Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Nasty Vundo trojan or variant


  • This topic is locked This topic is locked
8 replies to this topic

#1 Sharp070

Sharp070

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:06 AM

Posted 28 March 2009 - 02:56 PM

I've been infected with what seems like the vundo trojan for a few weeks now. I've tried everything I can to remove it, Combofix, Malware Bytes, Spybot S&D, Vundofix, Virtumundobegone, and many of these programs detect it and will remove, but on bootup it begins anew. I'm running XP 64, which means I cant ue spyware doctor which is said to remove vundo completely.

I'm ready to pull my hair out over this as it's become more than an annoyance. I have attached a HJT log as DDS will not work for some unknown reason (it says E:windows/system32/find.exe is not recognized as an internal or external command, program or batch file). I am hoping someone here can help me remove this vile trojan. Any help is appreciated.

Attached Files



BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:02:06 AM

Posted 06 April 2009 - 11:05 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Since you cannot DDS to run, please include a new run HJT log.
If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.



Thanks and again sorry for the delay.


Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K

Edited by KoanYorel, 06 April 2009 - 11:07 AM.

The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 Sharp070

Sharp070
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:06 AM

Posted 08 April 2009 - 04:29 PM

Hello, and thanks for the reply. The new HJT log is attached. as I said in the first post, I've tried every possible malware removal program I can to get rid of this; most of which detect and remove vundo, but it reappears on startup.

As far the problems I've noticed:

-New internet windows pop with various sites, many of which are for their so called virus removal programs.
-Pc performance has decreased
-Unable to use certain sites at times (hotmail)
-On PC startup it says certain dll's cannot be found (usually with very odd names)
-Windows auto update wont work

-Taskbar will occassionally become inactive...I can open the taskbar to show programs, settings, control panel, and search. but hovering the mouse over them or clicking on an option will not open the secondary window...prevents me from selecting shutdown as well (although task manager shut down works still)
I've also noticed on occassion that explorer.exe will stop responding (hasn't happened often however)

Certainly a lot of symptoms, heres hoping vundo is the least of my worries. :thumbup2:
Thanks in advance for any help, its greatly appreciated.

Attached Files

  • Attached File  HJT2.log   9.66KB   13 downloads


#4 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:09:06 AM

Posted 09 April 2009 - 05:15 AM

Hi there,


Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Please post contents of that file in your next reply.
  • Please download    OTViewIt     by    OldTimer     and save it to your Desktop.
  • Close all applications and windows.
  • Double-click on the    OTViewIt.exe    to start OTViewIt.
  • Place a checkmark in the blue-colored Scan All Users checkbox.
  • Click the blue Run Scan button.
  • OTViewIt will now start its scan.
  • When the scan is complete, two text files will be created,    OTViewIt.Txt     <- this one will be opened in Notepad and    Extras.txt     on Desktop.
  • Copy    (Ctrl+A then Ctrl+C)     and paste    (Ctrl+V)     the contents of    OTViewIt.Txt     and the Extras.txt to your post.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#5 Sharp070

Sharp070
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:06 AM

Posted 09 April 2009 - 02:07 PM

Here are the contents of the MBAM log:

______________________________________________________________________________________________________________________________________________

Malwarebytes' Anti-Malware 1.31
Database version: 1479
Windows 5.2.3790 Service Pack 2

4/9/2009 2:42:32 PM
mbam-log-2009-04-09 (14-42-32).txt

Scan type: Full Scan (C:\|E:\|F:\|G:\|)
Objects scanned: 267927
Time elapsed: 1 hour(s), 8 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 5
Registry Values Infected: 4
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
e:\WINDOWS\system32\govuyoni.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e09567b0-003b-4f0c-804e-6a17b85684ad} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e09567b0-003b-4f0c-804e-6a17b85684ad} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gurafotitu (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm0cbb06d6 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: e:\windows\system32\govuyoni.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\govuyoni.dll -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
e:\WINDOWS\system32\govuyoni.dll (Trojan.Vundo.H) -> Delete on reboot.
E:\WINDOWS\SysWOW64\pozarigo.dll (Trojan.BHO.H) -> Delete on reboot.
e:\WINDOWS\SysWOW64\govuyoni.dll (Trojan.BHO) -> Delete on reboot.




And here are the two OTView logs:
___________________________________________________________________________________________________________________________________________________-



OTViewIt logfile created on: 4/9/2009 2:44:56 PM - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = E:\Documents and Settings\Administrator\Desktop
Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.37 Gb Available Physical Memory | 68.79% Memory free
3.87 Gb Paging File | 3.37 Gb Available in Paging File | 87.09% Paging File free
Paging file location(s): G:\pagefile.sys 2046 4092;E:\pagefile.sys 2 2;

%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Program Files (x86)
Drive C: | 9.75 Gb Total Space | 2.81 Gb Free Space | 28.83% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
Drive E: | 18.26 Gb Total Space | 1.29 Gb Free Space | 7.05% Space Free | Partition Type: FAT32
Drive F: | 95.22 Gb Total Space | 46.67 Gb Free Space | 49.02% Space Free | Partition Type: FAT32
Drive G: | 94.51 Gb Total Space | 4.42 Gb Free Space | 4.68% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MY1337COMP
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 90 Days

========== Processes ==========

[2009/02/05 16:01:26 | 00,018,752 | ---- | M] (ALWIL Software) -- F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
[2009/02/05 16:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- F:\Program Files\Alwil Software\Avast4\ashServ.exe
[2006/02/28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- E:\Program Files (x86)\Bonjour\mDNSResponder.exe
[2009/02/03 17:32:14 | 18,085,888 | ---- | M] (Realtek Semiconductor Corp.) -- E:\WINDOWS\RTHDCPL.EXE
[2009/03/09 05:19:16 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- E:\Program Files (x86)\Java\jre6\bin\jqs.exe
[2005/03/24 14:00:00 | 00,015,360 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\SysWOW64\ctfmon.exe
[2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- E:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
[2008/09/10 10:00:38 | 00,454,656 | ---- | M] () -- F:\Program Files (x86)\MMTaskbar\MultiMon.exe
[2009/03/09 05:19:18 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- E:\Program Files (x86)\Java\jre6\bin\jusched.exe
[2009/02/05 16:08:46 | 00,081,000 | ---- | M] (ALWIL Software) -- F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
[2008/01/10 11:46:30 | 00,066,872 | ---- | M] () -- E:\WINDOWS\SysWOW64\PnkBstrA.exe
[2009/01/17 16:20:08 | 00,107,832 | ---- | M] () -- E:\WINDOWS\SysWOW64\PnkBstrB.exe
[2009/02/05 16:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
[2009/02/05 16:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- F:\Program Files\Alwil Software\Avast4\ashWebSv.exe
[2005/03/24 14:00:00 | 00,034,816 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\system32\rundll32.exe
[2009/04/09 12:14:30 | 00,422,912 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\Administrator\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2007/10/23 22:33:00 | 00,045,576 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2009/02/05 16:01:26 | 00,018,752 | ---- | M] (ALWIL Software) -- F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
[2009/02/05 16:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- F:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
[2009/02/05 16:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
[2009/02/05 16:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- F:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
[2006/02/28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- E:\Program Files (x86)\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2007/10/23 22:33:04 | 00,093,696 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64 [On_Demand | Stopped])
File not found -- -- (dmadmin [On_Demand | Stopped])
File not found -- -- (Eventlog [Auto | Running])
[2008/12/22 14:24:24 | 00,655,624 | ---- | M] (Acresso Software Inc.) -- E:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
[2008/12/22 14:24:40 | 01,038,088 | ---- | M] (Acresso Software Inc.) -- E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64 [On_Demand | Stopped])
[2007/10/09 15:06:28 | 00,036,864 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
File not found -- -- (HTTPFilter [On_Demand | Running])
[2007/02/17 19:05:52 | 00,014,848 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\SysWOW64\svchost.exe -- (IASJet [On_Demand | Stopped])
[2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- E:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2007/10/10 22:08:40 | 00,921,600 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2009/03/09 05:19:16 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- E:\Program Files (x86)\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2008/01/24 22:55:38 | 00,069,632 | ---- | M] (Macromedia) -- E:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service [On_Demand | Stopped])
[2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- E:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
[2007/02/17 19:05:42 | 00,430,592 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\System32\netlogon.dll -- (Netlogon [On_Demand | Stopped])
[2007/10/11 09:50:58 | 00,122,880 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
File not found -- -- (NtLmSsp [On_Demand | Stopped])
File not found -- -- (NVSvc [Auto | Running])
[2006/10/26 19:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- E:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
[2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- E:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
File not found -- -- (PlugPlay [Auto | Running])
[2008/01/10 11:46:30 | 00,066,872 | ---- | M] () -- E:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
[2009/01/17 16:20:08 | 00,107,832 | ---- | M] () -- E:\WINDOWS\system32\PnkBstrB.exe -- (PnkBstrB [Auto | Running])
File not found -- -- (PolicyAgent [Auto | Running])
File not found -- -- (ProtectedStorage [Auto | Running])
File not found -- -- (RDSessMgr [On_Demand | Stopped])
File not found -- -- (RichVideo [Disabled | Stopped])
File not found -- -- (SamSs [Auto | Running])
File not found -- -- (TabletServicePen [Auto | Running])
File not found -- -- (TlntSvr [Disabled | Stopped])
[2005/03/24 14:00:00 | 00,039,424 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [On_Demand | Stopped])
[2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- E:\Program Files (x86)\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
File not found -- -- (vds [On_Demand | Stopped])
File not found -- -- (WmiApSrv [On_Demand | Stopped])

