:\windows\system32\wh
c:\windows\system32\stgh.bat
c:\windows\system32\rtl60.bpl
c:\windows\system32\u22899326.dll
c:\windows\system32\hgset.ini
c:\windows\system32\work.ini
c:\windows\system32\icv.exe
c:\windows\system32\gejaneme.dll
c:\windows\system32\winusime.dll
c:\windows\system32\tdctxte.exe
c:\windows\system32\ap1394.sys
c:\windows\system32\drivers\hximqkqp.sys
c:\windows\system32\tpszxyd.sys
Folder::
c:\windows\system32\inf
Driver::
tdctxte
vkxzrvnk
ap1394
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{aa65ab92-275a-4d94-a61d-050e6e4bbcc3}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"zayotejizi"=-
"Kkahene"=-
"84fae851"=-
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Java S1"=-

Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. Upon reboot, (in case it asks to reboot), post the contents of the Combofix log in your next reply, as well as a fresh DDS log.

Additionally, ComboFix wil generate a zipped file, similar to C:\Qoobox\Quarantine\[9]Submit@Date_Time.zip.
Please go to http://www.bleepingcomputer.com/submit-malware.php?channel=9
Then : 1. In the first window (Link to topic where this file was requested:) copy and paste this link :
http://www.bleepingcomputer.com/forums/topic=212926
2. In the second window (Browse to the file you want to submit: )
browse to the C:\Qoobox\Quarantine\[9]Submit@Date_Time.zip file
3. Click the Send file button
Now install Avira Antivir (free version) and let it run a full system scan.
Post the resulting log as well.

Still having problems ?

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#5 ASR-10

ASR-10
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:30 AM

Posted 25 March 2009 - 11:21 PM

Things are better...no more restarts or network problems. but its that bad i have to format?

heres my dds:


DDS (Ver_09-03-16.01) - NTFSx86
Run by MC at 21:16:42.00 on Wed 03/25/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_10
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1462 [GMT -7:00]

AV: AntiVir Desktop *On-access scanning disabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AirLink101\WLAN Monitor\WLANmon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Creative\Shared Files\Software Update\AutoUpdate.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Orb Networks\Orb\bin\Orb.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\MC\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DAEMON Tools Pro Agent] "c:\program files\daemon tools pro\DTProAgent.exe"
uRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" clear
uRun: [Orb] c:\program files\orb networks\orb\bin\OrbTray.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe
mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
mRun: [P17Helper] Rundll32 P17.dll,P17Helper
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [CTRegRun] c:\windows\CTRegRun.EXE
mRun: [CreativeTaskScheduler] "c:\program files\creative\shared files\CTSched.exe" /logon
mRun: [DigidesignMMERefresh] c:\program files\digidesign\drivers\MMERefresh.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [CellVision WLAN Monitor] c:\program files\airlink101\wlan monitor\WLANmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [BtTray] "c:\program files\ivt corporation\bluesoleil\BtTray.exe"
mRun: [dvd43] c:\program files\dvd43\dvd43_tray.exe
mRun: [Creative Software Update] "c:\program files\creative\shared files\software update\AutoUpdate.exe" /Silent
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [nwiz] nwiz.exe /install
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
IE: Download All Files by HiDownload - c:\program files\hidownload\HDGetAll.htm
IE: Download by HiDownload - c:\program files\hidownload\HDGet.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - c:\program files\hidownload\hidownload.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: winamp.com\www
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1180725578015
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\mc\applic~1\mozilla\firefox\profiles\j7zms8d6.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\documents and settings\mc\application data\mozilla\firefox\profiles\j7zms8d6.default\extensions\piclens@cooliris.com\components\piclensstub.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPSFDMGR.dll
FF - HiddenExtension: XUL Cache: {83EE446F-8913-438E-B091-3B5770CCEF27} - c:\documents and settings\mc\local settings\application data\{83EE446F-8913-438E-B091-3B5770CCEF27}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [2007-6-2 15872]
R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\drivers\nvcchflt.sys [2005-2-11 16640]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-3-25 11608]
R1 NVHelper;NVHelper;c:\windows\system32\drivers\nvHelper.sys [2007-11-6 111689]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-3-25 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-3-25 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-3-25 55640]
R3 N3AB;N3AB Wireless Network Adapter Service;c:\windows\system32\drivers\N3AB.sys [2004-7-28 395616]
S3 dalwdmservice;dal service;c:\windows\system32\drivers\Dalwdm.sys [2007-6-2 74752]
S3 SeratoUsb;SeratoUsb driver;c:\windows\system32\drivers\SeratoUsb.sys [2007-5-10 35712]

=============== Created Last 30 ================

2009-03-25 04:05 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-03-25 04:05 <DIR> --d----- c:\program files\Avira
2009-03-25 04:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-03-24 22:32 <DIR> --dshr-- C:\cmdcons
2009-03-24 22:32 <DIR> --d----- c:\windows\setupupd
2009-03-24 22:25 161,792 a------- c:\windows\SWREG.exe
2009-03-24 22:25 98,816 a------- c:\windows\sed.exe
2009-03-01 18:18 <DIR> --d----- C:\Downloads
2009-03-01 15:50 230 a------- c:\windows\system32\spupdsvc.inf

==================== Find3M ====================

2009-02-11 11:19 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 11:19 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-10-15 01:17 22,328 ac------ c:\docume~1\mc\applic~1\PnkBstrK.sys
2008-04-09 23:45 47,360 ac------ c:\docume~1\mc\applic~1\pcouffin.sys

============= FINISH: 21:16:54.57 ===============


heres the combofix:


ComboFix 09-03-25.02 - MC 2009-03-25 20:47:35.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1506 [GMT -7:00]
Running from: c:\documents and settings\MC\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\MC\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Install.txt
c:\windows\system32\afisicx.exe
c:\windows\system32\ap1394.sys
c:\windows\system32\comsa32.sys
c:\windows\system32\dxonool32.sys
c:\windows\system32\hgset.ini
c:\windows\system32\inf
c:\windows\system32\iwuzefum.ini
c:\windows\system32\kjsvc32.dll
c:\windows\system32\kmsvc32.dll
c:\windows\system32\rtl60.bpl
c:\windows\system32\sopidkc.exe
c:\windows\system32\stgh.bat
c:\windows\system32\tdctxte.exe
c:\windows\system32\tpszxyd.sys
c:\windows\system32\uyonayej.ini
c:\windows\system32\wh
c:\windows\system32\work.ini

c:\windows\system32\winlogon.exe . . . is infected!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AFISICX
-------\Legacy_AP1394
-------\Legacy_SOPIDKC
-------\Legacy_TDCTXTE
-------\Legacy_VKXZRVNK
-------\Service_afisicx
-------\Service_ap1394
-------\Service_sopidkc
-------\Service_tdctxte
-------\Service_vkxzrvnk


((((((((((((((((((((((((( Files Created from 2009-02-26 to 2009-03-26 )))))))))))))))))))))))))))))))
.

2009-03-25 04:05 . 2009-03-25 04:05 <DIR> d-------- c:\program files\Avira
2009-03-25 04:05 . 2009-03-25 04:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira
2009-03-25 04:05 . 2009-02-13 11:31 55,640 --a------ c:\windows\system32\drivers\avgntflt.sys
2009-03-01 18:18 . 2009-03-24 23:12 <DIR> d-------- C:\Downloads
2009-03-01 18:07 . 2009-03-01 18:08 <DIR> d-------- c:\documents and settings\MC\Application Data\Winamp
2009-03-01 15:50 . 2009-03-01 15:50 230 --a------ c:\windows\system32\spupdsvc.inf

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-09 03:30 --------- d-----w c:\program files\Soulseek
2009-03-04 13:17 --------- d-----w c:\program files\Propellerhead
2009-03-02 04:20 --------- d-----w c:\documents and settings\MC\Application Data\Vso
2009-03-02 01:08 --------- d-----w c:\program files\Winamp
2009-02-22 23:43 --------- d-----w c:\documents and settings\All Users\Application Data\1Click DVD Copy Pro
2009-02-19 06:22 --------- d-----w c:\program files\Common Files\Ahead
2009-02-19 05:12 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-02-19 05:12 --------- d-----w c:\documents and settings\MC\Application Data\Malwarebytes
2009-02-19 05:11 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-13 08:18 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-13 08:12 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-13 07:54 --------- d-----w c:\program files\Trend Micro
2009-02-11 18:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 18:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-01-30 04:22 --------- d-----w c:\program files\iTunes
2009-01-30 04:22 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-30 04:21 --------- d-----w c:\program files\iPod
2009-01-30 04:21 --------- d-----w c:\program files\Common Files\Apple
2009-01-30 04:16 --------- d-----w c:\program files\QuickTime
2008-10-15 08:17 22,328 -c--a-w c:\documents and settings\MC\Application Data\PnkBstrK.sys
2008-04-10 06:45 47,360 -c--a-w c:\documents and settings\MC\Application Data\pcouffin.sys
2008-04-25 21:32 5,817,064 ----a-w c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
.

------- Sigcheck -------

2008-04-13 17:12 507904 ed0ef0a136dec83df69f04118870003e c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe
2007-07-27 23:14 502272 6e8ca4fcb30282f216f5db9dd58a5f81 c:\windows\system32\winlogon.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-03-24_23.00.53.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-13 18:17:49 45,416 ----a-w c:\windows\system32\drivers\avgntdd.sys
+ 2009-02-13 18:29:11 22,360 ----a-w c:\windows\system32\drivers\avgntmgr.sys
+ 2009-02-13 21:22:54 95,576 ----a-w c:\windows\system32\drivers\avipbb.sys
+ 2009-02-13 18:50:02 28,376 ----a-w c:\windows\system32\drivers\ssmdrv.sys
+ 2009-03-26 03:53:41 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_724.dat
+ 2009-03-26 03:54:04 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_74c.dat
+ 2008-07-29 15:05:06 161,784 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2008-07-29 10:54:08 225,280 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2008-07-29 15:05:08 572,928 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 15:05:08 655,872 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 15:05:08 3,768,312 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
+ 2008-07-29 15:05:10 3,783,672 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 13:07:42 59,904 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2008-07-29 13:07:42 59,904 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 15:05:06 38,912 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-29 15:05:06 39,936 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 15:05:08 66,560 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 15:05:08 56,832 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 15:05:06 65,024 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 15:05:08 65,024 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 15:05:06 66,048 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 15:05:08 64,512 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 15:05:08 46,592 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 15:05:08 46,080 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 15:05:08 62,976 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2007-11-07 09:19:20 54,272 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-02-28 15360]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]
"Orb"="c:\program files\Orb Networks\Orb\bin\OrbTray.exe" [2007-12-17 471040]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-04-14 45056]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"CTRegRun"="c:\windows\CTRegRun.EXE" [1999-10-10 41984]
"CreativeTaskScheduler"="c:\program files\Creative\Shared Files\CTSched.exe" [2006-01-08 53340]
"DigidesignMMERefresh"="c:\program files\Digidesign\Drivers\MMERefresh.exe" [2005-04-12 49152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-06-03 180269]
"CellVision WLAN Monitor"="c:\program files\AirLink101\WLAN Monitor\WLANmon.exe" [2004-07-20 741376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-13 136600]
"BtTray"="c:\program files\IVT Corporation\BlueSoleil\BtTray.exe" [2007-09-10 258134]
"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2005-07-20 690176]
"Creative Software Update"="c:\program files\Creative\Shared Files\Software Update\AutoUpdate.exe" [2006-06-08 422029]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-09-12 36352]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"P17Helper"="P17.dll" [2005-05-03 c:\windows\system32\P17.dll]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2007-12-18 8720384]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-03-14 2756608]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MIDI5"= diomidi.dll
"wave5"= Digi32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Antivirus-ashDisp.exe]
"Debugger"=c:\windows\system32\alg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Antivirus-ashserv.exe]
"Debugger"=c:\windows\system32\alg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Antivirus-ashSimpl.exe]
"Debugger"=c:\windows\system32\alg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avesvc.exe]
"Debugger"=c:\windows\system32\alg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdmcon.exe]
"Debugger"=c:\windows\system32\alg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdnagent.exe]
"Debugger"=c:\windows\system32\alg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdswitch.exe]
"Debugger"=c:\windows\system32\alg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DefWatch.exe]
"Debugger"=c:\windows\system32\alg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\hiphophead206\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\hiphophead206\\condition zero\\hl.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\hiphophead206\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Valve\\Steam\\Steam.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Orb Networks\\Orb\\bin\\Orb.exe"=
"c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbTray.exe"=
"c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\iTunes\\iTunesHelper.exe"=
"c:\\Program Files\\dvd43\\DVD43_Tray.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15473:TCP"= 15473:TCP:BitComet 15473 TCP
"15473:UDP"= 15473:UDP:BitComet 15473 UDP
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"9948:TCP"= 9948:TCP:BitComet 9948 TCP
"9948:UDP"= 9948:UDP:BitComet 9948 UDP

R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [2007-06-02 15872]
R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\drivers\nvcchflt.sys [2005-02-11 16640]
R1 NVHelper;NVHelper;c:\windows\system32\drivers\nvHelper.sys [2007-11-06 111689]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-03-25 108289]
R3 N3AB;N3AB Wireless Network Adapter Service;c:\windows\system32\drivers\N3AB.sys [2004-07-28 395616]
S3 dalwdmservice;dal service;c:\windows\system32\drivers\Dalwdm.sys [2007-06-02 74752]
S3 SeratoUsb;SeratoUsb driver;c:\windows\system32\drivers\SeratoUsb.sys [2007-05-10 35712]
.
Contents of the 'Scheduled Tasks' folder

2009-03-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHANS REMOVED - - - -

BHO-{5fcae9bc-b089-4df6-af37-56e191c14722} - c:\windows\system32\tpiabd.dll
BHO-{aa65ab92-275a-4d94-a61d-050e6e4bbcc3} - (no file)


.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Download All Files by HiDownload - c:\program files\HiDownload\HDGetAll.htm
IE: Download by HiDownload - c:\program files\HiDownload\HDGet.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: winamp.com\www
FF - ProfilePath - c:\documents and settings\MC\Application Data\Mozilla\Firefox\Profiles\j7zms8d6.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\documents and settings\MC\Application Data\Mozilla\Firefox\Profiles\j7zms8d6.default\extensions\piclens@cooliris.com\components\piclensstub.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPSFDMGR.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-25 20:55:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1957994488-1417001333-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:e8,bc,f3,d1,f4,3b,a8,87,01,d7,2d,11,77,1b,a1,04,b4,51,72,76,28,69,f2,
49,f8,b4,b2,c7,f1,7f,5a,04,1a,63,4c,24,41,0a,6d,29,a8,36,9f,21,3e,94,56,40,\
"??"=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49

[HKEY_USERS\S-1-5-21-1957994488-1417001333-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:7c,6f,05,df,12,8f,e1,e9,33,ed,86,d4,6f,2b,c1,df,ca,fe,a8,02,c3,
15,f4,46,91,2f,73,0e,bc,0b,f3,f4,6a,ea,eb,73,fd,91,4a,64,d0,05,e0,2f,2a,98,\
"rkeysecu"=hex:1b,40,f4,1d,c3,a4,f5,d3,b6,c2,f1,1c,67,57,82,ba

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\WPAEvents]
@Denied: (Full) (LocalSystem)
"OOBETimer"=hex:7f,63,3e,be,ec,25,8e,19,be,a7,92,c6
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\NVidia Corporation\nTune\nTuneService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\IVT Corporation\BlueSoleil\BsHelpCS.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Orb Networks\Orb\bin\Orb.exe
.
**************************************************************************
.
Completion time: 2009-03-25 21:02:07 - machine was rebooted [MC]
ComboFix-quarantined-files.txt 2009-03-26 04:02:05
ComboFix2.txt 2009-03-25 06:02:11

Pre-Run: 1,907,138,560 bytes free
Post-Run: 1,897,684,992 bytes free

284 --- E O F --- 2009-02-12 00:59:11


heres the avira antivirus:




Avira AntiVir Personal
Report file date: Wednesday, March 25, 2009 12:00

Scanning for 1316767 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 2) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : 206-NETBOX

Version information:
BUILD.DAT : 9.0.0.387 17962 Bytes 3/24/2009 11:04:00
AVSCAN.EXE : 9.0.3.3 464641 Bytes 2/24/2009 19:13:26
AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 17:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 18:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 17:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 19:30:36
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 2/11/2009 03:33:26
ANTIVIR2.VDF : 7.1.2.199 1008640 Bytes 3/22/2009 11:08:40
ANTIVIR3.VDF : 7.1.2.213 80384 Bytes 3/25/2009 11:08:41
Engineversion : 8.2.0.126
AEVDF.DLL : 8.1.1.0 106868 Bytes 1/28/2009 00:36:42
AESCRIPT.DLL : 8.1.1.67 364923 Bytes 3/25/2009 11:08:59
AESCN.DLL : 8.1.1.8 127346 Bytes 3/25/2009 11:08:57
AERDL.DLL : 8.1.1.3 438645 Bytes 10/30/2008 01:24:41
AEPACK.DLL : 8.1.3.11 397687 Bytes 3/25/2009 11:08:56
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 2/27/2009 03:01:56
AEHEUR.DLL : 8.1.0.111 1679736 Bytes 3/25/2009 11:08:53
AEHELP.DLL : 8.1.2.2 119158 Bytes 2/27/2009 03:01:56
AEGEN.DLL : 8.1.1.30 336245 Bytes 3/25/2009 11:08:43
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/9/2008 21:32:40
AECORE.DLL : 8.1.6.6 176501 Bytes 2/17/2009 21:22:44
AEBB.DLL : 8.1.0.3 53618 Bytes 10/9/2008 21:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 15:47:59
AVPREF.DLL : 9.0.0.1 43777 Bytes 12/5/2008 17:32:15
AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 21:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 17:32:09
AVARKT.DLL : 9.0.0.1 292609 Bytes 2/9/2009 14:52:24
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 17:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 22:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 15:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 17:32:10
RCIMAGE.DLL : 9.0.0.21 2438401 Bytes 2/9/2009 18:45:45
RCTEXT.DLL : 9.0.35.0 87297 Bytes 3/11/2009 22:55:12