========== Driver Services ==========

File not found -- -- (Aavmker4 [System | Running])
File not found -- -- (ACPI [Boot | Running])
[2007/12/21 10:46:22 | 00,000,000 | ---D | M] -- E:\WINDOWS\ADFS -- (adfs [Auto | Running])
File not found -- -- (AFD [System | Running])
File not found -- -- (ahci8086 [Boot | Running])
File not found -- -- (AmdK8 [System | Running])
File not found -- -- (AmdLLD64 [On_Demand | Running])
File not found -- -- (Arp1394 [On_Demand | Running])
[2006/10/18 13:12:46 | 00,013,632 | R--- | M] () -- E:\WINDOWS\SysWow64\drivers\AsIO.sys -- (AsIO [System | Running])
File not found -- -- (aswMon2 [Auto | Running])
File not found -- -- (aswRdr [On_Demand | Running])
File not found -- -- (aswSP [System | Running])
File not found -- -- (aswTdi [System | Running])
File not found -- -- (atapi [Boot | Running])
File not found -- -- (atksgt [Auto | Running])
File not found -- -- (audstub [On_Demand | Running])
File not found -- -- (Beep [System | Running])
File not found -- -- (CdaC15BA [Auto | Running])
File not found -- -- (CdaD10BA [Auto | Running])
File not found -- -- (Cdfs [Disabled | Running])
File not found -- -- (Cdrom [System | Running])
File not found -- -- (crcdisk [Boot | Running])
File not found -- -- (Disk [Boot | Running])
File not found -- -- (dmio [Boot | Running])
File not found -- -- (dmload [Boot | Running])
File not found -- -- (Fastfat [Disabled | Running])
File not found -- -- (Fdc [On_Demand | Running])
File not found -- -- (Fips [System | Running])
File not found -- -- (Flpydisk [On_Demand | Running])
File not found -- -- (Ftdisk [Boot | Running])
File not found -- -- (Gpc [On_Demand | Running])
File not found -- -- (hamachi [On_Demand | Running])
File not found -- -- (Hardlock [Auto | Running])
File not found -- -- (HDAudBus [On_Demand | Running])
File not found -- -- (HTTP [On_Demand | Running])
File not found -- -- (i8042prt [System | Running])
File not found -- -- (imapi [System | Running])
File not found -- -- (IntcAzAudAddService [On_Demand | Running])
File not found -- -- (IpNat [On_Demand | Running])
File not found -- -- (IPSec [System | Running])
File not found -- -- (isapnp [Boot | Running])
File not found -- -- (Kbdclass [System | Running])
File not found -- -- (kbdhid [System | Running])
File not found -- -- (kmixer [On_Demand | Running])
File not found -- -- (KSecDD [Boot | Running])
File not found -- -- (ksthunk [On_Demand | Running])
File not found -- -- (lirsgt [Auto | Running])
[2004/08/22 02:16:38 | 00,032,544 | ---- | M] (XB0 Group) -- E:\WINDOWS\System32\Drivers\lladrv.sys -- (lladrv [Auto | Stopped])
[2008/07/28 17:22:52 | 00,255,424 | ---- | M] (MagicISO, Inc.) -- E:\WINDOWS\system32\DRIVERS\mcdbus.sys -- (mcdbus [On_Demand | Running])
[2005/03/24 08:00:00 | 00,033,792 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\System32\mnmdd.dll -- (mnmdd [System | Running])
File not found -- -- (Mouclass [System | Running])
File not found -- -- (mouhid [On_Demand | Running])
File not found -- -- (MountMgr [Boot | Running])
File not found -- -- (MRxDAV [On_Demand | Running])
File not found -- -- (MRxSmb [System | Running])
File not found -- -- (Msfs [System | Running])
File not found -- -- (mssmbios [On_Demand | Running])
File not found -- -- (MTsensor [On_Demand | Running])
File not found -- -- (Mup [Boot | Running])
File not found -- -- (NDIS [Boot | Running])
File not found -- -- (NdisTapi [On_Demand | Running])
File not found -- -- (Ndisuio [On_Demand | Running])
File not found -- -- (NdisWan [On_Demand | Running])
File not found -- -- (NDProxy [On_Demand | Running])
File not found -- -- (NetBIOS [System | Running])
File not found -- -- (NetBT [System | Running])
File not found -- -- (NIC1394 [On_Demand | Running])
[2009/01/15 22:46:36 | 00,042,512 | ---- | M] (CACE Technologies) -- E:\WINDOWS\system32\drivers\npf.sys -- (NPF [On_Demand | Stopped])
File not found -- -- (Npfs [System | Running])
File not found -- -- (Ntfs [Disabled | Running])
File not found -- -- (Null [System | Running])
File not found -- -- (nv [On_Demand | Running])
File not found -- -- (ohci1394 [Boot | Running])
[2007/12/29 12:52:46 | 00,008,704 | ---- | M] () -- E:\WINDOWS\System32\Drivers\OSCI_DRVX64.sys -- (OSCI_DRVX64 [On_Demand | Stopped])
File not found -- -- (Parport [On_Demand | Running])
File not found -- -- (PartMgr [Boot | Running])
File not found -- -- (PCI [Boot | Running])
File not found -- -- (PCIIde [Boot | Running])
File not found -- -- (PptpMiniport [On_Demand | Running])
File not found -- -- (PSched [On_Demand | Running])
File not found -- -- (Ptilink [On_Demand | Running])
File not found -- -- (PxHlpa64 [Boot | Running])
File not found -- -- (RasAcd [System | Running])
File not found -- -- (Rasl2tp [On_Demand | Running])
File not found -- -- (RasPppoe [On_Demand | Running])
File not found -- -- (Raspti [On_Demand | Running])
File not found -- -- (Rdbss [System | Running])
File not found -- -- (RDPCDD [System | Running])
File not found -- -- (rdpdr [On_Demand | Running])
File not found -- -- (redbook [System | Running])
File not found -- -- (RTLE8023x64 [On_Demand | Running])
[2009/03/23 14:07:26 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- E:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Stopped])
[2009/03/23 14:07:28 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- E:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Stopped])
[2009/03/23 14:07:26 | 00,072,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- E:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL [System | Stopped])
File not found -- -- (SCDEmu [System | Running])
File not found -- -- (Secdrv [Auto | Running])
File not found -- -- (serenum [On_Demand | Running])
File not found -- -- (Serial [System | Running])
File not found -- -- (snapman [Boot | Running])
File not found -- -- (sptd [Boot | Running])
File not found -- -- (Srv [On_Demand | Running])
File not found -- -- (swenum [On_Demand | Running])
File not found -- -- (sysaudio [On_Demand | Running])
File not found -- -- (Tcpip [System | Running])
File not found -- -- (TermDD [System | Running])
File not found -- -- (Update [On_Demand | Running])
File not found -- -- (usbehci [On_Demand | Running])
File not found -- -- (usbhub [On_Demand | Running])
File not found -- -- (usbohci [On_Demand | Running])
File not found -- -- (VgaSave [System | Running])
File not found -- -- (wacommousefilter [On_Demand | Running])
File not found -- -- (wacomvhid [On_Demand | Running])
File not found -- -- (WacomVKHid [On_Demand | Running])
File not found -- -- (Wanarp [On_Demand | Running])
[2005/03/24 14:00:00 | 00,023,552 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\System32\wdmaud.drv -- (wdmaud [On_Demand | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Security Risk Page"=about:SecurityRisk
"Start Page"=about:blank

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=E:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Start Page"=http://google.com/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- E:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=http://www.google.com/

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=http://www.google.com/

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=http://www.google.com/

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=http://www.google.com/

[HKEY_USERS\S-1-5-21-1805620424-1882841073-116776393-500\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=E:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Start Page"=http://google.com/

[HKEY_USERS\S-1-5-21-1805620424-1882841073-116776393-500\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- E:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1805620424-1882841073-116776393-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (1089 bytes) - E:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
::1 localhost
82.98.231.89 browser-security.microsoft.com
82.98.231.89 best-click-scanner.info
82.98.231.89 antivirus-xp-pro-2009.com
82.98.231.89 microsoft.infosecuritycenter.com
82.98.231.89 microsoft.softwaresecurityhelp.com
82.98.231.89 onlinenotifyq.net
82.98.231.89 antivirusxp-pro-2009.com
82.98.231.89 microsoft.browser-security-center.com

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{a0d8f569-981a-4cb9-b4ab-0224c46c0de6} (HKLM) -- E:\WINDOWS\SysWow64\qghzas.dll (Lextek International)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- E:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{e09567b0-003b-4f0c-804e-6a17b85684ad} (HKLM) -- E:\WINDOWS\SysWow64\pozarigo.dll ()
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- E:\Program Files (x86)\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{01E04581-4EEE-11D0-BFE9-00AA005B4383}" (HKLM) -- E:\WINDOWS\SysWOW64\browseui.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{01E04581-4EEE-11D0-BFE9-00AA005B4383}" (HKLM) -- E:\WINDOWS\SysWOW64\browseui.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0E5CBF21-D15F-11D0-8301-00AA005B4383}" (HKLM) -- E:\WINDOWS\syswow64\SHELL32.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1805620424-1882841073-116776393-500\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{01E04581-4EEE-11D0-BFE9-00AA005B4383}" (HKLM) -- E:\WINDOWS\SysWOW64\browseui.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1805620424-1882841073-116776393-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{01E04581-4EEE-11D0-BFE9-00AA005B4383}" (HKLM) -- E:\WINDOWS\SysWOW64\browseui.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1805620424-1882841073-116776393-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0E5CBF21-D15F-11D0-8301-00AA005B4383}" (HKLM) -- E:\WINDOWS\syswow64\SHELL32.dll (Microsoft Corporation)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeCS4ServiceManager"="E:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin (Adobe Systems Incorporated)
"amd_dc_opt"=E:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
"avast!"=F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
"CPM0cbb06d6"=Rundll32.exe "e:\windows\system32\govuyoni.dll",a ()
"gurafotitu"=Rundll32.exe "E:\WINDOWS\system32\majubilu.dll",s File not found
"QuickTime Task"="E:\Program Files (x86)\QuickTime\qttask.exe" -atboottime (Apple Inc.)
"SpyHunter Security Suite"="E:\Program Files (x86)\Enigma Software Group\SpyHunter\SpyHunter3.exe" (Enigma Software Group USA, LLC.)
"StartCCC"="E:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" File not found
"SunJavaUpdateSched"="E:\Program Files (x86)\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
"WinampAgent"="E:\Program Files (x86)\Winamp\winampa.exe" ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
""= File not found
"AdobeBridge"= File not found
"DisplayFusion"="F:\Program Files (x86)\DisplayFusion\DisplayFusion.exe" (Binary Fortress Software)
"MsnMsgr"="E:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
"StartCCC"=E:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe File not found
"SUPERAntiSpyware"=E:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
"WindowBlinds"=E:\Program Files (x86)\Stardock\Object Desktop\WindowBlinds\WBInstall64.exe File not found

[HKEY_USERS\S-1-5-21-1805620424-1882841073-116776393-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
""= File not found
"AdobeBridge"= File not found
"DisplayFusion"="F:\Program Files (x86)\DisplayFusion\DisplayFusion.exe" (Binary Fortress Software)
"MsnMsgr"="E:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
"StartCCC"=E:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe File not found
"SUPERAntiSpyware"=E:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
"WindowBlinds"=E:\Program Files (x86)\Stardock\Object Desktop\WindowBlinds\WBInstall64.exe File not found

========== (O4) RunOnce Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware (reboot)"="F:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript (Malwarebytes Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"=rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (Microsoft Corporation)
"tscuninstall"=%systemroot%\system32\tscupgrd.exe File not found

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"=rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (Microsoft Corporation)
"tscuninstall"=%systemroot%\system32\tscupgrd.exe File not found

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"=rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (Microsoft Corporation)
"tscuninstall"=%systemroot%\system32\tscupgrd.exe File not found

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"=rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (Microsoft Corporation)
"tscuninstall"=%systemroot%\system32\tscupgrd.exe File not found

========== (O4) Startup Folders ==========

[2008/09/10 10:00:38 | 00,454,656 | ---- | M] () -- E:\Documents and Settings\All Users\Start Menu\Programs\Startup\MultiMon Taskbar.lnk = F:\Program Files (x86)\MMTaskbar\MultiMon.exe
[2008/07/28 17:28:12 | 00,575,488 | ---- | M] (MagicISO, Inc.) -- E:\Documents and Settings\Administrator\Start Menu\Programs\Startup\MagicDisc.lnk = E:\Program Files (x86)\MagicDisc\MagicDisc.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDesktopCleanupWizard"=1
"HideRunAsVerb"=1
"NoActiveDesktop"=1
"ForceActiveDesktopOn"=0
"NoActiveDesktopChanges"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"scforceoption"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoRecentDocsMenu"=1
"NoRecentDocsHistory"=1
"ClearRecentDocsOnExit"=1
"NoInstrumentation"=1
"NoStartMenuMFUprogramsList"=1
"NoSMHelp"=1
"NoFolderOptions"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableRegistryTools"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoRecentDocsMenu"=1
"NoRecentDocsHistory"=1
"ClearRecentDocsOnExit"=1
"NoInstrumentation"=1
"NoStartMenuMFUprogramsList"=1
"NoSMHelp"=1
"NoFolderOptions"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableRegistryTools"=0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoRecentDocsMenu"=1
"NoRecentDocsHistory"=1
"ClearRecentDocsOnExit"=1
"NoInstrumentation"=1
"NoStartMenuMFUprogramsList"=1
"NoSMHelp"=1
"NoFolderOptions"=0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableRegistryTools"=0

[HKEY_USERS\;S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoRecentDocsMenu"=1
"NoRecentDocsHistory"=1
"ClearRecentDocsOnExit"=1
"NoInstrumentation"=1
"NoStartMenuMFUprogramsList"=1
"NoSMHelp"=1

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoRecentDocsMenu"=1
"NoRecentDocsHistory"=1
"ClearRecentDocsOnExit"=1
"NoInstrumentation"=1
"NoStartMenuMFUprogramsList"=1
"NoSMHelp"=1