Configuration settings for the scan:
Jobname.............................: Local Hard Disks
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\alldiscs.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, E:, F:, G:, I:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Wednesday, March 25, 2009 12:00

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'TosBtHSP.exe' - '1' Module(s) have been scanned
Scan process 'TosBtHid.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'TosA2dp.exe' - '1' Module(s) have been scanned
Scan process 'Orb.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'TosBtMng.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'NMIndexStoreSvr.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'OrbTray.exe' - '1' Module(s) have been scanned
Scan process 'DTProAgent.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'NMBgMonitor.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'winampa.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'AutoUpdate.exe' - '1' Module(s) have been scanned
Scan process 'DVD43_Tray.exe' - '1' Module(s) have been scanned
Scan process 'BtTray.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'WlanMon.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'CTSched.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'CTSysVol.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'WZCSLDR2.exe' - '1' Module(s) have been scanned
Scan process 'BsHelpCS.exe' - '1' Module(s) have been scanned
Scan process 'TosBtSrv.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'tdctxte.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sopidkc.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'nTuneService.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'MMERefresh.exe' - '1' Module(s) have been scanned
Scan process 'CTSVCCDA.EXE' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'BlueSoleilCS.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'afisicx.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
62 processes with 62 modules were scanned

Starting master boot sector scan:

Start scanning boot sectors:

Starting to scan executable files (registry).
C:\WINDOWS\iloludosayeroxeh.dll
[DETECTION] Is the TR/Dldr.Agent.boak Trojan
C:\WINDOWS\system32\mschr.exe
[DETECTION] Is the TR/Agent.at.56 Trojan

The registry was scanned ( '71' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\IRCcrt1.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
C:\Documents and Settings\MC\Desktop\Just Got\115fixv1.zip
[0] Archive type: ZIP
--> 115FixV1/load.exe
[DETECTION] Is the TR/Hijacker.Gen Trojan
C:\Documents and Settings\MC\Desktop\Just Got\HSB4a-full.exe.part
[0] Archive type: NSIS
--> Settings/hdn_stalkyard.nav
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Program Files\Common Files\Digidesign\DAE\Plug-Ins\VocALignLE.dpm
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\Program Files\DAEMON Tools Pro\daemon.tools.pro.patch.exe
[DETECTION] Is the TR/Agent.620544.A Trojan
C:\Program Files\LG Software Innovations\1Click DVD Copy Pro\LG.Software.Innovations.Generic.Patch.v0.1-ICU.exe
[DETECTION] Is the TR/Delf.bur.1 Trojan
C:\Program Files\Starcraft\load.exe
[DETECTION] Is the TR/Hijacker.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\Bdohedakokoxev.dll.vir
[DETECTION] Is the TR/Dldr.Agent.boai Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\1000.exe.vir
[DETECTION] Is the TR/Dldr.Agent.bjsk Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\20092832.dll.vir
[DETECTION] Is the TR/PSW.Wow.fqh.3 Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\bijukotu.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\dunulaju.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\dxonool32.sys.vir
[DETECTION] Is the TR/VB.ljv Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\hovutale.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\hupebogi.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\jajulaze.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\jbvwhg.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\khocff.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\liwinise.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\mbfllj.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\senekaforyguum.dll.vir
[DETECTION] Contains recognition pattern of the RKIT/Agent.hcq root kit
C:\Qoobox\Quarantine\C\WINDOWS\system32\senekalynayrgi.dll.vir
[DETECTION] Is the TR/Crypt.FKM.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\senekaqdybviof.dll.vir
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\sopidkc.exe.vir
[DETECTION] Is the TR/Agent2.enz Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\tpszxyd.sys.vir
[DETECTION] Is the TR/Refpron.M.70 Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\tuhuguhi.dll.vir
[DETECTION] Is the TR/Stuh.JG Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\userinit.exe.vir
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\wapifiwa.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\wepekigi.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\yehikufu.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\_twex_.exe.zip
[0] Archive type: ZIP
--> twex.exe
[DETECTION] Is the TR/Spy.ZBot.tx.2 Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\__c007C43E.dat.vir
[DETECTION] Is the TR/Trash.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\___c007C43E_.dat.zip
[0] Archive type: ZIP
--> __c007C43E.dat
[DETECTION] Is the TR/Vundo.BR.1 Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\seneka.sys.vir
[DETECTION] Contains recognition pattern of the RKIT/Agent.67584 root kit
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\senekakdsffypu.sys.vir
[DETECTION] Contains recognition pattern of the RKIT/Agent.67584 root kit
C:\System Volume Information\_restore{2C3A0226-114B-4DC3-AA89-E70FC006050E}\RP770\A0088415.sys
[DETECTION] Contains recognition pattern of the RKIT/Agent.67584 root kit
C:\System Volume Information\_restore{2C3A0226-114B-4DC3-AA89-E70FC006050E}\RP770\A0088416.dll
[DETECTION] Is the TR/Crypt.FKM.Gen Trojan
C:\System Volume Information\_restore{2C3A0226-114B-4DC3-AA89-E70FC006050E}\RP770\A0088417.dll
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{2C3A0226-114B-4DC3-AA89-E70FC006050E}\RP770\A0088418.dll
[DETECTION] Contains recognition pattern of the RKIT/Agent.hcq root kit
C:\System Volume Information\_restore{2C3A0226-114B-4DC3-AA89-E70FC006050E}\RP770\A0088441.sys
[DETECTION] Is the TR/VB.ljv Trojan
C:\System Volume Information\_restore{2C3A0226-114B-4DC3-AA89-E70FC006050E}\RP770\A0088443.exe
[DETECTION] Is the TR/Agent2.enz Trojan
C:\System Volume Information\_restore{2C3A0226-114B-4DC3-AA89-E70FC006050E}\RP770\A0088444.sys
[DETECTION] Is the TR/Refpron.M.70 Trojan
C:\System Volume Information\_restore{2C3A0226-114B-4DC3-AA89-E70FC006050E}\RP770\A0088451.sys
[DETECTION] Contains recognition pattern of the RKIT/Agent.67584 root kit
C:\System Volume Information\_restore{2C3A0226-114B-4DC3-AA89-E70FC006050E}\RP770\A0088453.dll
[DETECTION] Is the TR/Dldr.Agent.boai Trojan
C:\System Volume Information\_restore{2C3A0226-114B-4DC3-AA89-E70FC006050E}\RP770\A0088454.exe
[DETECTION] Is the TR/Dldr.Agent.bjsk Trojan
C:\System Volume Information\_restore{2C3A0226-114B-4DC3-AA89-E70FC006050E}\RP770\A0088455.dll
[DETECTION] Is the TR/PSW.Wow.fqh.3 Trojan
C:\System Volume Information\_restore{2C3A0226-114B-4DC3-AA89-E70FC006050E}\RP770\A0088456.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{2C3A0226-114B-4DC3-AA89-E70FC006050E}\RP770\A0088457.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{2C3A0226-114B-4DC3-AA89-E70FC006050E}\RP770\A0088459.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{2C3A0226-114B-4DC3-AA89-E70FC006050E}\RP770\A0088460.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{2C3A0226-114B-4DC3-AA89-E70FC006050E}\RP770\A0088461.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{2C3A0226-114B-4DC3-AA89-E70FC006050E}\RP770\A0088462.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{2C3A0226-114B-4DC3-AA89-E70FC006050E}\RP770\A0088464.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{2C3A0226-114B-4DC3-AA89-E70FC006050E}\RP770\A0088466.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{2C3A0226-114B-4DC3-AA89-E70FC006050E}\RP770\A0088467.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{2C3A0226-114B-4DC3-AA89-E70FC006050E}\RP770\A0088471.dll
[DETECTION] Is the TR/Stuh.JG Trojan
C:\System Volume Information\_restore{2C3A0226-114B-4DC3-AA89-E70FC006050E}\RP770\A0088475.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{2C3A0226-114B-4DC3-AA89-E70FC006050E}\RP770\A0088476.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{2C3A0226-114B-4DC3-AA89-E70FC006050E}\RP770\A0088479.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{2C3A0226-114B-4DC3-AA89-E70FC006050E}\RP770\A0088481.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\System Volume Information\_restore{2C3A0226-114B-4DC3-AA89-E70FC006050E}\RP770\A0088482.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\System Volume Information\_restore{2C3A0226-114B-4DC3-AA89-E70FC006050E}\RP770\A0089487.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{2C3A0226-114B-4DC3-AA89-E70FC006050E}\RP771\A0089509.dll
[DETECTION] Is the TR/Stuh.JG Trojan
C:\System Volume Information\_restore{2C3A0226-114B-4DC3-AA89-E70FC006050E}\RP771\A0089511.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{2C3A0226-114B-4DC3-AA89-E70FC006050E}\RP771\A0089512.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\WINDOWS\iloludosayeroxeh.dll
[DETECTION] Is the TR/Dldr.Agent.boak Trojan
C:\WINDOWS\LOOP.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\WINDOWS\system32\bihorugi.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\WINDOWS\system32\buloreke.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\WINDOWS\system32\fesisone.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\WINDOWS\system32\gejaneme.dll
[DETECTION] Is the TR/Stuh.JG Trojan
C:\WINDOWS\system32\gldx.exe
[DETECTION] Is the TR/Agent2.gbf Trojan
C:\WINDOWS\system32\icv.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\WINDOWS\system32\KuzSmall.exe
[DETECTION] Is the TR/Dldr.Agent.bmhl Trojan
C:\WINDOWS\system32\kuzSniper.exe
[DETECTION] Is the TR/Dldr.Agent.boai Trojan
C:\WINDOWS\system32\lebobofu.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\WINDOWS\system32\lujisosa.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\WINDOWS\system32\MPh.exe
[DETECTION] Is the TR/Spy.ZBot.tx.2 Trojan
C:\WINDOWS\system32\mschr.exe
[DETECTION] Is the TR/Agent.at.56 Trojan
C:\WINDOWS\system32\msrstart.exe
[DETECTION] Is the TR/Dldr.Elly.H Trojan
C:\WINDOWS\system32\nDler.exe
[DETECTION] Is the TR/Dldr.VB.lav Trojan
C:\WINDOWS\system32\nxtepad.exe
[DETECTION] Is the TR/Dldr.Elly.H Trojan
C:\WINDOWS\system32\pemivubu.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\WINDOWS\system32\ptch238120.exe
[DETECTION] Is the TR/Stuh.JG Trojan
C:\WINDOWS\system32\qspcuyeu.dll
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
C:\WINDOWS\system32\rijavuza.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\WINDOWS\system32\tpiabd.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\WINDOWS\system32\u22899326.dll
[DETECTION] Is the TR/PSW.OnlineGames.bkvv.2 Trojan
C:\WINDOWS\system32\umtcdtw.sys
[DETECTION] Is the TR/Agent2.exd Trojan
C:\WINDOWS\system32\zanasawe.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\69AQ8XUI\chinappi2[1].exe
[DETECTION] Is the TR/PSW.OnlineGames.bkvv Trojan
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\69AQ8XUI\first179[1].exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\69AQ8XUI\ldr[2].exe
[DETECTION] Is the TR/Agent.at.56 Trojan
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7400STAO\lsp[1].exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7400STAO\zango[1].exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\V73W95OW\bb021908[1].exe
[0] Archive type: RAR SFX (self extracting)
--> afisicx.exe
[DETECTION] Is the TR/ATRAPS.Gen Trojan
--> tpszxyd.sys
[DETECTION] Is the TR/Drop.Agent.oij Trojan
--> w.exe
[DETECTION] Is the TR/Drop.Agent.oij Trojan
--> umtcdtw.sys
[DETECTION] Is the TR/Agent2.eng Trojan
--> sopidkc.exe
[DETECTION] Is the TR/Agent2.enz Trojan
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\V73W95OW\zha[1].exe
[DETECTION] Is the TR/Agent.btpk.2 Trojan
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\XKLQIX5P\chinappi[1].exe
[0] Archive type: RSRC
--> Object
[DETECTION] Is the TR/PSW.Wow.fqh.3 Trojan
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'E:\'
E:\777.htm
[DETECTION] Is the TR/HTML.Starter.A Trojan
E:\vbsys2.dll
[DETECTION] Is the TR/Click.Agent.AC Trojan
E:\Documents and Settings\LocalService\Desktop\install.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
E:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla\Firefox\Profiles\q44g1ijv.default\Cache\7C9E2C57d01
[DETECTION] Is the TR/Dropper.Gen Trojan
E:\Documents and Settings\MC\Local Settings\Temp\arctic-loop.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
E:\Documents and Settings\MC\Local Settings\Temp\nsl26F3.tmp
[0] Archive type: NSIS
--> [WindowsDir]/inst_65.exe
[DETECTION] Is the TR/Dldr.VB.QL.4 Trojan
E:\Documents and Settings\MC\Local Settings\Temp\uvcwzwsj.exe
[DETECTION] Is the TR/Spy.Gen Trojan
E:\Documents and Settings\MC\My Documents\DL's\S2k.7.1.plus\setup.exe
[DETECTION] Is the TR/Renaz.5120202 Trojan
E:\Documents and Settings\MC\My Documents\DL's\Serials 2000 7.1 Plus\Add-on\UnSEU2.exe
[DETECTION] Is the TR/Agent.92640.A Trojan
E:\Program Files\FruityLoops 3.4\wotnrt32.dll
[DETECTION] Is the TR/Drop.Small.aad.3 Trojan
E:\System Volume Information\_restore{DB0D3154-119F-4886-A04D-4EC493703AE0}\RP302\A0054871.exe
[0] Archive type: RAR SFX (self extracting)
[DETECTION] Contains recognition pattern of the DR/Virtumonde.IF dropper
--> keygen.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
--> crack.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
--> serial.exe
[DETECTION] Contains recognition pattern of the DR/Shelled.Gen dropper
E:\System Volume Information\_restore{DB0D3154-119F-4886-A04D-4EC493703AE0}\RP302\A0054872.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
E:\System Volume Information\_restore{DB0D3154-119F-4886-A04D-4EC493703AE0}\RP302\A0054875.exe
[DETECTION] Contains recognition pattern of the DR/Shelled.Gen dropper
E:\WINDOWS\LOOP.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
E:\WINDOWS\system32\chkdisk.exe
[DETECTION] Is the TR/Agent.aff.6 Trojan
Begin scan in 'F:\'
F:\Program Files\McAfee Security Suite 2006 ISO\McAfee Security Suite 2006\Acroread\enu\rp500enu.exe
[0] Archive type: CAB SFX (self extracting)
--> \_user1.hdr
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
F:\Program Files(Audio)\Acid Pro 4.0 keygenerator.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
Begin scan in 'G:\'
Begin scan in 'I:\'
I:\Downloads\Daemon-Tools-Pro-Advanced-4.10.0218+patch\Patch\daemon.tools.pro.patch.exe
[DETECTION] Is the TR/Agent.620544.A Trojan
I:\Downloads\Google.Earth.Pro.4.1.7087\Crack.exe
[DETECTION] Is the TR/Agent.bcz.9 Trojan
I:\Drumkits\HipHop.Tools.Mad.Fx.WAV-DViSO\dv-htmf.r05
[0] Archive type: RAR
--> dv-htmf.cue
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
I:\Drumkits\HipHop.Tools.Urban.Warfare.WAV-DViSO\dv-htuw.r04
[0] Archive type: RAR
--> dv-htuw.cue
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
I:\Music\Ice_Cube-Do_Ya_Thang-Promo_CDR-2008-ZzZz\01 - Ice Cube - Do Ya Thang (Clean).mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
I:\Music\Ice_Cube-Do_Ya_Thang-Promo_CDR-2008-ZzZz\02 - Ice Cube - Do Ya Thang (Dirty).mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
I:\Music\Ice_Cube-Do_Ya_Thang-Promo_CDR-2008-ZzZz\03 - Ice Cube - Do Ya Thang (Instrumental).mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
I:\Music\Kanye West Fast_Forward 2008\06-kanye_west-lollipop_(feat_lil_wayne)-cr.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit

Beginning disinfection:
C:\WINDOWS\iloludosayeroxeh.dll
[DETECTION] Is the TR/Dldr.Agent.boak Trojan
[NOTE] The file was moved to '4a39b693.qua'!
C:\WINDOWS\system32\mschr.exe
[DETECTION] Is the TR/Agent.at.56 Trojan
[NOTE] The file was moved to '4a2db69a.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\IRCcrt1.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '4a0db679.qua'!
C:\Documents and Settings\MC\Desktop\Just Got\115fixv1.zip
[NOTE] The file was moved to '49ffb658.qua'!
C:\Program Files\Common Files\Digidesign\DAE\Plug-Ins\VocALignLE.dpm
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '4a2db696.qua'!
C:\Program Files\DAEMON Tools Pro\daemon.tools.pro.patch.exe
[DETECTION] Is the TR/Agent.620544.A Trojan
[NOTE] The file was moved to '4a2fb689.qua'!
C:\Program Files\LG Software Innovations\1Click DVD Copy Pro\LG.Software.Innovations.Generic.Patch.v0.1-ICU.exe
[DETECTION] Is the TR/Delf.bur.1 Trojan
[NOTE] The file was moved to '49f8b66f.qua'!
C:\Program Files\Starcraft\load.exe
[DETECTION] Is the TR/Hijacker.Gen Trojan
[NOTE] The file was moved to '4a2bb697.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\Bdohedakokoxev.dll.vir
[DETECTION] Is the TR/Dldr.Agent.boai Trojan
[NOTE] The file was moved to '4a39b68c.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\1000.exe.vir
[DETECTION] Is the TR/Dldr.Agent.bjsk Trojan
[NOTE] The file was moved to '49fab658.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\20092832.dll.vir
[DETECTION] Is the TR/PSW.Wow.fqh.3 Trojan
[NOTE] The file was moved to '49fab659.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\bijukotu.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a34b692.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\dunulaju.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a38b69e.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\dxonool32.sys.vir
[DETECTION] Is the TR/VB.ljv Trojan
[NOTE] The file was moved to '4a39b6a1.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\hovutale.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a40b698.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\hupebogi.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a3ab69e.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\jajulaze.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a34b68a.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\jbvwhg.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a40b68b.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\khocff.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a39b692.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\liwinise.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a41b693.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\mbfllj.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a30b68c.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\senekaforyguum.dll.vir
[DETECTION] Contains recognition pattern of the RKIT/Agent.hcq root kit
[NOTE] The file was moved to '4a38b68f.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\senekalynayrgi.dll.vir
[DETECTION] Is the TR/Crypt.FKM.Gen Trojan
[NOTE] The file was moved to '4965d318.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\senekaqdybviof.dll.vir
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '4966dbc0.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\sopidkc.exe.vir
[DETECTION] Is the TR/Agent2.enz Trojan
[NOTE] The file was moved to '4a3ab699.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\tpszxyd.sys.vir
[DETECTION] Is the TR/Refpron.M.70 Trojan
[NOTE] The file was moved to '4a3db69a.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\tuhuguhi.dll.vir
[DETECTION] Is the TR/Stuh.JG Trojan
[NOTE] The file was moved to '4a32b69f.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\userinit.exe.vir
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4a2fb69d.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\wapifiwa.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a3ab68c.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\wepekigi.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a3ab690.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\yehikufu.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a32b690.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\_twex_.exe.zip
[NOTE] The file was moved to '4a41b69f.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\__c007C43E.dat.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4a2db68a.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\___c007C43E_.dat.zip
[NOTE] The file was moved to '4a29b68a.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\seneka.sys.vir
[DETECTION] Contains recognition pattern of the RKIT/Agent.67584 root kit
[NOTE] The file was moved to '4a38b690.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\senekakdsffypu.sys.vir
[DETECTION] Contains recognition pattern of the RKIT/Agent.67584 root kit
[NOTE] The file was moved to '4c8d8b09.qua'!
C:\System Volume Information\_restore{2C3A0226-114B-4DC3-AA89-E70FC006050E}\RP770\A0088415.sys
[DETECTION] Contains recognition pattern of the RKIT/Agent.67584 root kit
[NOTE] The file was moved to '49fab65c.qua'!
C:\System Volume Information\_restore{2C3A0226-114B-4DC3-AA89-E70FC006050E}\RP770\A0088416.dll
[DETECTION] Is the TR/Crypt.FKM.Gen Trojan
[NOTE] The file was moved to '4f6dd5ed.qua'!
C:\System Volume Information\_restore{2C3A0226-114B-4DC3-AA89-E70FC006050E}\RP770\A0088417.dll
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '4f499855.qua'!
C:\System Volume Information\_restore{2C3A0226-114B-4DC3-AA89-E70FC006050E}\RP770\A0088418.dll
[DETECTION] Contains recognition pattern of the RKIT/Agent.hcq root kit
[NOTE] The file was moved to '4f4cf33d.qua'!
C:\System Volume Information\_restore{2C3A0226-114B-4DC3-AA89-E70FC006050E}\RP770\A0088441.sys
[DETECTION] Is the TR/VB.ljv Trojan
[NOTE] The file was moved to '4f4dfb75.qua'!
C:\System Volume Information\_restore{2C3A0226-114B-4DC3-AA89-E70FC006050E}\RP770\A0088443.exe
[DETECTION] Is the TR/Agent2.enz Trojan
[NOTE] The file was moved to '4f42e2ad.qua'!
C:\System Volume Information\_restore{2C3A0226-114B-4DC3-AA89-E70FC006050E}\RP770\A0088444.sys
[DETECTION] Is the TR/Refpron.M.70 Trojan
[NOTE] The file was moved to '4f43eae5.qua'!
C:\System Volume Information\_restore{2C3A0226-114B-4DC3-AA89-E70FC006050E}\RP770\A0088451.sys
[DETECTION] Contains recognition pattern of the RKIT/Agent.67584 root kit
[NOTE] The file was moved to '4a8a4f3d.qua'!
C:\System Volume Information\_restore{2C3A0226-114B-4DC3-AA89-E70FC006050E}\RP770\A0088453.dll
[DETECTION] Is the TR/Dldr.Agent.boai Trojan
[NOTE] The file was moved to '49fab65d.qua'!
C:\System Volume Information\_restore{2C3A0226-114B-4DC3-AA89-E70FC006050E}\RP770\A0088454.exe
[DETECTION] Is the TR/Dldr.Agent.bjsk Trojan
[NOTE] The file was moved to '4f46c24e.qua'!
C:\System Volume Information\_restore{2C3A0226-114B-4DC3-AA89-E70FC006050E}\RP770\A0088455.dll
[DETECTION] Is the TR/PSW.Wow.fqh.3 Trojan
[NOTE] The file was moved to '4f47cd86.qua'!
C:\System Volume Information\_restore{2C3A0226-114B-4DC3-AA89-E70FC006050E}\RP770\A0088456.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4f4435fe.qua'!
C:\System Volume Information\_restore{2C3A0226-114B-4DC3-AA89-E70FC006050E}\RP770\A0088457.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4f453d36.qua'!
C:\System Volume Information\_restore{2C3A0226-114B-4DC3-AA89-E70FC006050E}\RP770\A0088459.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4f3a256e.qua'!
C:\System Volume Information\_restore{2C3A0226-114B-4DC3-AA89-E70FC006050E}\RP770\A0088460.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4f3b2df6.qua'!
C:\System Volume Information\_restore{2C3A0226-114B-4DC3-AA89-E70FC006050E}\RP770\A0088461.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4f38152e.qua'!
C:\System Volume Information\_restore{2C3A0226-114B-4DC3-AA89-E70FC006050E}\RP770\A0088462.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4f391d66.qua'!
C:\System Volume Information\_restore{2C3A0226-114B-4DC3-AA89-E70FC006050E}\RP770\A0088464.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4f3e055e.qua'!
C:\System Volume Information\_restore{2C3A0226-114B-4DC3-AA89-E70FC006050E}\RP770\A0088466.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4f3f0c96.qua'!
C:\System Volume Information\_restore{2C3A0226-114B-4DC3-AA89-E70FC006050E}\RP770\A0088467.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4f3c74ce.qua'!
C:\System Volume Information\_restore{2C3A0226-114B-4DC3-AA89-E70FC006050E}\RP770\A0088471.dll
[DETECTION] Is the TR/Stuh.JG Trojan
[NOTE] The file was moved to '4f3d7c06.qua'!
C:\System Volume Information\_restore{2C3A0226-114B-4DC3-AA89-E70FC006050E}\RP770\A0088475.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4f32647e.qua'!