[HKEY_USERS\S-1-5-21-1805620424-1882841073-116776393-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoRecentDocsMenu"=1
"NoRecentDocsHistory"=1
"ClearRecentDocsOnExit"=1
"NoInstrumentation"=1
"NoStartMenuMFUprogramsList"=1
"NoSMHelp"=1
"NoFolderOptions"=0

[HKEY_USERS\S-1-5-21-1805620424-1882841073-116776393-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableRegistryTools"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: E:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE File not found

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: E:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE File not found

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1805620424-1882841073-116776393-500\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %SystemDrive%\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL [2003/07/14 22:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found

[HKEY_USERS\S-1-5-21-1805620424-1882841073-116776393-500\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
mininova.org\www: http in My Computer
mininova.org\www: https in Local intranet
1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-1805620424-1882841073-116776393-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
mininova.org\www: http in My Computer
mininova.org\www: https in Local intranet
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}: http://www.apple.com/qtactivex/qtplugin.cab -- QuickTime Object
{0CCA191D-13A6-4E29-B746-314DEE697D83}: http://upload.facebook.com/controls/2008.1...toUploader5.cab -- Facebook Photo Uploader 5 Control
{4871A87A-BFDD-4106-8153-FFDE2BAC2967}: http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab -- DLM Control
{4F1E5B1A-2A80-42CA-8532-2D05CB959537}: http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab -- MSN Photo Upload Tool
{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://update.microsoft.com/windowsupdate/...b?1198707635468 -- WUWebControl Class
{67DABFBF-D0AB-41FA-9C46-CC0F21721616}: http://download.divx.com/player/DivXBrowserPlugin.cab -- DivXBrowserPlugin Object
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_13
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_13
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_13
{D1E7CBDA-E60E-4970-A01C-37301EF7BF98}: http://gameadvisor.futuremark.com/global/msc3121.cab -- Measurement Services Client v.3.12
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab -- Shockwave Flash Object

========== (O17) DNS Name Servers ==========

{37FF7D79-4168-4D79-AF4A-686BCEA3CBED} (Servers: | Description: 1394 Net Adapter)
{838046B9-838B-4DDF-8385-1185ABFAFAD3} (Servers: | Description: )
{FEAFFDA0-424E-4F46-8140-B1670B87E07C} (Servers: | Description: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC)

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=qghzas.dll E:\WINDOWS\SysWow64\pozarigo.dll E:\WINDOWS\system32\lebiwega.dll e:\windows\system32\pejanuru.dll e:\windows\system32\towoyila.dll e:\windows\system32\govuyoni.dll
>[2009/03/26 15:27:02 | 00,129,536 | ---- | M] () -- E:\WINDOWS\system32\qghzas.dll
>[2009/03/26 15:26:28 | 00,058,368 | ---- | M] () -- E:\WINDOWS\SysWow64\pozarigo.dll
>[2009/03/26 15:26:28 | 00,058,368 | ---- | M] () -- E:\WINDOWS\system32\lebiwega.dll
>File not found -- e:\windows\system32\pejanuru.dll
>File not found -- e:\windows\system32\towoyila.dll
>File not found --
>[2009/04/09 10:57:38 | 00,096,768 | ---- | M] () -- e:\windows\system32\govuyoni.dll

========== (O20) HKLM Winlogon Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"=Explorer.exe
>[2007/02/17 19:05:28 | 01,053,184 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\system32\Explorer.exe

"System"=lsass.exe
>File not found --


========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
!SASWinLogon: "DllName" = E:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll -- E:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
AtiExtEvent: "DllName" = Reg Error: Value DLLName does not exist or could not be read. -- File not found
avgwlx64: "DllName" = Reg Error: Value DLLName does not exist or could not be read. -- File not found
ScCertProp: "DllName" = wlnotify.dll -- File not found
SensLogn: "DllName" = WlNotify.dll -- File not found
termsrv: "DllName" = Reg Error: Value DLLName does not exist or could not be read. -- File not found
WgaLogon: "DllName" = Reg Error: Value DLLName does not exist or could not be read. -- File not found
wlballoon: "DllName" = wlnotify.dll -- File not found

========== (O21) SSODL Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"CDBurn"={fbeb8a05-beee-4442-804e-409d6c4515e9} (HKLM) -- E:\WINDOWS\syswow64\SHELL32.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"={7849596a-48ea-486e-8937-a2a3009f31a9} (HKLM) -- E:\WINDOWS\syswow64\SHELL32.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"SSODL"={EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} (HKLM) -- e:\windows\SysWow64\govuyoni.dll (Adobe Systems Incorporated)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"SysTray"={35CEC8A3-2BE6-11D2-8773-92E220524153} (HKLM) -- E:\WINDOWS\SysWOW64\stobject.dll (Microsoft Corporation)

========== (O22) Shared Task Scheduler ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}" (HKLM) = Browseui preloader -- E:\WINDOWS\SysWOW64\browseui.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{8C7461EF-2B13-11d2-BE35-3078302C2030}" (HKLM) = Component Categories cache daemon -- E:\WINDOWS\SysWOW64\browseui.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}" (HKLM) = STS -- e:\windows\SysWow64\govuyoni.dll (Adobe Systems Incorporated)

========== IFEO "Debugger" Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\]
Your Image File Name Here without a path:"Debugger" = File not found

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" (HKLM) -- E:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{9449BBA0-5EA5-4B6B-BA8D-48EB1F98A408}" (HKLM) -- E:\WINDOWS\SysWow64\efcBqrqn.dll File not found

========== LSA *Authentication Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=msv1_0,E:\\WINDOWS\\system32\\geBqPGYr,
>File not found --

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2003/08/31 00:35:58 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ FAT32 ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dfd360e4-f57b-11dd-9740-001bfc1f8bbd}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dfd360e4-f57b-11dd-9740-001bfc1f8bbd}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dfd360e4-f57b-11dd-9740-001bfc1f8bbd}\Shell\AutoRun\command]
""=H:\LaunchU3.exe -- File not found

========== Files/Folders - Created Within 90 Days ==========

[4 E:\WINDOWS\System32\*.tmp files]
[4 E:\WINDOWS\*.tmp files]
[2009/04/09 12:14:29 | 00,422,912 | ---- | C] (OldTimer Tools) -- E:\Documents and Settings\Administrator\Desktop\OTViewIt.exe
[2009/04/09 10:57:39 | 00,002,713 | -HS- | C] () -- E:\WINDOWS\System32\tegiseme.exe
[2009/04/08 22:57:25 | 00,002,713 | -HS- | C] () -- E:\WINDOWS\System32\welimala.exe
[2009/04/08 19:29:24 | 00,054,156 | -H-- | C] () -- E:\WINDOWS\QTFont.qfn
[2009/04/08 19:29:24 | 00,001,409 | ---- | C] () -- E:\WINDOWS\QTFont.for
[2009/04/08 17:04:37 | 00,000,517 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\PowerISO.lnk
[2009/04/08 17:02:36 | 00,000,000 | ---D | C] -- E:\Documents and Settings\Administrator\Desktop\backup
[2009/04/08 10:57:47 | 00,002,713 | -HS- | C] () -- E:\WINDOWS\System32\darunuwe.exe
[2009/04/05 01:07:01 | 00,000,700 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/04/05 01:06:29 | 01,256,296 | ---- | C] (ALWIL Software) -- E:\WINDOWS\System32\aswBoot.exe
[2009/04/05 01:06:29 | 00,380,928 | ---- | C] () -- E:\WINDOWS\System32\actskin4.ocx
[2009/04/01 17:32:16 | 00,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/04/01 17:29:51 | 00,000,737 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/04/01 17:29:48 | 00,000,000 | ---D | C] -- E:\Program Files (x86)\SUPERAntiSpyware
[2009/04/01 17:29:45 | 00,000,000 | ---D | C] -- E:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
[2009/04/01 17:21:48 | 00,000,856 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\SpyHunter.lnk
[2009/04/01 17:21:40 | 00,000,000 | ---D | C] -- E:\Program Files (x86)\Enigma Software Group
[2009/03/28 17:19:22 | 00,402,537 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\volcano.jpg
[2009/03/28 15:52:16 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- E:\Documents and Settings\Administrator\Desktop\HJTInstall.exe
[2009/03/28 14:38:01 | 00,360,002 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\dds.scr
[2009/03/26 15:27:01 | 00,129,536 | ---- | C] () -- E:\WINDOWS\System32\qghzas.dll
[2009/03/26 15:26:17 | 00,058,368 | ---- | C] () -- E:\WINDOWS\System32\lebiwega.dll
[2009/03/25 16:57:37 | 00,001,517 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\CCleaner.lnk
[2009/03/25 16:57:34 | 00,000,000 | ---D | C] -- E:\Program Files (x86)\CCleaner
[2009/03/25 16:16:24 | 00,000,694 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\Revo Uninstaller.lnk
[2009/03/15 17:34:26 | 00,000,000 | ---D | C] -- E:\Documents and Settings\Administrator\Desktop\Skybox
[2009/03/14 15:00:31 | 00,006,144 | -HS- | C] () -- E:\WINDOWS\System32\nugogaza.dll
[2009/03/09 21:50:19 | 00,000,000 | ---D | C] -- E:\Documents and Settings\Administrator\Desktop\leaves
[2009/03/08 22:01:47 | 00,000,731 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\World of Goo.lnk
[2009/03/04 01:44:42 | 00,000,000 | ---D | C] -- E:\Documents and Settings\Administrator\My Documents\Penumbra Overture
[2009/03/03 22:27:42 | 00,409,600 | ---- | C] (Creative Labs) -- E:\WINDOWS\System32\wrap_oal.dll
[2009/03/03 22:27:42 | 00,114,688 | ---- | C] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- E:\WINDOWS\System32\OpenAL32.dll
[2009/03/01 21:12:51 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- E:\Documents and Settings\Administrator\Desktop\spybotsd162.exe
[2009/02/21 20:56:56 | 00,000,637 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\World In Conflict.lnk
[2009/02/21 20:33:08 | 00,000,000 | ---D | C] -- E:\Documents and Settings\Administrator\Local Settings\Application Data\World in Conflict
[2009/02/21 19:30:19 | 00,000,000 | ---D | C] -- E:\Documents and Settings\Administrator\My Documents\World in Conflict
[2009/02/21 19:29:36 | 00,011,168 | -H-- | C] () -- E:\WINDOWS\System32\nudurelo
[2009/02/19 21:29:25 | 00,000,597 | ---- | C] () -- E:\Documents and Settings\Administrator\Start Menu\Programs\Startup\MagicDisc.lnk
[2009/02/19 21:29:25 | 00,000,585 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\MagicDisc.lnk
[2009/02/19 21:29:16 | 00,255,424 | ---- | C] (MagicISO, Inc.) -- E:\WINDOWS\System32\drivers\mcdbus.sys
[2009/02/19 21:29:15 | 00,000,000 | ---D | C] -- E:\Program Files (x86)\MagicDisc
[2009/02/19 18:55:15 | 00,001,431 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\MagicISO.lnk
[2009/02/19 18:55:14 | 00,000,000 | ---D | C] -- E:\Program Files (x86)\MagicISO
[2009/02/19 18:34:00 | 00,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Documents\microsoft
[2009/02/19 18:26:43 | 00,000,000 | ---D | C] -- E:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2009/02/17 01:54:19 | 00,000,549 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\Duke Nukem - Manhattan Project.lnk
[2009/02/16 20:22:49 | 00,315,392 | ---- | C] (NCT Company Ltd.) -- E:\WINDOWS\System32\NCTAudioPlayer2.dll
[2009/02/16 20:22:49 | 00,307,200 | ---- | C] (NCT Company Ltd.) -- E:\WINDOWS\System32\NCTAudioRecord2.dll
[2009/02/16 20:22:48 | 01,703,936 | ---- | C] (NCT Company) -- E:\WINDOWS\System32\NCTAudioFile.dll
[2009/02/16 20:22:48 | 00,892,928 | ---- | C] (NCT Company Ltd.) -- E:\WINDOWS\System32\NCTAudioInformation.dll
[2009/02/16 20:22:48 | 00,647,168 | ---- | C] (NCT Company Ltd.) -- E:\WINDOWS\System32\NCTAudioLibrary.dll
[2009/02/16 20:22:48 | 00,335,872 | ---- | C] (NCT Company Ltd.) -- E:\WINDOWS\System32\NCTAudioVisualization2.dll
[2009/02/16 20:22:47 | 01,435,272 | ---- | C] (Macromedia, Inc.) -- E:\WINDOWS\System32\Flash8.ocx
[2009/02/16 20:22:46 | 00,647,872 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\MSCOMCT2.OCX
[2009/02/16 20:22:46 | 00,140,288 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\comdlg32.ocx
[2009/02/16 20:22:46 | 00,101,888 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\VB6STKIT.DLL
[2009/02/15 15:24:29 | 00,000,665 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\F.E.A.R. 2.lnk
[2009/02/15 14:56:52 | 00,000,517 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\Shortcut to PowerISO.exe.lnk
[2009/02/13 14:41:17 | 00,002,048 | -HS- | C] () -- E:\WINDOWS\System32\gibokiho.dll
[2009/02/13 14:41:17 | 00,002,048 | -HS- | C] () -- E:\WINDOWS\System32\dupefomu.dll
[2009/02/13 02:07:25 | 00,381,952 | ---- | C] (Realtek Semiconductor Crop.) -- E:\WINDOWS\vncutil64.exe
[2009/02/13 02:07:25 | 00,134,656 | ---- | C] (Realtek Semiconductor) -- E:\WINDOWS\RtkAudioService64.exe
[2009/02/12 21:47:45 | 00,000,000 | ---D | C] -- E:\Documents and Settings\Administrator\My Documents\WBGames
[2009/02/12 20:52:08 | 00,000,000 | ---D | C] -- E:\Documents and Settings\Administrator\Application Data\U3
[2009/02/11 21:40:06 | 00,000,795 | -HS- | C] () -- E:\Documents and Settings\All Users\Documents\zmtl02.rtf
[2009/02/11 21:40:03 | 00,000,004 | ---- | C] () -- E:\WINDOWS\System32\ulfconfig0103.ulf
[2009/02/11 21:36:21 | 00,001,611 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\ZBrush3.exe.lnk
[2009/02/11 21:35:20 | 00,000,000 | ---D | C] -- E:\WINDOWS\Downloaded Installations
[2009/02/09 01:53:00 | 00,000,757 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\Shortcut to Retail-Stranglehold.exe.lnk
[2009/02/09 00:10:07 | 00,000,769 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\Vampire The Masquerade - Bloodlines.lnk
[2009/02/08 22:41:17 | 00,000,298 | ---- | C] () -- E:\WINDOWS\vtmb.ini
[2009/02/08 21:25:47 | 00,000,000 | ---D | C] -- E:\Documents and Settings\Administrator\My Documents\Stranglehold
[2009/02/08 21:25:47 | 00,000,000 | ---D | C] -- E:\Documents and Settings\Administrator\Local Settings\Application Data\Midway
[2009/02/06 01:44:04 | 00,034,739 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\SmokePART.COPY
[2009/02/05 23:48:20 | 00,275,417 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\Untitled-3.jpg
[2009/02/05 18:56:24 | 00,009,555 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\head2.jpg
[2009/02/05 18:56:06 | 00,009,791 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\head1.jpg
[2009/02/04 20:49:03 | 00,008,770 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\bookshelf.jpg
[2009/02/03 12:35:19 | 00,013,312 | -HS- | C] () -- E:\WINDOWS\System32\nugamulo.dll
[2009/02/02 16:57:19 | 00,000,000 | ---D | C] -- E:\Documents and Settings\Administrator\My Documents\CyberLink
[2009/02/02 01:32:42 | 00,002,713 | -HS- | C] () -- E:\WINDOWS\System32\mohofahe.exe
[2009/02/01 07:30:53 | 00,002,713 | -HS- | C] () -- E:\WINDOWS\System32\tulubabe.exe
[2009/01/31 13:29:14 | 00,002,713 | -HS- | C] () -- E:\WINDOWS\System32\riduwize.exe
[2009/01/30 19:27:28 | 00,002,713 | -HS- | C] () -- E:\WINDOWS\System32\hovofizo.exe
[2009/01/30 01:25:52 | 00,002,713 | -HS- | C] () -- E:\WINDOWS\System32\roligudo.exe
[2009/01/29 19:56:19 | 00,046,050 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\zombie gary glow.jpg
[2009/01/29 07:24:18 | 00,002,713 | -HS- | C] () -- E:\WINDOWS\System32\visegobu.exe
[2009/01/29 02:26:04 | 00,000,857 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
[2009/01/28 15:21:02 | 00,000,000 | ---D | C] -- E:\Documents and Settings\Administrator\Local Settings\Application Data\Painkiller Overdose
[2009/01/28 02:54:05 | 00,000,000 | ---D | C] -- E:\VundoFix Backups
[2009/01/26 19:18:38 | 01,099,334 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\Mountainside.jpg
[2009/01/26 18:18:36 | 00,002,048 | -HS- | C] () -- E:\WINDOWS\System32\litiyuvu.dll
[2009/01/23 23:04:21 | 00,000,000 | ---D | C] -- E:\Program Files (x86)\AviSynth 2.5
[2009/01/23 19:43:45 | 00,000,022 | -HS- | C] () -- E:\Documents and Settings\All Users\Desktop\Desktop.ini
[2009/01/23 19:07:41 | 00,000,000 | ---D | C] -- E:\WINDOWS\System32\PlayLinc
[2009/01/23 19:07:41 | 00,000,000 | ---D | C] -- E:\Program Files (x86)\PlayLinc
[2009/01/22 20:54:52 | 00,008,415 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\MeinHead2.jpg
[2009/01/19 17:39:22 | 00,000,000 | ---D | C] -- E:\Documents and Settings\Administrator\My Documents\Activision
[2009/01/19 17:37:11 | 00,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\Activision
[2009/01/19 17:37:11 | 00,000,000 | ---D | C] -- E:\Documents and Settings\Administrator\Application Data\Activision
[2009/01/19 17:00:29 | 00,000,000 | ---D | C] -- E:\Documents and Settings\Administrator\Application Data\Crayon Physics Deluxe
[2009/01/19 17:00:17 | 00,000,678 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\Play Crayon Physics Deluxe.lnk
[2009/01/17 16:18:34 | 02,337,865 | ---- | C] () -- E:\WINDOWS\System32\pbsvc.exe
[2009/01/16 20:32:11 | 00,000,745 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\Rainbow Six Vegas 2.lnk
[2009/01/15 22:46:34 | 00,240,240 | ---- | C] (CACE Technologies) -- E:\WINDOWS\System32\wpcap.dll
[2009/01/15 22:46:34 | 00,088,704 | ---- | C] (CACE Technologies) -- E:\WINDOWS\System32\packet.dll
[2009/01/15 22:46:34 | 00,042,512 | ---- | C] (CACE Technologies) -- E:\WINDOWS\System32\drivers\npf.sys
[2009/01/15 22:34:45 | 00,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\Electronic Arts
[2009/01/15 22:19:20 | 00,000,000 | ---D | C] -- E:\Documents and Settings\Administrator\My Documents\EA Games
[2009/01/15 18:11:34 | 00,001,398 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\Autodesk Maya 2008 (64-bit).lnk
[2009/01/14 21:44:27 | 00,089,600 | ---- | C] () -- E:\Documents and Settings\Administrator\My Documents\Role Play and Reporting.doc
[2009/01/14 21:12:38 | 00,000,000 | ---D | C] -- E:\Program Files (x86)\Microsoft ActiveSync
[2009/01/12 17:08:55 | 00,000,611 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\Winamp.lnk
[2009/01/12 03:44:10 | 00,000,000 | ---D | C] -- E:\Documents and Settings\Administrator\Application Data\Winamp
[2009/01/11 19:14:33 | 00,000,000 | -HSD | C] -- E:\Config.Msi
[2009/01/11 03:06:27 | 00,000,000 | ---D | C] -- E:\Documents and Settings\Administrator\Application Data\Binary Fortress Software
[2009/01/11 03:03:23 | 00,000,557 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\DisplayFusion.lnk
[2009/01/11 03:02:51 | 00,000,456 | ---- | C] () -- E:\Documents and Settings\All Users\Start Menu\Programs\Startup\MultiMon Taskbar.lnk
[2009/01/11 03:02:51 | 00,000,456 | ---- | C] () -- E:\Documents and Settings\Administrator\Desktop\MultiMon Taskbar.lnk
[2009/01/10 02:54:16 | 00,327,680 | ---- | C] () -- E:\Documents and Settings\Administrator\My Documents\Happy Birthday Father.doc