C:\System Volume Information\_restore{2C3A0226-114B-4DC3-AA89-E70FC006050E}\RP770\A0088476.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4f336fb6.qua'!
C:\System Volume Information\_restore{2C3A0226-114B-4DC3-AA89-E70FC006050E}\RP770\A0088479.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49fab65e.qua'!
C:\System Volume Information\_restore{2C3A0226-114B-4DC3-AA89-E70FC006050E}\RP770\A0088481.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4f315f27.qua'!
C:\System Volume Information\_restore{2C3A0226-114B-4DC3-AA89-E70FC006050E}\RP770\A0088482.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4f36471f.qua'!
C:\System Volume Information\_restore{2C3A0226-114B-4DC3-AA89-E70FC006050E}\RP770\A0089487.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4f374f57.qua'!
C:\System Volume Information\_restore{2C3A0226-114B-4DC3-AA89-E70FC006050E}\RP771\A0089509.dll
[DETECTION] Is the TR/Stuh.JG Trojan
[NOTE] The file was moved to '4f35b68f.qua'!
C:\System Volume Information\_restore{2C3A0226-114B-4DC3-AA89-E70FC006050E}\RP771\A0089511.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4f2abec7.qua'!
C:\System Volume Information\_restore{2C3A0226-114B-4DC3-AA89-E70FC006050E}\RP771\A0089512.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4f2ba63f.qua'!
C:\WINDOWS\iloludosayeroxeh.dll
[DETECTION] Is the TR/Dldr.Agent.boak Trojan
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26004
[WARNING] The source file could not be found.
[NOTE] Attempting to perform action using the ARK library.
[WARNING] Error in ARK library
[NOTE] The file is scheduled for deleting after reboot.
C:\WINDOWS\LOOP.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4a19b695.qua'!
C:\WINDOWS\system32\bihorugi.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a32b6af.qua'!
C:\WINDOWS\system32\buloreke.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a36b6bb.qua'!
C:\WINDOWS\system32\fesisone.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a3db6ac.qua'!
C:\WINDOWS\system32\gejaneme.dll
[DETECTION] Is the TR/Stuh.JG Trojan
[NOTE] The file was moved to '4a34b6ac.qua'!
C:\WINDOWS\system32\gldx.exe
[DETECTION] Is the TR/Agent2.gbf Trojan
[NOTE] The file was moved to '4a2eb6b3.qua'!
C:\WINDOWS\system32\icv.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '4a40b6aa.qua'!
C:\WINDOWS\system32\KuzSmall.exe
[DETECTION] Is the TR/Dldr.Agent.bmhl Trojan
[NOTE] The file was moved to '4a44b6bc.qua'!
C:\WINDOWS\system32\kuzSniper.exe
[DETECTION] Is the TR/Dldr.Agent.boai Trojan
[NOTE] The file was moved to '4d81346d.qua'!
C:\WINDOWS\system32\lebobofu.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a2cb6ac.qua'!
C:\WINDOWS\system32\lujisosa.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a34b6bc.qua'!
C:\WINDOWS\system32\MPh.exe
[DETECTION] Is the TR/Spy.ZBot.tx.2 Trojan
[NOTE] The file was moved to '4a32b697.qua'!
C:\WINDOWS\system32\mschr.exe
[DETECTION] Is the TR/Agent.at.56 Trojan
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26004
[WARNING] The source file could not be found.
[NOTE] Attempting to perform action using the ARK library.
[WARNING] Error in ARK library
[NOTE] The file is scheduled for deleting after reboot.
C:\WINDOWS\system32\msrstart.exe
[DETECTION] Is the TR/Dldr.Elly.H Trojan
[NOTE] The file was moved to '4a3cb6c0.qua'!
C:\WINDOWS\system32\nDler.exe
[DETECTION] Is the TR/Dldr.VB.lav Trojan
[NOTE] The file was moved to '4a36b691.qua'!
C:\WINDOWS\system32\nxtepad.exe
[DETECTION] Is the TR/Dldr.Elly.H Trojan
[NOTE] The file was moved to '4a3eb6c5.qua'!
C:\WINDOWS\system32\pemivubu.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a37b6b2.qua'!
C:\WINDOWS\system32\ptch238120.exe
[DETECTION] Is the TR/Stuh.JG Trojan
[NOTE] The file was moved to '4a2db6c1.qua'!
C:\WINDOWS\system32\qspcuyeu.dll
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
[NOTE] The file was moved to '4a3ab6c0.qua'!
C:\WINDOWS\system32\rijavuza.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a34b6b6.qua'!
C:\WINDOWS\system32\tpiabd.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING] The file could not be deleted!
[NOTE] Attempting to perform action using the ARK library.
[NOTE] The file was moved to '4de2568e.qua'!
C:\WINDOWS\system32\u22899326.dll
[DETECTION] Is the TR/PSW.OnlineGames.bkvv.2 Trojan
[NOTE] The file was moved to '49fcb681.qua'!
C:\WINDOWS\system32\umtcdtw.sys
[DETECTION] Is the TR/Agent2.exd Trojan
[NOTE] The file was moved to '4a3eb6bc.qua'!
C:\WINDOWS\system32\zanasawe.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a38b6b0.qua'!
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\69AQ8XUI\chinappi2[1].exe
[DETECTION] Is the TR/PSW.OnlineGames.bkvv Trojan
[NOTE] The file was moved to '4a33b6b7.qua'!
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\69AQ8XUI\first179[1].exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4a3cb6b8.qua'!
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\69AQ8XUI\ldr[2].exe
[DETECTION] Is the TR/Agent.at.56 Trojan
[NOTE] The file was moved to '4a3cb6b3.qua'!
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7400STAO\lsp[1].exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4a3ab6c3.qua'!
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7400STAO\zango[1].exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4a38b6b1.qua'!
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\V73W95OW\bb021908[1].exe
[NOTE] The file was moved to '49fab6b2.qua'!
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\V73W95OW\zha[1].exe
[DETECTION] Is the TR/Agent.btpk.2 Trojan
[NOTE] The file was moved to '4a2bb6b8.qua'!
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\XKLQIX5P\chinappi[1].exe
[NOTE] The file was moved to '4a33b6b8.qua'!
E:\777.htm
[DETECTION] Is the TR/HTML.Starter.A Trojan
[NOTE] The file was moved to '4a01b688.qua'!
E:\vbsys2.dll
[DETECTION] Is the TR/Click.Agent.AC Trojan
[NOTE] The file was moved to '4a3db6b3.qua'!
E:\Documents and Settings\LocalService\Desktop\install.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '4a3db6bf.qua'!
E:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla\Firefox\Profiles\q44g1ijv.default\Cache\7C9E2C57d01
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '4a03b694.qua'!
E:\Documents and Settings\MC\Local Settings\Temp\arctic-loop.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '4a2db6c3.qua'!
E:\Documents and Settings\MC\Local Settings\Temp\nsl26F3.tmp
[NOTE] The file was moved to '4a36b6c4.qua'!
E:\Documents and Settings\MC\Local Settings\Temp\uvcwzwsj.exe
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to '4a2db6c7.qua'!
E:\Documents and Settings\MC\My Documents\DL's\S2k.7.1.plus\setup.exe
[DETECTION] Is the TR/Renaz.5120202 Trojan
[NOTE] The file was moved to '4a3eb6b6.qua'!
E:\Documents and Settings\MC\My Documents\DL's\Serials 2000 7.1 Plus\Add-on\UnSEU2.exe
[DETECTION] Is the TR/Agent.92640.A Trojan
[NOTE] The file was moved to '4a1db6c0.qua'!
E:\Program Files\FruityLoops 3.4\wotnrt32.dll
[DETECTION] Is the TR/Drop.Small.aad.3 Trojan
[NOTE] The file was moved to '4a3eb6c1.qua'!
E:\System Volume Information\_restore{DB0D3154-119F-4886-A04D-4EC493703AE0}\RP302\A0054871.exe
[DETECTION] Contains recognition pattern of the DR/Virtumonde.IF dropper
[NOTE] The file was moved to '49fab682.qua'!
E:\System Volume Information\_restore{DB0D3154-119F-4886-A04D-4EC493703AE0}\RP302\A0054872.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '4e1afba3.qua'!
E:\System Volume Information\_restore{DB0D3154-119F-4886-A04D-4EC493703AE0}\RP302\A0054875.exe
[DETECTION] Contains recognition pattern of the DR/Shelled.Gen dropper
[NOTE] The file was moved to '4e25f3db.qua'!
E:\WINDOWS\LOOP.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4a19b6a1.qua'!
E:\WINDOWS\system32\chkdisk.exe
[DETECTION] Is the TR/Agent.aff.6 Trojan
[NOTE] The file was moved to '4a35b6ba.qua'!
F:\Program Files(Audio)\Acid Pro 4.0 keygenerator.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4a33b6b5.qua'!
I:\Downloads\Daemon-Tools-Pro-Advanced-4.10.0218+patch\Patch\daemon.tools.pro.patch.exe
[DETECTION] Is the TR/Agent.620544.A Trojan
[NOTE] The file was moved to '4a2fb6b3.qua'!
I:\Downloads\Google.Earth.Pro.4.1.7087\Crack.exe
[DETECTION] Is the TR/Agent.bcz.9 Trojan
[NOTE] The file was moved to '4a2bb6c5.qua'!
I:\Music\Ice_Cube-Do_Ya_Thang-Promo_CDR-2008-ZzZz\01 - Ice Cube - Do Ya Thang (Clean).mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was moved to '49eab684.qua'!
I:\Music\Ice_Cube-Do_Ya_Thang-Promo_CDR-2008-ZzZz\02 - Ice Cube - Do Ya Thang (Dirty).mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was moved to '49eab685.qua'!
I:\Music\Ice_Cube-Do_Ya_Thang-Promo_CDR-2008-ZzZz\03 - Ice Cube - Do Ya Thang (Instrumental).mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was moved to '49eab687.qua'!
I:\Music\Kanye West Fast_Forward 2008\06-kanye_west-lollipop_(feat_lil_wayne)-cr.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was moved to '49f7b68e.qua'!


End of the scan: Wednesday, March 25, 2009 15:55
Used time: 1:52:25 Hour(s)

The scan has been done completely.

30115 Scanned directories
745985 Files were scanned
127 Viruses and/or unwanted programs were found
1 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
119 Files were moved to quarantine
0 Files were renamed
2 Files cannot be scanned
745855 Files not concerned
6614 Archives were scanned
13 Warnings
122 Notes

Attached Files



#6 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:12:30 PM

Posted 27 March 2009 - 01:43 PM

Hello ASR-10,

Well it's looking better now, but I definitely would advise you to change all passwords when we're done !

Please go to http://www.virustotal.com/en/virustotalf.html
Click on the 'Analysis' tab.
Copy next line and paste it in the Upload window :c:\windows\system32\winlogon.exe
Then click on 'Send File'.
Post the results into your next reply.

Do you have a Windows XP installation CD handy ?
We may need to replace an important system file.

What problems do you still have ?

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#7 ASR-10

ASR-10
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:30 AM

Posted 28 March 2009 - 02:09 AM

I'm not having any problems anymore really. Thanks you for that. yes, i do have a windows xp CD.

here's the report from virustotal:



File winlogon.exe received on 06.10.2008 23:30:11 (CET)
Current status: finished
Result: 0/32 (0.00%)
Compact Compact
Print results Print results
Antivirus Version Last Update Result
AhnLab-V3 2008.6.11.0 2008.06.10 -
AntiVir 7.8.0.55 2008.06.10 -
Authentium 5.1.0.4 2008.06.10 -
Avast 4.8.1195.0 2008.06.10 -
AVG 7.5.0.516 2008.06.10 -
BitDefender 7.2 2008.06.10 -
CAT-QuickHeal 9.50 2008.06.10 -
ClamAV 0.92.1 2008.06.10 -
DrWeb 4.44.0.09170 2008.06.10 -
eSafe 7.0.15.0 2008.06.10 -
eTrust-Vet 31.6.5862 2008.06.10 -
Ewido 4.0 2008.06.10 -
F-Prot 4.4.4.56 2008.06.10 -
F-Secure 6.70.13260.0 2008.06.10 -
Fortinet 3.14.0.0 2008.06.10 -
GData 2.0.7306.1023 2008.06.10 -
Ikarus T3.1.1.26.0 2008.06.10 -
Kaspersky 7.0.0.125 2008.06.10 -
McAfee 5314 2008.06.10 -
Microsoft 1.3604 2008.06.10 -
NOD32v2 3174 2008.06.10 -
Norman 5.80.02 2008.06.10 -
Panda 9.0.0.4 2008.06.10 -
Prevx1 V2 2008.06.10 -
Rising 20.48.12.00 2008.06.10 -
Sophos 4.30.0 2008.06.10 -
Sunbelt 3.0.1145.1 2008.06.05 -
Symantec 10 2008.06.10 -
TheHacker 6.2.92.341 2008.06.10 -
VBA32 3.12.6.7 2008.06.10 -
VirusBuster 4.3.26:9 2008.06.10 -
Webwasher-Gateway 6.6.2 2008.06.10 -
Additional information
File size: 502272 bytes
MD5...: 6e8ca4fcb30282f216f5db9dd58a5f81
SHA1..: bd2f21f30c7d66db88248bec5375b339b7efa987
SHA256: 5d715363db7f94c46d619cd72c547f8f8b67397d3df9bfcbadc440e6960668de
SHA512: ff857fee486b0c7e6aa962838949ccacda0fa341cd499c3152ff49efef05270b
60ff238a4682d421f9e9f5be25529d0c2484b494944bc8ce44fca2f54e5a2228
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x103d353
timedatestamp.....: 0x41107edc (Wed Aug 04 06:14:52 2004)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x6f288 0x6f400 6.82 d221db22a9ac855a59358c515e207c45
.data 0x71000 0x4d90 0x2000 6.21 662eceb591c7df2d6e365ae6b9b2da15
.rsrc 0x76000 0x9030 0x9200 3.62 b93cbbc049130e1bad3ea13d7512c074