========== Files - Modified Within 90 Days ==========

[4 E:\WINDOWS\System32\*.tmp files]
[4 E:\WINDOWS\*.tmp files]
[2009/04/09 14:44:44 | 00,011,168 | -H-- | M] () -- E:\WINDOWS\System32\nudurelo
[2009/04/09 12:14:30 | 00,422,912 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\Administrator\Desktop\OTViewIt.exe
[2009/04/09 10:57:40 | 00,002,713 | -HS- | M] () -- E:\WINDOWS\System32\tegiseme.exe
[2009/04/09 10:57:38 | 00,096,768 | ---- | M] () -- E:\WINDOWS\System32\govuyoni.dll
[2009/04/09 10:57:38 | 00,089,600 | -HS- | M] () -- E:\WINDOWS\System32\dukareyo.dll
[2009/04/09 03:40:46 | 00,002,048 | --S- | M] () -- E:\WINDOWS\bootstat.dat
[2009/04/08 22:57:26 | 00,002,713 | -HS- | M] () -- E:\WINDOWS\System32\welimala.exe
[2009/04/08 22:57:24 | 00,091,648 | -HS- | M] (Lextek International) -- E:\WINDOWS\System32\jutogaje.dll
[2009/04/08 19:29:26 | 00,054,156 | -H-- | M] () -- E:\WINDOWS\QTFont.qfn
[2009/04/08 19:29:26 | 00,001,409 | ---- | M] () -- E:\WINDOWS\QTFont.for
[2009/04/08 17:04:38 | 00,000,517 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\PowerISO.lnk
[2009/04/08 12:50:46 | 00,001,753 | ---- | M] () -- E:\WINDOWS\WININIT.INI
[2009/04/08 10:57:48 | 00,002,713 | -HS- | M] () -- E:\WINDOWS\System32\darunuwe.exe
[2009/04/08 10:57:30 | 00,090,624 | -HS- | M] (Lextek International) -- E:\WINDOWS\System32\jimaneno.dll
[2009/04/05 16:30:06 | 00,091,648 | -HS- | M] (Lextek International) -- E:\WINDOWS\System32\jayipesa.dll
[2009/04/05 04:29:54 | 00,090,112 | -HS- | M] (Simple Software Solutions, Inc.) -- E:\WINDOWS\System32\pulasiya.dll
[2009/04/05 01:07:02 | 00,000,700 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/04/05 01:06:52 | 00,000,051 | ---- | M] () -- E:\WINDOWS\System32\config.nt
[2009/04/03 13:24:54 | 00,000,069 | ---- | M] () -- E:\WINDOWS\NeroDigital.ini
[2009/04/01 17:29:52 | 00,000,737 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/04/01 17:21:50 | 00,000,856 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\SpyHunter.lnk
[2009/03/28 17:19:28 | 00,402,537 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\volcano.jpg
[2009/03/28 15:52:18 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- E:\Documents and Settings\Administrator\Desktop\HJTInstall.exe
[2009/03/28 15:41:38 | 00,360,002 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\dds.scr
[2009/03/26 15:27:02 | 00,129,536 | ---- | M] () -- E:\WINDOWS\System32\qghzas.dll
[2009/03/26 15:26:28 | 00,058,368 | ---- | M] () -- E:\WINDOWS\System32\lebiwega.dll
[2009/03/25 16:57:38 | 00,001,517 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\CCleaner.lnk
[2009/03/25 16:16:26 | 00,000,694 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\Revo Uninstaller.lnk
[2009/03/21 20:44:08 | 00,000,572 | ---- | M] () -- E:\Documents and Settings\Administrator\My Documents\spider.sav
[2009/03/20 00:51:56 | 00,001,755 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2009/03/14 21:03:58 | 00,004,100 | -H-- | M] () -- E:\WINDOWS\System32\bigelibe
[2009/03/14 15:49:16 | 00,006,144 | -HS- | M] () -- E:\WINDOWS\System32\nugogaza.dll
[2009/03/12 03:01:18 | 00,001,390 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\Windows Explorer.lnk
[2009/03/08 22:01:48 | 00,000,731 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\World of Goo.lnk
[2009/03/03 22:27:44 | 00,409,600 | ---- | M] (Creative Labs) -- E:\WINDOWS\System32\wrap_oal.dll
[2009/03/03 22:27:44 | 00,114,688 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- E:\WINDOWS\System32\OpenAL32.dll
[2009/03/01 21:13:26 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- E:\Documents and Settings\Administrator\Desktop\spybotsd162.exe
[2009/02/21 20:56:58 | 00,000,637 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\World In Conflict.lnk
[2009/02/19 21:29:26 | 00,000,597 | ---- | M] () -- E:\Documents and Settings\Administrator\Start Menu\Programs\Startup\MagicDisc.lnk
[2009/02/19 21:29:26 | 00,000,585 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\MagicDisc.lnk
[2009/02/19 18:55:16 | 00,001,431 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\MagicISO.lnk
[2009/02/17 01:54:20 | 00,000,549 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\Duke Nukem - Manhattan Project.lnk
[2009/02/15 15:24:30 | 00,000,665 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\F.E.A.R. 2.lnk
[2009/02/15 14:56:54 | 00,000,517 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\Shortcut to PowerISO.exe.lnk
[2009/02/13 14:41:18 | 00,002,048 | -HS- | M] () -- E:\WINDOWS\System32\gibokiho.dll
[2009/02/13 14:41:18 | 00,002,048 | -HS- | M] () -- E:\WINDOWS\System32\dupefomu.dll
[2009/02/11 21:40:04 | 00,000,004 | ---- | M] () -- E:\WINDOWS\System32\ulfconfig0103.ulf
[2009/02/11 21:36:22 | 00,001,611 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\ZBrush3.exe.lnk
[2009/02/09 01:53:02 | 00,000,757 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\Shortcut to Retail-Stranglehold.exe.lnk
[2009/02/09 00:10:08 | 00,000,769 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\Vampire The Masquerade - Bloodlines.lnk
[2009/02/08 22:41:18 | 00,000,298 | ---- | M] () -- E:\WINDOWS\vtmb.ini
[2009/02/08 20:54:46 | 00,000,022 | -HS- | M] () -- E:\Documents and Settings\All Users\Desktop\Desktop.ini
[2009/02/06 01:44:06 | 00,034,739 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\SmokePART.COPY
[2009/02/05 23:48:22 | 00,275,417 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\Untitled-3.jpg
[2009/02/05 18:56:26 | 00,009,555 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\head2.jpg
[2009/02/05 18:56:08 | 00,009,791 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\head1.jpg
[2009/02/05 16:11:36 | 01,256,296 | ---- | M] (ALWIL Software) -- E:\WINDOWS\System32\aswBoot.exe
[2009/02/04 20:49:06 | 00,008,770 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\bookshelf.jpg
[2009/02/04 11:11:32 | 00,013,312 | -HS- | M] () -- E:\WINDOWS\System32\nugamulo.dll
[2009/02/02 02:09:56 | 00,000,581 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\Steam.lnk
[2009/02/02 01:32:44 | 00,002,713 | -HS- | M] () -- E:\WINDOWS\System32\mohofahe.exe
[2009/02/01 07:30:54 | 00,002,713 | -HS- | M] () -- E:\WINDOWS\System32\tulubabe.exe
[2009/01/31 13:29:16 | 00,002,713 | -HS- | M] () -- E:\WINDOWS\System32\riduwize.exe
[2009/01/30 19:27:30 | 00,002,713 | -HS- | M] () -- E:\WINDOWS\System32\hovofizo.exe
[2009/01/30 01:25:54 | 00,002,713 | -HS- | M] () -- E:\WINDOWS\System32\roligudo.exe
[2009/01/29 19:56:22 | 00,046,050 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\zombie gary glow.jpg
[2009/01/29 07:24:20 | 00,002,713 | -HS- | M] () -- E:\WINDOWS\System32\visegobu.exe
[2009/01/29 02:26:06 | 00,000,857 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
[2009/01/28 02:45:38 | 00,096,978 | ---- | M] (Business Information Solutions) -- E:\Documents and Settings\Administrator\Desktop\VirtumundoBeGone.exe
[2009/01/27 20:04:24 | 00,002,048 | -HS- | M] () -- E:\WINDOWS\System32\litiyuvu.dll
[2009/01/26 19:18:42 | 01,099,334 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\Mountainside.jpg
[2009/01/23 21:08:52 | 00,001,589 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\UVLayout v2 Pro.lnk
[2009/01/23 21:08:52 | 00,001,097 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\My Music.lnk
[2009/01/22 20:54:54 | 00,008,415 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\MeinHead2.jpg
[2009/01/19 17:00:18 | 00,000,678 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\Play Crayon Physics Deluxe.lnk
[2009/01/17 16:20:08 | 00,107,832 | ---- | M] () -- E:\WINDOWS\System32\PnkBstrB.exe
[2009/01/17 16:18:36 | 02,337,865 | ---- | M] () -- E:\WINDOWS\System32\pbsvc.exe
[2009/01/16 20:32:12 | 00,000,745 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\Rainbow Six Vegas 2.lnk
[2009/01/15 22:46:36 | 00,240,240 | ---- | M] (CACE Technologies) -- E:\WINDOWS\System32\wpcap.dll
[2009/01/15 22:46:36 | 00,088,704 | ---- | M] (CACE Technologies) -- E:\WINDOWS\System32\packet.dll
[2009/01/15 22:46:36 | 00,042,512 | ---- | M] (CACE Technologies) -- E:\WINDOWS\System32\drivers\npf.sys
[2009/01/15 18:11:36 | 00,001,398 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\Autodesk Maya 2008 (64-bit).lnk
[2009/01/14 21:44:28 | 00,089,600 | ---- | M] () -- E:\Documents and Settings\Administrator\My Documents\Role Play and Reporting.doc
[2009/01/12 17:08:56 | 00,000,611 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\Winamp.lnk
[2009/01/12 01:43:22 | 00,036,688 | ---- | M] () -- E:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/01/11 03:14:34 | 00,000,456 | ---- | M] () -- E:\Documents and Settings\All Users\Start Menu\Programs\Startup\MultiMon Taskbar.lnk
[2009/01/11 03:14:34 | 00,000,456 | ---- | M] () -- E:\Documents and Settings\Administrator\Desktop\MultiMon Taskbar.lnk
[2009/01/11 03:03:24 | 00,000,557 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\DisplayFusion.lnk
[2009/01/10 02:54:18 | 00,327,680 | ---- | M] () -- E:\Documents and Settings\Administrator\My Documents\Happy Birthday Father.doc
< End of report >



And the Extras one as requested


OTViewIt Extras logfile created on: 4/9/2009 2:44:56 PM - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = E:\Documents and Settings\Administrator\Desktop
Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.37 Gb Available Physical Memory | 68.79% Memory free
3.87 Gb Paging File | 3.37 Gb Available in Paging File | 87.09% Paging File free
Paging file location(s): G:\pagefile.sys 2046 4092;E:\pagefile.sys 2 2;

%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Program Files (x86)
Drive C: | 9.75 Gb Total Space | 2.81 Gb Free Space | 28.83% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
Drive E: | 18.26 Gb Total Space | 1.29 Gb Free Space | 7.05% Space Free | Partition Type: FAT32
Drive F: | 95.22 Gb Total Space | 46.67 Gb Free Space | 49.02% Space Free | Partition Type: FAT32
Drive G: | 94.51 Gb Total Space | 4.42 Gb Free Space | 4.68% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MY1337COMP
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 90 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"UpdatesDisableNotify"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
File not found -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- E:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- E:\Program Files (x86)\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
File not found -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- G:\Program Files (x86)\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
File not found -- G:\Program Files (x86)\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
File not found -- E:\DRIVEF\PROGRAM FILES\DC++\DCPLUSPLUS.EXE:*:ENABLED:DC++
File not found -- E:\DRIVEF\PROGRAM FILES\AZUREUS\AZUREUS.EXE:*:ENABLED:AZUREUS
File not found -- F:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus
[2008/04/05 23:44:06 | 00,254,976 | ---- | M] (Azureus Inc) -- E:\Program Files (x86)\Azureus\Azureus.exe:*:Enabled:Azureus
File not found -- G:\Program Files\Steam\SteamApps\sharpshooter070@hotmail.com\counter-strike source\hl2.exe:*:Enabled:hl2
[2007/04/03 19:32:06 | 00,079,360 | ---- | M] (Opera Software) -- C:\Program Files\Opera\Opera.exe:*:Enabled:Opera Internet Browser
[2007/02/17 19:05:26 | 00,083,968 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\System32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test
[2005/03/24 14:00:00 | 00,034,816 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\System32\rundll32.exe:*:Enabled:Run a DLL as an App
File not found -- G:\Program Files\Steam\SteamApps\sharpshooter070@hotmail.com\half-life 2 deathmatch\hl2.exe:*:Enabled:hl2
File not found -- G:\Program Files (x86)\Sierra\FEAR\FPUpdate.exe:*:Enabled:FPUpdate
File not found -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Messenger
File not found -- G:\Program Files (x86)\Unreal Tournament 3\Binaries\UT3.exe:*:Enabled:Unreal Tournament 3
[2006/02/28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- E:\Program Files (x86)\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
File not found -- E:\Program Files (x86)\uTorrent\uTorrent.exe:*:Enabled:µTorrent
[2008/07/22 19:08:52 | 00,159,744 | ---- | M] (Nexon) -- E:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager
File not found -- G:\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core
File not found -- G:\Program Files (x86)\Sega\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:*:Enabled:GPGNet
[2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- E:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- E:\Program Files (x86)\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
[2007/11/30 03:13:04 | 00,096,256 | ---- | M] () -- F:\Program Files (x86)\VideoLAN\VLC\vlc.exe:*:Enabled:vlc
[2008/10/17 05:17:24 | 00,633,632 | ---- | M] (Microsoft Corporation) -- E:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE:*:Enabled:IEXPLORE
[2009/02/03 17:32:14 | 18,085,888 | ---- | M] (Realtek Semiconductor Corp.) -- E:\WINDOWS\RTHDCPL.EXE:*:Enabled:RTHDCPL
File not found -- E:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\sched.exe:*:Enabled:sched
[2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- E:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE:*:Enabled:MDM
[2008/10/19 13:48:06 | 01,410,296 | ---- | M] (Valve Corporation) -- G:\Program Files (x86)\Steam\Steam.exe:*:Enabled:Steam
File not found -- E:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe:*:Enabled:avgnt
[2008/08/14 07:58:34 | 00,611,712 | ---- | M] (Adobe Systems Incorporated) -- E:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4
File not found -- E:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avcenter.exe:*:Enabled:avcenter
[2008/10/11 03:53:42 | 05,424,392 | ---- | M] (Activision Blizzard, Inc.) -- G:\Program Files (x86)\Activision\Call of Duty - World at War\CoDWaWmp.exe:*:Enabled:Call of Duty® - World at War™
[2008/11/07 16:30:40 | 05,488,640 | ---- | M] (Activision Blizzard, Inc.) -- G:\Program Files (x86)\Activision\Call of Duty - World at War\CoDWaW.exe:*:Enabled:Call of Duty® - World at War™
File not found -- E:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avnotify.exe:*:Enabled:avnotify
File not found -- E:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe:*:Enabled:realsched
[2007/02/17 19:05:48 | 00,018,432 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\SysWOW64\runonce.exe:*:Enabled:runonce
[2009/03/09 05:19:16 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- E:\Program Files (x86)\Java\jre6\bin\jqs.exe:*:Enabled:jqs
File not found -- E:\Program Files (x86)\Crazybump\cb.exe:*:Enabled:crazybump
[2005/03/24 14:00:00 | 00,034,816 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\SysWOW64\rundll32.exe:*:Enabled:rundll32
[2008/08/13 11:16:34 | 09,879,128 | ---- | M] (CD Projekt Red) -- G:\Program Files (x86)\The Witcher\System\witcher.exe:*:Enabled:witcher
[2008/09/10 10:00:38 | 00,454,656 | ---- | M] () -- F:\Program Files (x86)\MMTaskbar\MultiMon.exe:*:Enabled:MultiMon
[2008/06/19 16:20:52 | 00,057,344 | ---- | M] (Realtek Semiconductor Corp.) -- E:\WINDOWS\ALCMTR.EXE:*:Enabled:ALCMTR
[2008/08/19 13:26:44 | 00,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- E:\WINDOWS\SOUNDMAN.EXE:*:Enabled:SOUNDMAN
[2008/01/10 11:46:30 | 00,066,872 | ---- | M] () -- E:\WINDOWS\SysWOW64\PnkBstrA.exe:*:Enabled:PnkBstrA
[2009/01/17 16:20:08 | 00,107,832 | ---- | M] () -- E:\WINDOWS\SysWOW64\PnkBstrB.exe:*:Enabled:PnkBstrB
[2009/01/17 00:26:36 | 28,983,296 | ---- | M] () -- G:\Program Files (x86)\Steam\SteamApps\common\rainbow six vegas 2\Binaries\R6Vegas2_Game.exe:*:Enabled:Rainbow Six Vegas 2
[2008/12/26 16:06:48 | 09,932,800 | ---- | M] () -- G:\Program Files (x86)\Steam\SteamApps\common\bioshock\Builds\Release\Bioshock.exe:*:Enabled:Bioshock
[2005/03/24 14:00:00 | 00,015,360 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\SysWOW64\ctfmon.exe:*:Enabled:ctfmon
[2008/08/03 18:02:20 | 00,036,352 | ---- | M] () -- E:\Program Files (x86)\Winamp\winampa.exe:*:Enabled:winampa
[2009/03/09 05:19:18 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- E:\Program Files (x86)\Java\jre6\bin\jusched.exe:*:Enabled:jusched
[2008/08/03 18:04:00 | 01,345,376 | ---- | M] (Nullsoft) -- E:\Program Files (x86)\Winamp\winamp.exe:*:Enabled:winamp
[2009/03/08 22:02:48 | 02,203,648 | ---- | M] () -- G:\Program Files (x86)\Steam\SteamApps\common\world of goo\WorldOfGoo.exe:*:Enabled:World of Goo
[2009/03/06 02:32:43 | 28,852,224 | ---- | M] () -- G:\Program Files (x86)\Steam\SteamApps\common\unreal tournament 3\Binaries\UT3.exe:*:Enabled:Unreal Tournament 3
[2006/05/16 21:15:10 | 00,071,288 | ---- | M] (Adobe Systems Incorporated) -- E:\Program Files (x86)\Adobe\Acrobat 7.0\Reader\AcroRd32.exe:*:Enabled:AcroRd32
[2008/07/28 17:28:12 | 00,575,488 | ---- | M] (MagicISO, Inc.) -- E:\Program Files (x86)\MagicDisc\MagicDisc.exe:*:Enabled:MagicDisc
[2009/03/07 01:20:28 | 00,098,304 | ---- | M] () -- G:\Program Files (x86)\Steam\SteamApps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead
[2008/02/25 02:54:26 | 00,357,376 | ---- | M] (Autodesk) -- F:\Program Files (x86)\bin\maya.exe:*:Enabled:Maya
[2009/02/05 16:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- F:\Program Files\Alwil Software\Avast4\ashServ.exe:*:Enabled:ashServ
[2009/02/05 16:08:46 | 00,081,000 | ---- | M] (ALWIL Software) -- F:\Program Files\Alwil Software\Avast4\ashDisp.exe:*:Enabled:ashDisp