( 20 imports )
> ADVAPI32.dll: ConvertStringSecurityDescriptorToSecurityDescriptorA, A_SHAInit, A_SHAUpdate, A_SHAFinal, LsaStorePrivateData, LsaRetrievePrivateData, LsaNtStatusToWinError, CryptGetUserKey, CryptGetKeyParam, CryptEncrypt, CryptSetProvParam, CryptSignHashW, CryptDeriveKey, CryptGetProvParam, RegOpenCurrentUser, RegDeleteKeyW, AddAccessAllowedAceEx, RegSetKeySecurity, I_ScSendTSMessage, MD5Init, MD5Update, MD5Final, SetFileSecurityA, AllocateLocallyUniqueId, LsaOpenPolicy, LsaQueryInformationPolicy, LsaFreeMemory, LsaClose, RegNotifyChangeKeyValue, QueryServiceConfigW, SetKernelObjectSecurity, ConvertStringSecurityDescriptorToSecurityDescriptorW, RegEnumKeyExW, GetCurrentHwProfileW, RegCloseKey, RegQueryValueExW, RegOpenKeyW, FreeSid, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, AddAccessAllowedAce, InitializeAcl, GetLengthSid, AllocateAndInitializeSid, RegOpenKeyExW, CreateProcessAsUserW, DuplicateTokenEx, CloseServiceHandle, ControlService, StartServiceW, QueryServiceStatus, OpenServiceW, OpenSCManagerW, EqualSid, GetTokenInformation, RegSetValueExW, RegCreateKeyExW, CryptGenRandom, CryptDestroyHash, CryptVerifySignatureW, CryptSetHashParam, CryptGetHashParam, CryptHashData, CryptCreateHash, CryptDecrypt, ReportEventW, RegisterEventSourceW, CryptImportKey, CryptAcquireContextW, CryptReleaseContext, CryptDestroyKey, RegEnumValueW, RegQueryInfoKeyW, RegDeleteValueW, CredFree, CredDeleteW, CredEnumerateW, CopySid, GetSidLengthRequired, GetSidSubAuthority, GetSidSubAuthorityCount, GetUserNameW, OpenThreadToken, EnumServicesStatusW, ImpersonateLoggedOnUser, RegQueryValueExA, CheckTokenMembership, DeregisterEventSource, LsaGetUserName, RevertToSelf, LookupAccountSidW, IsValidSid, SetTokenInformation, LogonUserW, LookupAccountNameW, OpenProcessToken, SynchronizeWindows31FilesAndWindowsNTRegistry, QueryWindows31FilesMigration, AdjustTokenPrivileges, RegQueryInfoKeyA
> AUTHZ.dll: AuthzInitializeResourceManager, AuthzAccessCheck, AuthziFreeAuditEventType, AuthziInitializeAuditEvent, AuthziInitializeAuditParams, AuthziInitializeAuditEventType, AuthziLogAuditEvent, AuthzFreeAuditEvent, AuthzFreeResourceManager, AuthzFreeHandle
> CRYPT32.dll: CryptImportPublicKeyInfo, CryptVerifyMessageSignature, CertCreateCertificateContext, CertSetCertificateContextProperty, CertVerifyCertificateChainPolicy, CryptSignMessage, CertCloseStore, CertComparePublicKeyInfo, CryptExportPublicKeyInfo, CertFindExtension, CryptDecryptMessage, CertGetCertificateContextProperty, CertAddCertificateContextToStore, CertOpenStore, CertVerifySubjectCertificateContext, CertGetIssuerCertificateFromStore, CertDuplicateCertificateContext, CertFreeCertificateContext, CertEnumCertificatesInStore, CryptImportPublicKeyInfoEx
> GDI32.dll: RemoveFontResourceW, AddFontResourceW
> KERNEL32.dll: WTSGetActiveConsoleSessionId, GetTimeFormatW, GetUserDefaultLCID, FileTimeToSystemTime, FileTimeToLocalFileTime, GetProcAddress, LoadLibraryW, GetModuleHandleW, SystemTimeToFileTime, GetSystemTime, SetLastError, TerminateProcess, GetCurrentProcess, CreateTimerQueueTimer, CreateThread, lstrcpynW, GetShortPathNameW, GetProfileStringW, FreeLibrary, ReleaseSemaphore, CreateSemaphoreW, GetSystemInfo, GetComputerNameW, GetEnvironmentVariableW, WaitForSingleObjectEx, LoadResource, FindResourceW, SetThreadExecutionState, DeleteTimerQueueTimer, ResetEvent, GetSystemDirectoryW, TransactNamedPipe, SetNamedPipeHandleState, GetTickCount, CreateFileW, GlobalGetAtomNameW, VirtualLock, VirtualQuery, GetDriveTypeW, Beep, OpenMutexW, QueueUserWorkItem, LeaveCriticalSection, EnterCriticalSection, DisconnectNamedPipe, SearchPathW, lstrcatW, LocalReAlloc, ExpandEnvironmentStringsW, TerminateThread, ResumeThread, GetDiskFreeSpaceExW, GlobalMemoryStatusEx, DeleteFileW, WriteProfileStringW, ReadFile, FindVolumeClose, FindNextVolumeW, FindFirstVolumeW, FormatMessageW, SetPriorityClass, MoveFileExW, WaitForMultipleObjectsEx, GetExitCodeProcess, SleepEx, InterlockedExchange, FindClose, FindFirstFileW, GetWindowsDirectoryW, SetTimerQueueTimer, GetComputerNameA, GetVersionExW, VerSetConditionMask, WriteFile, WaitNamedPipeW, WaitForMultipleObjects, ConnectNamedPipe, DuplicateHandle, OpenProcess, GetOverlappedResult, GetVersionExA, lstrcmpW, SetEnvironmentVariableW, UnregisterWait, CreateNamedPipeW, CreateRemoteThread, CreateActCtxW, GetModuleFileNameW, ExitProcess, LoadLibraryExW, SetErrorMode, SetUnhandledExceptionFilter, GetPrivateProfileStringW, LocalSize, VirtualAlloc, VirtualQueryEx, DebugBreak, CreateFileA, InitializeCriticalSection, ProcessIdToSessionId, SetInformationJobObject, AssignProcessToJobObject, TerminateJobObject, PostQueuedCompletionStatus, PulseEvent, GetQueuedCompletionStatus, CreateIoCompletionPort, CreateJobObjectW, ActivateActCtx, DeactivateActCtx, InterlockedCompareExchange, LoadLibraryA, QueryPerformanceCounter, GetSystemTimeAsFileTime, UnhandledExceptionFilter, GetModuleHandleA, GetStartupInfoA, GetCurrentProcessId, SetThreadPriority, GetCurrentThreadId, lstrcmpiW, GetProfileIntW, LoadLibraryExA, lstrcpyW, lstrlenW, Sleep, LocalAlloc, CreateEventW, GetExitCodeThread, SetThreadAffinityMask, GetProcessAffinityMask, CreateWaitableTimerW, CreateMutexW, OpenEventW, RegisterWaitForSingleObject, WaitForSingleObject, CreateProcessW, SetWaitableTimer, ReleaseMutex, SetEvent, UnregisterWaitEx, CloseHandle, lstrlenA, lstrcpyA, MultiByteToWideChar, GetACP, WideCharToMultiByte, HeapAlloc, GetProcessHeap, HeapFree, lstrcpynA, UnmapViewOfFile, MapViewOfFile, CreateFileMappingW, lstrcmpiA, GetFileSize, SetFilePointer, GlobalAlloc, GlobalFree, GetLastError, LocalFree, lstrcatA, lstrcmpA, GetLogicalDriveStringsA, GetDriveTypeA, GetVolumeInformationW, GlobalMemoryStatus, CreateMutexA, FindResourceExW, LockResource, SizeofResource, VerifyVersionInfoW, GetSystemDirectoryA, GetCurrentThread, DelayLoadFailureHook, BaseInitAppcompatCacheSupport, OpenProfileUserMapping, CloseProfileUserMapping, BaseCleanupAppcompatCacheSupport, InitializeCriticalSectionAndSpinCount, VirtualProtect, CreateEventA, TlsSetValue, DeleteCriticalSection, TlsGetValue, TlsAlloc, VirtualFree, TlsFree