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- E:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/02/17 19:05:42 | 01,563,136 | ---- | M] (Microsoft Corporation) E:\WINDOWS\SysWOW64\msvidctl.dll (dvd:{12D51199-0DB5-46FE-A120-47A3D7D937CC} (HKLM) [DVD: Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/17 05:17:24 | 01,160,192 | ---- | M] (Microsoft Corporation) E:\WINDOWS\SysWOW64\urlmon.dll (gopher:{79eac9e4-baf9-11ce-8c82-00aa004ba90b} (HKLM) [gopher: Asychronous Pluggable Protocol Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/02/17 19:05:32 | 00,137,216 | ---- | M] (Microsoft Corporation) E:\WINDOWS\SysWOW64\itss.dll (its:{9D148291-B9C8-11D0-A4CC-0000F80149F6} (HKLM) [Microsoft InfoTech Protocols for IE 4.0])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/10/18 11:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) E:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/07/03 14:14:54 | 00,694,784 | ---- | M] (Microsoft Corporation) E:\WINDOWS\SysWOW64\inetcomm.dll (mhtml:{05300401-BCBC-11d0-85E3-00C04FD85AB4} (HKLM) [MHTML Asychronous Pluggable Protocol Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2006/10/26 19:49:48 | 01,011,488 | ---- | M] (Microsoft Corporation) E:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2006/10/26 19:49:48 | 01,011,488 | ---- | M] (Microsoft Corporation) E:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/26 13:45:02 | 00,873,216 | ---- | M] (Microsoft Corporation) E:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/02/17 19:05:32 | 00,137,216 | ---- | M] (Microsoft Corporation) E:\WINDOWS\SysWOW64\itss.dll (ms-its:{9D148291-B9C8-11D0-A4CC-0000F80149F6} (HKLM) [Microsoft InfoTech Protocols for IE 4.0])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/10/18 11:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) E:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2003/08/04 13:19:34 | 07,330,360 | ---- | M] (Microsoft Corporation) E:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2003/08/01 15:09:04 | 08,086,072 | ---- | M] (Microsoft Corporation) E:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/12/13 02:05:28 | 03,593,216 | ---- | M] (Microsoft Corporation) E:\WINDOWS\SysWOW64\mshtml.dll (sysimage:{76E67A63-06E9-11D2-A840-006008059382} (HKLM) [Microsoft HTML Resource Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/02/17 19:05:42 | 01,563,136 | ---- | M] (Microsoft Corporation) E:\WINDOWS\SysWOW64\msvidctl.dll (tv:{CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} (HKLM) [TV: Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/03/24 14:00:00 | 00,074,240 | ---- | M] (Microsoft Corporation) E:\WINDOWS\SysWOW64\wiascr.dll (wia:{13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} (HKLM) [WiaProtocol Class])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2007/11/08 00:55:44 | 08,360,448 | ---- | M] (Microsoft Corporation) E:\WINDOWS\syswow64\SHELL32.dll text/webviewhtml:{733AC4CB-F1A4-11d0-B951-00A0C90312E1} (HKLM) [WebView MIME Filter]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2003/07/14 22:45:12 | 00,039,488 | ---- | M] (Microsoft Corporation) E:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}"=Adobe Photoshop CS3
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}"=Adobe Color NA Recommended Settings CS4
"{01386D1F-ADE7-43B4-A4E9-312FC5BC726F}_is1"=SWF Opener
"{0224CACC-994D-45F8-B973-D65056EA9C2F}"=Adobe XMP DVA Panels CS3
"{0327FA9D-975C-448C-A086-577D57BB25B8}"=Adobe Soundbooth CS3 Codecs
"{03CE1BCB-03F5-4C6A-B37E-69799AA3C544}"=SpyHunter
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}"=Adobe Update Manager CS4
"{078E59A5-668C-D895-1BFF-68AB834A95F3}"=Catalyst Control Center Graphics Full New
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}"=Adobe Bridge Start Meeting
"{08F8FD7C-44A5-4423-B87C-EBD3D94C9F87}"=Vampire - The Masquerade Bloodlines
"{098727E1-775A-4450-B573-3F441F1CA243}"=kuler
"{0B6E7EA9-D17E-A9BB-7CE0-A1C737EFB5EE}"=Catalyst Control Center Localization Swedish
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}"=Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}"=Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}"=Adobe CSI CS4
"{0FE9DBCE-AB97-90AC-DC4B-BB6C2EDAFF71}"=CCC Help Hungarian
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}"=Windows Installer Clean Up
"{155FD632-60F5-A777-538C-3194E889C1D0}"=Catalyst Control Center Localization Greek
"{1618734A-3957-4ADD-8199-F973763109A8}"=Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}"=AdobeColorCommonSetRGB
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}"=Adobe WinSoft Linguistics Plugin
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}"=Adobe After Effects CS3 Presets
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}"=Adobe AIR
"{1E44E5A6-4DCE-F13F-E00E-22076CE97FEA}"=CCC Help Turkish
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}"=DVD Suite
"{2158685C-E2B3-4026-B0A1-0FFE31837AFD}"=PlayLinc
"{2300EE96-0A41-4FAB-BD03-989EC44577A0}"=Acronis Disk Director Suite
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}"=Java™ 6 Update 13
"{26C70E22-6E6D-B28F-9039-5E2052C2A3BB}"=CCC Help Danish
"{28F42D42-11A2-4A29-99D7-FABC1F80AFA1}"=Unfold3D Magic Edition
"{29138741-C0FD-3812-EA30-3D4790DBF951}"=CCC Help Korean
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}"=Adobe Stock Photos CS3
"{2BFCBEDB-79F3-17C4-67B8-A0098E214F6A}"=Catalyst Control Center Graphics Full Existing
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}"=Adobe Flash Video Encoder
"{3248F0A8-6813-11D6-A77B-00B0D0160000}"=Java™ SE Runtime Environment 6
"{324B54DB-8576-73C9-7089-9373FFD85E18}"=CCC Help Chinese Traditional
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}"=PDF Settings CS4
"{38797561-17CD-94D2-F422-D83D5133B427}"=CCC Help Chinese Standard
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}"=Adobe XMP Panels CS4
"{3A6898A1-538B-562F-7339-8C5DA25B7254}"=Catalyst Control Center Localization Polish
"{3D190422-5A11-BB51-18B8-7C404DB0E46A}"=Catalyst Control Center Localization Chinese Standard
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}"=Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}"=Adobe WinSoft Linguistics Plugin
"{4063CCFF-AEB3-B34C-7D1A-4B32CE46E368}"=CCC Help German
"{41D38ED0-B916-667A-FDD2-965D04D128D5}"=CCC Help Spanish
"{43BFB9E2-169C-46A9-BB81-141A37FD9750}"=Adobe Shockwave Player
"{4458C442-7376-4CF9-AF58-E8CEA6722363}"=Adobe Setup
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}"=Adobe Service Manager Extension
"{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}"=Microsoft Games for Windows - LIVE
"{4FB3FCC4-AAB5-AED5-4412-B21DABE87025}"=Catalyst Control Center Localization Korean
"{4FDF7A38-81F4-55F3-1661-CC211DBC96A2}"=CCC Help English
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}"=Windows Live Messenger
"{52E1EC3F-B8E4-19B5-7EE6-A728B64A4310}"=CCC Help Swedish
"{54793AA1-5001-42F4-ABB6-C364617C6078}"=Adobe Linguistics CS3
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}"=Adobe Color EU Extra Settings CS4
"{55BD9B64-A9A8-44DF-E4AE-BDF60F5D4E90}"=CCC Help Thai
"{587178E7-B1DF-494E-9838-FA4DD36E873C}"=ASUSUpdate
"{5B014615-5EB8-EE17-4256-A7B1640819A3}"=CCC Help Italian
"{5B852893-9997-AE56-ED51-5F332938B543}"=Skins
"{6084D038-3401-4C9D-A216-86E6EEA25AFB}"=ZBrush3
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}"=Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}"=Adobe Photoshop CS4 Support
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}"=PowerDVD
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}"=AdobeColorCommonSetCMYK
"{68A35043-C55A-4237-88C9-37EE1C63ED71}"=Microsoft Visual J# 2.0 Redistributable Package
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}"=Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}"=Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}"=Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}"=AHV content for Acrobat and Flash
"{6D93BD2D-BA71-491A-926C-37FE1580CEE0}"=The Witcher Enhanced Edition - "Side Effects"
"{6E33F77B-952D-0FF5-87C4-7CDB66B0E8A1}"=Catalyst Control Center Localization Czech
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}"=Adobe Asset Services CS3
"{709A7F8D-E1DA-A26F-2C10-B91CDA616FD9}"=CCC Help Portuguese
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}"=Crysis WARHEAD®
"{789289CA-F73A-4A16-A331-54D498CE069F}"=Ventrilo Client
"{79DE041C-BCA2-EFBF-5BC1-B89CCC2893D2}"=CCC Help Polish
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}"=Adobe Help Viewer CS3
"{7BD95C90-3FAA-F55C-E9C2-2951F19474A2}"=Catalyst Control Center Localization Portuguese
"{80B4EB2E-F609-F443-E114-5D935412F085}"=CCC Help Greek
"{80EB1351-E642-33EA-0BF9-C681D616E270}"=CCC Help Czech
"{81B3EF66-BAC7-4C91-B856-3943C0196B4E}"=Duke Nukem - Manhattan Project - 1.0.1 Patch
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}"=Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}"=Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}"=Suite Shared Configuration CS4
"{854B9E99-4007-E575-8E8E-3EDFA5B64CA9}"=CCC Help Dutch
"{8718DC03-D066-4957-94E5-50C3C5042E8E}"=Adobe Creative Suite 3 Master Collection
"{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}"=Adobe Flash Player 9 Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"=Microsoft Silverlight
"{8B9336DB-8D04-4325-BAFC-C7141D8E6CA1}"=Duke Nukem - Manhattan Project
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}"=Adobe Device Central CS3
"{8D5C88CA-2B55-C174-5AC3-643A638C91C8}"=Catalyst Control Center Localization Italian
"{90110409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Professional Edition 2003
"{90120000-0010-0409-0000-0000000FF1CE}"=Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}"=Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}"=Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}"=Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}"=Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}"=Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}"=Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}"=Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}"=Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}"=Microsoft Office Proof (Spanish) 2007
"{90120000-0020-0409-0000-0000000FF1CE}"=Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}"=Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}"=Microsoft Office Shared MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}"=Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}"=Microsoft Office Access Setup Metadata MUI (English) 2007
"{90176341-0A8B-4CCC-A78D-F862228A6B95}"=Adobe Anchor Service CS3
"{90502AE6-C689-A70E-D03D-1AFB6C233EA0}"=Catalyst Control Center Localization Norwegian
"{91120000-0014-0000-0000-0000000FF1CE}"=Microsoft Office Professional 2007
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}"=Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}"=Adobe CMaps CS4
"{96639158-501C-D2C4-D25A-B6A86AA4B906}"=Catalyst Control Center Localization Danish
"{977AB934-E01A-DDEC-CF30-B686D5C0A248}"=Catalyst Control Center Localization French
"{982476DE-F2B9-00B0-36E3-DA06948EC1B4}"=Catalyst Control Center Localization Finnish
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}"=Adobe Bridge CS3
"{A1086DA0-903E-4DEA-A83F-6317923CC63D}"=headus UVLayout v2 Professional
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}"=Microsoft Visual C++ 2005 Redistributable
"{A4E913EC-8F82-14BB-F31F-0B983F540968}"=Catalyst Control Center Localization Spanish
"{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}"=Adobe Soundbooth CS3
"{A75BF1D0-C7C3-CB55-EE17-3225387FD154}"=ccc-core-static
"{AA39701D-F5EA-7EC9-D311-08AB84970CD8}"=Catalyst Control Center Localization German
"{AC76BA86-7AD7-1034-7B44-A70800000002}"=Adobe Reader 7.0.8 - Espańol
"{AD69F082-B9EE-29BE-14A9-6B453A0B644A}"=CCC Help Japanese
"{B29AD377-CC12-490A-A480-1452337C618D}"=Connect
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}"=Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}"=Adobe Photoshop CS4
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}"=Adobe SING CS3
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}"=Adobe BridgeTalk Plugin CS3
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}"=Apple Software Update
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}"=Adobe Output Module
"{BE5F3842-8309-4754-92D5-83E02E6077A3}"=Adobe Extension Manager CS3
"{C122B78E-8ACA-BDF3-D150-78B26C3C4B94}"=Catalyst Control Center Graphics Light
"{C1E28A5C-94A0-DE77-52FC-177C2930FC48}"=Catalyst Control Center Localization Hungarian
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}"=Adobe ExtendScript Toolkit 2
"{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}"=Vampire - The Masquerade Bloodlines
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}"=Adobe Default Language CS4
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}"=Adobe WAS CS3
"{C7DA7D9E-56A7-1E08-1B47-427AE3B0C254}"=Catalyst Control Center Core Implementation
"{C9BED750-1211-4480-B1A5-718A3BE15525}"=REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CBE269E6-CB57-7F2E-3A11-3FF3DE4C1B5D}"=CCC Help Norwegian
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}"=Photoshop Camera Raw
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}"=SUPERAntiSpyware Free Edition
"{CDF29D6C-AA05-49F9-A55A-89C2F8F4F46E}"=Quantum of Solace™
"{CFAF33CA-01A5-5FD7-70F4-0195A0FBFD8E}"=CCC Help French
"{D050D7362D214723AD585B541FFB6C11}"=DivX Content Uploader
"{D0CA80F4-880D-8929-A78D-54E2CC46565D}"=Catalyst Control Center Localization Dutch
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}"=Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}"=Adobe Setup
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}"=Adobe XMP Panels CS3
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}"=Call of Duty® - World at War™
"{DB40817E-C5E6-6818-47F2-0359EAE14271}"=Catalyst Control Center Localization Japanese
"{DC49E045-EB3F-9A88-7404-933FF86D9E2F}"=CCC Help Finnish
"{E0D51394-1D45-460A-B62D-383BC4F8B335}"=QuickTime
"{E0DB1A31-F468-8E22-B158-C7756F4DE68E}"=CCC Help Russian
"{E0FF82C1-E2DE-D6D3-A264-F9FBCFFE7D24}"=Catalyst Control Center Localization Russian
"{E4848436-0345-47E2-B648-8B522FCDA623}"=Adobe Photoshop CS4
"{E4D15328-8C89-484B-B9AA-F5BE9EA6D01C}"=NVIDIA PhysX v8.10.17
"{E65906BF-1BB5-0D31-A62C-54A56B687EF5}"=Catalyst Control Center Localization Thai
"{E69AE897-9E0B-485C-8552-7841F48D42D8}"=Adobe Update Manager CS3
"{E97C3316-8C49-2267-0976-C6A56C5DC2F8}"=Catalyst Control Center Localization Turkish
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}"=Adobe InDesign CS3 Icon Handler
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}"=Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}"=Realtek High Definition Audio Driver
"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}"=The Witcher
"{F17CE6DC-028C-C02E-3739-2C2802C08D7C}"=Catalyst Control Center Localization Chinese Traditional
"{F50BF3E1-99C8-4908-A2C7-B19B2C6FEA47}"=The Witcher Enhanced Edition - "The Price of Neutrality"
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}"=Adobe PDF Library Files CS4
"{FD052FB9-FE90-4438-B355-15EDC89D8FB1}"=Microsoft Games for Windows - LIVE Redistributable
"{FF3D660E-E5CC-47FD-8050-1B4DE3BA81A9}"=Dual-Core Optimizer
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}"=Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFC1ADE3-944B-4231-894E-3903C37271D2}"=Adobe Setup
"Acronis Disk Director Suite 10 build 2160"=Acronis Disk Director Suite 10 build 2160
"Adobe AIR"=Adobe AIR
"Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player Plugin
"Adobe_2ac78060bc5856b0c1cf873bb919b58"=Adobe Photoshop CS3
"Adobe_4dcfd9b7e901b57f81f667144603236"=Add or Remove Adobe Creative Suite 3 Master Collection
"Adobe_c3c7fe8b09d497ab2b3fd91c9353390"=Adobe Flash CS3 Professional
"Adobe_faf656ef605427ee2f42989c3ad31b8"=Adobe Photoshop CS4
"avast!"=avast! Antivirus
"AviSynth"=AviSynth 2.5
"B076073A-5527-4f4f-B46B-B10692277DA2_is1"=DisplayFusion 2.2.1
"CCleaner"=CCleaner (remove only)
"Crayon Physics Deluxe_is1"=Crayon Physics Deluxe - release 51
"Crysis WARHEAD®"=Crysis WARHEAD®
"Darwinia"=Darwinia
"DC++"=DC++ 0.707
"F.E.A.R. 2 - Project Origin_is1"=F.E.A.R. 2 - Project Origin v1.0 R-E
"GameSpotDownloadManager"=GameSpot Download Manager
"Hamachi"=Hamachi 1.0.2.5
"HijackThis"=HijackThis 2.0.2
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}"=Call of Duty® 4 - Modern Warfare™ 1.4 Patch
"InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}"=Call of Duty® 4 - Modern Warfare™ 1.5 Multiplayer Patch
"InstallShield_{8B9336DB-8D04-4325-BAFC-C7141D8E6CA1}"=Duke Nukem - Manhattan Project
"InstallShield_{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}"=Vampire - The Masquerade Bloodlines
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}"=Call of Duty® - World at War™
"Magic ISO Maker v5.5 (build 0261)"=Magic ISO Maker v5.5 (build 0261)
"MagicDisc 2.7.105"=MagicDisc 2.7.105
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Measurement Services Client"=Futuremark Measurement Services Client
"Microsoft Visual J# 2.0 Redistributable Package"=Microsoft Visual J# 2.0 Redistributable Package
"Mozilla Firefox (2.0.0.14)"=Mozilla Firefox (2.0.0.14)
"MultiMon TaskBar_is1"=MultiMon TaskBar PRO 3 (Trial)
"MultiRes (remove only)"=MultiRes (remove only)
"Natural Selection_is1"=Natural Selection 3.2
"Nero 7_is1"=Nero 7.5.9.0
"OpenAL"=OpenAL
"Pen Tablet Driver"=Pen Tablet
"PowerISO"=PowerISO
"PROR"=Microsoft Office Professional 2007
"PunkBusterSvc"=PunkBuster Services
"Revo Uninstaller"=Revo Uninstaller 1.80
"Soulseek"=SoulSeek Client 156c
"Spider Solitaire_is1"=Spider Solitaire
"Spybot - Search & Destroy_is1"=Spybot - Search & Destroy 1.5.2.20
"Steam App 13210"=Unreal Tournament 3
"Steam App 15120"=Rainbow Six Vegas 2
"Steam App 22000"=World of Goo
"Steam App 4000"=Garry's Mod
"Steam App 440"=Team Fortress 2
"Steam App 7670"=Bioshock
"VLC media player"=VideoLAN VLC media player 0.8.6d
"Xvid_is1"=Xvid 1.1.3 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1805620424-1882841073-116776393-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 4/9/2009 3:38:07 AM | Computer Name = MY1337COMP | Source = avast! | ID = 33554522
Description = AAVM - scanning error: Aavm: FetchGlobalCounters cannot open mapping
- server DOWN???, 00000002.

[ Application Events ]
Error - 2/8/2009 10:47:16 PM | Computer Name = MY1337COMP | Source = MsiInstaller | ID = 10005
Description = Product: Vampire - The Masquerade Bloodlines -- Vampire - The Masquerade
Bloodlines requires that your computer is running Windows 98 or Windows 98 SE or
Windows Me or Windows 2000 or Windows XP

Error - 2/13/2009 3:17:16 AM | Computer Name = MY1337COMP | Source = Windows Live Messenger | ID = 1000
Description =

Error - 2/28/2009 5:32:05 PM | Computer Name = MY1337COMP | Source = Windows Live Messenger | ID = 1000
Description =

Error - 3/2/2009 12:05:25 AM | Computer Name = MY1337COMP | Source = Winlogon | ID = 1015
Description =

Error - 3/12/2009 2:56:21 AM | Computer Name = MY1337COMP | Source = Spybot - Search & Destroy | ID = 0
Description =

Error - 3/14/2009 4:00:30 AM | Computer Name = MY1337COMP | Source = Windows Live Messenger | ID = 1000
Description =

Error - 3/15/2009 3:22:17 PM | Computer Name = MY1337COMP | Source = Windows Live Messenger | ID = 1000
Description =

Error - 3/25/2009 4:05:11 PM | Computer Name = MY1337COMP | Source = MsiInstaller | ID = 1013
Description = Product: Kaspersky Anti-Virus 2009 -- Microsoft Windows XP Service
Pack 2 or higher is required to install the application.

Error - 3/25/2009 4:06:01 PM | Computer Name = MY1337COMP | Source = MsiInstaller | ID = 1013
Description = Product: Kaspersky Internet Security 2009 -- Microsoft Windows XP
Service Pack 2 or higher is required to install the application.

Error - 3/25/2009 4:52:05 PM | Computer Name = MY1337COMP | Source = VSS | ID = 8211
Description =

[ OSession Events ]
Error - 3/19/2008 11:23:46 PM | Computer Name = MY1337COMP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 283 seconds with 60 seconds of active time. This session ended with a crash.

Error - 3/19/2008 11:29:59 PM | Computer Name = MY1337COMP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 310 seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 4/8/2009 12:51:10 PM | Computer Name = MY1337COMP | Source = Application Popup | ID = 1060
Description = \??\E:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.

Error - 4/8/2009 12:51:10 PM | Computer Name = MY1337COMP | Source = Application Popup | ID = 1060
Description = \??\E:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.

Error - 4/8/2009 12:51:13 PM | Computer Name = MY1337COMP | Source = Application Popup | ID = 1060
Description = \??\E:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS has been blocked
from loading due to incompatibility with this system. Please contact your software
vendor
for a compatible version of the driver.

Error - 4/8/2009 6:35:06 PM | Computer Name = MY1337COMP | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{FEAFFDA0-424E-4F46-8140-B1670B87E07C}
because another computer on the network has the same name. The server could not
start.

Error - 4/9/2009 3:40:57 AM | Computer Name = MY1337COMP | Source = Application Popup | ID = 1060
Description = \??\E:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.

Error - 4/9/2009 3:40:57 AM | Computer Name = MY1337COMP | Source = Application Popup | ID = 1060
Description = \??\E:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.

Error - 4/9/2009 3:41:19 AM | Computer Name = MY1337COMP | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\lladrv.sys has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 4/9/2009 3:42:23 AM | Computer Name = MY1337COMP | Source = Application Popup | ID = 1060
Description = \??\E:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.

Error - 4/9/2009 3:42:25 AM | Computer Name = MY1337COMP | Source = Application Popup | ID = 1060
Description = \??\E:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.

Error - 4/9/2009 3:42:32 AM | Computer Name = MY1337COMP | Source = Application Popup | ID = 1060
Description = \??\E:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS has been blocked
from loading due to incompatibility with this system. Please contact your software
vendor
for a compatible version of the driver.


< End of report >


Thats probably the longest forum post I've ever made :thumbup2:

Edited by Sharp070, 09 April 2009 - 02:12 PM.


#6 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:09:06 AM

Posted 10 April 2009 - 04:11 AM

Hi

I recommend you uninstall P2P file sharing programs installed there. Big part of infections are nowadays received from P2P networks. I wouldn't be surprised if you got yours that way too.

Start hjt, do a system scan, check:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: ::1 localhost
O1 - Hosts: 82.98.231.89 browser-security.microsoft.com
O1 - Hosts: 82.98.231.89 best-click-scanner.info
O1 - Hosts: 82.98.231.89 antivirus-xp-pro-2009.com
O1 - Hosts: 82.98.231.89 microsoft.infosecuritycenter.com
O1 - Hosts: 82.98.231.89 microsoft.softwaresecurityhelp.com
O1 - Hosts: 82.98.231.89 onlinenotifyq.net
O1 - Hosts: 82.98.231.89 antivirusxp-pro-2009.com
O1 - Hosts: 82.98.231.89 microsoft.browser-security-center.com


Close browsers and fix checked.


Re-run MBAM and post back its report.


We need to execute an OTMoveIt3 script
  • Please download OTMoveIt3 by OldTimer and save it to your desktop.
  • Double click theOTMoveIt3 icon on your desktop.
  • Paste the following code under the Paste Fix Here area. Do not include the word
    Code
    .
    :Files
    E:\WINDOWS\SysWow64\qghzas.dll
    E:\WINDOWS\SysWow64\pozarigo.dll
    e:\windows\system32\govuyoni.dll
    E:\WINDOWS\system32\lebiwega.dll
    E:\WINDOWS\System32\tegiseme.exe
    E:\WINDOWS\System32\welimala.exe
    E:\WINDOWS\System32\darunuwe.exe
    E:\WINDOWS\System32\nugogaza.dll
    E:\WINDOWS\System32\nudurelo
    E:\WINDOWS\System32\gibokiho.dll
    E:\WINDOWS\System32\dupefomu.dll
    E:\WINDOWS\System32\nugamulo.dll
    E:\WINDOWS\System32\mohofahe.exe
    E:\WINDOWS\System32\tulubabe.exe
    E:\WINDOWS\System32\riduwize.exe
    E:\WINDOWS\System32\hovofizo.exe
    E:\WINDOWS\System32\roligudo.exe
    E:\WINDOWS\System32\visegobu.exe
    E:\WINDOWS\System32\litiyuvu.dll
    E:\WINDOWS\System32\dukareyo.dll
    E:\WINDOWS\System32\jutogaje.dll
    E:\WINDOWS\System32\jimaneno.dll
    E:\WINDOWS\System32\jayipesa.dll
    E:\WINDOWS\System32\pulasiya.dll
    E:\WINDOWS\System32\bigelibe
    
    :reg
    [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a0d8f569-981a-4cb9-b4ab-0224c46c0de6}]
    [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e09567b0-003b-4f0c-804e-6a17b85684ad}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CPM0cbb06d6"=-
    "gurafotitu"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_Dlls"=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "SSODL"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{9449BBA0-5EA5-4B6B-BA8D-48EB1F98A408}"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "UpdatesDisableNotify"=-
  • Push the large MoveIt button.
  • OTMI3 may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Results line here in your next reply with fresh otviewit.txt contents.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#7 Sharp070

Sharp070
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:06 AM

Posted 10 April 2009 - 03:44 PM

Here's the new MBAM log

Malwarebytes' Anti-Malware 1.31
Database version: 1479
Windows 5.2.3790 Service Pack 2

4/10/2009 4:26:42 PM
mbam-log-2009-04-10 (16-26-42).txt

Scan type: Full Scan (C:\|E:\|F:\|G:\|)
Objects scanned: 264718
Time elapsed: 1 hour(s), 29 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 5
Registry Values Infected: 4
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
e:\WINDOWS\system32\popifimi.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e09567b0-003b-4f0c-804e-6a17b85684ad} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e09567b0-003b-4f0c-804e-6a17b85684ad} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gurafotitu (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm0cbb06d6 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: e:\windows\system32\popifimi.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\popifimi.dll -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
e:\WINDOWS\system32\popifimi.dll (Trojan.Vundo.H) -> Delete on reboot.
E:\WINDOWS\SysWOW64\pozarigo.dll (Trojan.BHO.H) -> Delete on reboot.
e:\WINDOWS\SysWOW64\popifimi.dll (Trojan.BHO) -> Delete on reboot.


and the OT moveit log

========== FILES ==========
File/Folder E:\WINDOWS\SysWow64\qghzas.dll not found.
File/Folder E:\WINDOWS\SysWow64\pozarigo.dll not found.
File/Folder e:\windows\system32\govuyoni.dll not found.
File/Folder E:\WINDOWS\system32\lebiwega.dll not found.
File/Folder E:\WINDOWS\System32\tegiseme.exe not found.
File/Folder E:\WINDOWS\System32\welimala.exe not found.
File/Folder E:\WINDOWS\System32\darunuwe.exe not found.
File/Folder E:\WINDOWS\System32\nugogaza.dll not found.
E:\WINDOWS\System32\nudurelo moved successfully.
File/Folder E:\WINDOWS\System32\gibokiho.dll not found.
File/Folder E:\WINDOWS\System32\dupefomu.dll not found.
File/Folder E:\WINDOWS\System32\nugamulo.dll not found.
File/Folder E:\WINDOWS\System32\mohofahe.exe not found.
File/Folder E:\WINDOWS\System32\tulubabe.exe not found.
File/Folder E:\WINDOWS\System32\riduwize.exe not found.
File/Folder E:\WINDOWS\System32\hovofizo.exe not found.
File/Folder E:\WINDOWS\System32\roligudo.exe not found.
File/Folder E:\WINDOWS\System32\visegobu.exe not found.
File/Folder E:\WINDOWS\System32\litiyuvu.dll not found.
File/Folder E:\WINDOWS\System32\dukareyo.dll not found.
File/Folder E:\WINDOWS\System32\jutogaje.dll not found.
DllUnregisterServer procedure not found in E:\WINDOWS\System32\jimaneno.dll
E:\WINDOWS\System32\jimaneno.dll NOT unregistered.
E:\WINDOWS\System32\jimaneno.dll moved successfully.
DllUnregisterServer procedure not found in E:\WINDOWS\System32\jayipesa.dll
E:\WINDOWS\System32\jayipesa.dll NOT unregistered.
E:\WINDOWS\System32\jayipesa.dll moved successfully.
DllUnregisterServer procedure not found in E:\WINDOWS\System32\pulasiya.dll
E:\WINDOWS\System32\pulasiya.dll NOT unregistered.
E:\WINDOWS\System32\pulasiya.dll moved successfully.
E:\WINDOWS\System32\bigelibe moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a0d8f569-981a-4cb9-b4ab-0224c46c0de6}\\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e09567b0-003b-4f0c-804e-6a17b85684ad}\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\CPM0cbb06d6 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\gurafotitu deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_Dlls"|"" /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\SSODL deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{9449BBA0-5EA5-4B6B-BA8D-48EB1F98A408} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9449BBA0-5EA5-4B6B-BA8D-48EB1F98A408}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\"Authentication Packages"|hex(7):6d,73,76,31,5f,30,00,00 /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify not found.

OTMoveIt3 by OldTimer - Version 1.0.10.0 log created on 04102009_164042

#8 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:09:06 AM

Posted 10 April 2009 - 05:39 PM

Hi

Did you reboot the system after MBAM run to finish the cleaning? Please do, if you didn't yet. Also, I need to see fresh OTViewIt.txt report that I requested in previous post.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#9 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:09:06 AM

Posted 17 April 2009 - 05:31 PM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact a Staff member. Include the address of this thread in your request. This applies only to the original topic starter. Should you have a new issue, please start a New Topic.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users