> msvcrt.dll: _vsnwprintf, wcslen, wcsncpy, wcsstr, atoi, wcstok, memmove, wcschr, swprintf, swscanf, _local_unwind2, _wcslwr, wcscmp, _snwprintf, malloc, _c_exit, _exit, _XcptFilter, _cexit, exit, _acmdln, __getmainargs, _initterm, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __3@YAXPAX@Z, __2@YAPAXI@Z, __CxxFrameHandler, _itow, _snprintf, _wtol, _strnicmp, sscanf, wcstombs, sprintf, strchr, strncmp, atof, _ftol, isspace, __set_app_type, wcscpy, _controlfp, wcsncmp, _wcsupr, ceil, wcscat, _except_handler3, free, _wcsicmp
> NDdeApi.dll: -, -, -, -
> ntdll.dll: RtlAllocateHeap, NtPowerInformation, NtSetSystemPowerState, NtRaiseHardError, RtlDeleteCriticalSection, NtOpenSymbolicLinkObject, NtReplyPort, NtCompleteConnectPort, NtReplyWaitReceivePort, NtAcceptConnectPort, NtCreatePort, RtlConvertSidToUnicodeString, RtlFreeUnicodeString, NtLockProductActivationKeys, RtlTimeToTimeFields, NtUnmapViewOfSection, NtMapViewOfSection, NtOpenSection, NtQuerySymbolicLinkObject, NtQueryVolumeInformationFile, NtSetSecurityObject, RtlAdjustPrivilege, NtOpenFile, NtFsControlFile, RtlAllocateAndInitializeSid, RtlDestroyEnvironment, RtlFreeHeap, NtQueryInformationToken, NtShutdownSystem, RtlEnterCriticalSection, RtlLeaveCriticalSection, RtlInitializeCriticalSection, RtlCreateEnvironment, RtlQueryEnvironmentVariable_U, RtlSetEnvironmentVariable, RtlInitUnicodeString, NtOpenKey, NtQueryValueKey, RtlSubAuthoritySid, RtlInitializeSid, RtlLengthRequiredSid, NtAllocateLocallyUniqueId, RtlGetDaclSecurityDescriptor, RtlCopySid, RtlLengthSid, NtSetInformationThread, NtDuplicateToken, NtDuplicateObject, RtlEqualSid, RtlSetDaclSecurityDescriptor, NtClose, RtlOpenCurrentUser, RtlCreateSecurityDescriptor, RtlAddAce, RtlCreateAcl, RtlNtStatusToDosError, NtOpenDirectoryObject, NtQuerySystemInformation, NtCreateEvent, NtCreatePagingFile, RtlDosPathNameToNtPathName_U, RtlRegisterWait, NtSetValueKey, NtCreateKey, RtlTimeToSecondsSince1980, NtQuerySystemTime, NtPrivilegeObjectAuditAlarm, NtPrivilegeCheck, NtOpenThreadToken, NtOpenProcessToken, RtlUnhandledExceptionFilter, NtQueryInformationProcess, DbgBreakPoint, RtlCheckProcessParameters, RtlSetThreadIsCritical, RtlSetProcessIsCritical, RtlInitString, NtInitiatePowerAction, DbgPrint, NtFilterToken, NtQueryInformationJobObject, NtOpenEvent, RtlGetAce, RtlQueryInformationAcl, NtQuerySecurityObject, RtlCompareUnicodeString, NtSetInformationProcess
> PROFMAP.dll: InitializeProfileMappingApi, RemapAndMoveUserW
> PSAPI.DLL: EnumProcesses, EnumProcessModules, GetModuleBaseNameW
> REGAPI.dll: RegDefaultUserConfigQueryW, RegUserConfigQuery
> RPCRT4.dll: RpcServerRegisterIfEx, RpcServerUseProtseqEpW, RpcImpersonateClient, I_RpcMapWin32Status, RpcServerRegisterIf, RpcGetAuthorizationContextForClient, RpcFreeAuthorizationContext, RpcServerListen, RpcRevertToSelf, NdrServerCall2, UuidCreate
> Secur32.dll: GetUserNameExW, LsaLookupAuthenticationPackage, LsaRegisterLogonProcess, LsaCallAuthenticationPackage
> SETUPAPI.dll: SetupDiDestroyDeviceInfoList, SetupDiEnumDeviceInfo, SetupDiGetClassDevsW, SetupDiGetDeviceRegistryPropertyW
> USER32.dll: SetFocus, EnumWindows, CreateWindowStationW, RegisterLogonProcess, RecordShutdownReason, LoadLocalFonts, UnhookWindowsHook, SetWindowsHookW, GetWindowTextW, CallNextHookEx, DialogBoxParamW, GetWindowPlacement, GetSystemMenu, DeleteMenu, SetWindowPlacement, SetUserObjectInformationW, GetAsyncKeyState, PostThreadMessageW, SetUserObjectSecurity, CreateDesktopW, KillTimer, GetMessageTime, SetLogonNotifyWindow, UnlockWindowStation, SetTimer, ReplyMessage, UnregisterHotKey, RegisterHotKey, OpenInputDesktop, GetUserObjectInformationW, CloseDesktop, RegisterDeviceNotificationW, SetThreadDesktop, CreateWindowExW, GetMessageW, TranslateMessage, RegisterWindowMessageW, SetCursor, DefWindowProcW, FindWindowW, MessageBoxW, SendNotifyMessageW, PostQuitMessage, MsgWaitForMultipleObjects, GetWindowRect, GetSystemMetrics, PeekMessageW, DispatchMessageW, SetProcessWindowStation, UpdateWindow, ShowWindow, SetWindowPos, PostMessageW, ExitWindowsEx, EnumDisplayMonitors, SystemParametersInfoW, GetDlgItem, SendMessageW, CreateDialogParamW, DestroyWindow, GetWindowLongW, GetDlgItemTextW, EndDialog, SetWindowLongW, LoadStringW, SetWindowTextW, SetDlgItemTextW, wsprintfW, wsprintfA, LockWindowStation, MBToWCSEx, SetWindowStationUser, UpdatePerUserSystemParameters, DialogBoxIndirectParamW, wvsprintfW, SetLastErrorEx, LoadCursorW, CheckDlgButton, IsDlgButtonChecked, RegisterClassW, CloseWindowStation, LoadImageW, GetParent, GetKeyState, GetDesktopWindow, SetForegroundWindow, SwitchDesktop, OpenDesktopW
> USERENV.dll: WaitForUserPolicyForegroundProcessing, GetAllUsersProfileDirectoryW, -, -, -, -, WaitForMachinePolicyForegroundProcessing, -, -, -, UnloadUserProfile, LoadUserProfileW, GetUserProfileDirectoryW, RegisterGPNotification, CreateEnvironmentBlock, DestroyEnvironmentBlock, UnregisterGPNotification, -
> VERSION.dll: GetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW
> WINSTA.dll: WinStationRequestSessionsList, WinStationQueryLogonCredentialsW, WinStationIsHelpAssistantSession, WinStationAutoReconnect, _WinStationWaitForConnect, WinStationDisconnect, _WinStationCallback, WinStationNameFromLogonIdW, _WinStationFUSCanRemoteUserDisconnect, WinStationEnumerate_IndexedW, WinStationGetMachinePolicy, WinStationQueryInformationW, WinStationFreeMemory, WinStationReset, _WinStationNotifyDisconnectPipe, WinStationConnectW, WinStationSetInformationW, WinStationShutdownSystem, WinStationCheckLoopBack, _WinStationNotifyLogon, _WinStationNotifyLogoff
> WINTRUST.dll: CryptCATCatalogInfoFromContext, CryptCATAdminCalcHashFromFileHandle, CryptCATAdminAcquireContext, CryptCATAdminEnumCatalogFromHash, CryptCATAdminReleaseCatalogContext, WTHelperProvDataFromStateData, WinVerifyTrust, WTHelperGetProvSignerFromChain, CryptCATAdminReleaseContext
> WS2_32.dll: -, getaddrinfo, -

( 0 exports )




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users